Hacking Windows XP with msfvenom


msfvenom is a program which generates shellcodes to penetrate any machines. At this note I will show you how you can penetrate into  windows XP with shellcodes which are produced by msfvenom.

Before msfvenom  ; msfpayload and msfencode programs were used. But now msfpayload and msfencode are obsolete and they are not supported . Therefore we should use msfvenom.

At the examples I will use two machines ; one of it is Kali  and the other machine is Windows XP. I will produce shellcodes at Kali machine and I will send it to Windows XP machine ( you can use any social enginnering methods ). But at the example simple I will move it with ftp or any other means. Because the aim of the note is to show you all penetration process. An important note is during  the penetration client-side antivirus program should be disabled . There are many ways to bypass antivirus programs but this not the scope of this note.

First ; look at the options of the msfvenom program.


As you can see tehere many options at msfvenom program.

Now create shellcode with a simplest  method.


If you look at the command line you will see some parameters. The most important parameter is the LHOST parameter. This parameter show the IP address of Kali machines. When someone else starts this program at Windows XP machine; this shellcode will try to connect to Kali machine ( ). But before the shellcode connects to Kali machine , we should start a listener program which waits for connetions from shellcodes. We will start a listener with metasploit framework ( msfconsole )

Now our shell code is ready ; and you can send it any computer with social engineering. Imagine that we send it with email and the e-mail reader will start it by anymeans.

Now we will start a listener to penetrate into Windows XP machine by msfconsole. First start msfconsole


msfconsole is a centralized console for metasploits.

set up our listener in msfconsole and wait for a back connection. And then use reverse_tcp payload to start listener.


Now the listener is waiting for shellcode to penetrate into Windows XP machine ( in which our shellcode stays)

Now start the x.exe at Windows XP by double-clicking it.


Go back to Kali and you will see back-connection is established and meterpeter is started. Now we are connected to Windows XP machine.


Afterwords we are in Windows XP machine and we can successfully control the remote penetrated machine.

After penetrating you are in post-exploitation phase and I will deeply show this phase in a different note.


Anıl Akduygu







Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s