Targets and Payloads

What Are Targets?

In Metasploit, a target defines the specific configurations or versions of an operating system, application, or service that a module is designed to exploit.

Key Points:

• Some modules automatically detect targets using Automatic mode.

• Others require manual specification of the target index for successful exploitation.

Managing Targets

1. Listing Available Targets:

   • Use the show targets command within a module to list supported targets:

     Copy

     msf6 exploit(module_name) > show targets

     Example Output:

     Copy

     Id  Name
     0   Automatic
     1   Windows XP SP3
     2   Windows Server 2003

2. Selecting a Target:

   • Manually specify a target by its index:

     Copy

     msf6 exploit(module_name) > set target <index>

3. Best Practices for Target Selection:

   • Use Automatic targeting (set target 0) when unsure of the system version.

   • Manually set the target index if you know the exact configuration for better reliability.

   • Cross-check system details using reconnaissance tools before selecting a target.

What Are Payloads?

Payloads are the code delivered to the target system once an exploit succeeds. They define the actions to be performed on the compromised system, such as opening a shell or maintaining persistent access.

Types of Payloads

1. Singles:

   • Self-contained payloads that perform a specific task without further dependencies.

   • Example: windows/shell_bind_tcp – Opens a shell bound to a TCP port.

2. Stagers:

   • Establish a connection (e.g., reverse or bind shell) and prepare the target for larger, staged payloads.

   • Example: windows/meterpreter/reverse_tcp.

3. Stages:

   • Provide advanced functionalities, downloaded by stagers after the initial connection is established.

   • Example: meterpreter – A powerful post-exploitation toolkit.

Staged vs. Non-Staged Payloads

Popular Payload Types

1. Meterpreter:

   • A memory-resident payload with advanced post-exploitation features.

   • Example:

2. Generic Shells:

   • Provides basic shell access to the target.

   • Example:

3. Advanced Payloads:

   • Payloads that include specialized functionalities, such as VNC or PowerShell.

   • Examples:

     • windows/vncinject/reverse_tcp – Provides remote desktop access.

     • windows/x64/powershell_reverse_tcp – Executes a reverse shell via PowerShell.

Configuring Payloads

1. Setting the Payload:

   • Select a payload compatible with the exploit:

   • Example:

2. Configuring Payload Options:

   • Use the show options command to view configurable parameters for the payload:

   • Example Parameters:

     • LHOST: Local host (attacker's IP).

     • LPORT: Listening port for the payload.

     • RHOSTS: Target host(s) IP address.

3. Setting Options:

4. Persistent Options:

   • Use setg to globally configure parameters across multiple modules:

Example: Exploiting MS17-010 with Payloads

1. Select the Exploit:

2. Set the Payload:

3. Configure Options:

4. Execute the Exploit:

5. Post-Exploitation:

   • After a successful session, interact with the Meterpreter shell:

Command Cheatsheet