search

reflect-bothTargets and Payloads

hashtag
What Are Targets?

In Metasploit, a target defines the specific configurations or versions of an operating system, application, or service that a module is designed to exploit.

Key Points:

  • Some modules automatically detect targets using Automatic mode.

  • Others require manual specification of the target index for successful exploitation.

hashtag
Managing Targets

  1. Listing Available Targets:

    • Use the show targets command within a module to list supported targets:

      msf6 exploit(module_name) > show targets

      Example Output:

      Id  Name
0   Automatic
1   Windows XP SP3
2   Windows Server 2003

  2. Selecting a Target:

    • Manually specify a target by its index:

      msf6 exploit(module_name) > set target <index>

  3. Best Practices for Target Selection:

    • Use Automatic targeting (set target 0) when unsure of the system version.

    • Manually set the target index if you know the exact configuration for better reliability.

    • Cross-check system details using reconnaissance tools before selecting a target.

hashtag
What Are Payloads?

Payloads are the code delivered to the target system once an exploit succeeds. They define the actions to be performed on the compromised system, such as opening a shell or maintaining persistent access.

hashtag
Types of Payloads

  1. Singles:

    • Self-contained payloads that perform a specific task without further dependencies.

    • Example: windows/shell_bind_tcp – Opens a shell bound to a TCP port.

  2. Stagers:

    • Establish a connection (e.g., reverse or bind shell) and prepare the target for larger, staged payloads.

    • Example: windows/meterpreter/reverse_tcp.

  3. Stages:

    • Provide advanced functionalities, downloaded by stagers after the initial connection is established.

    • Example: meterpreter – A powerful post-exploitation toolkit.

hashtag
Staged vs. Non-Staged Payloads

Type
Characteristics
Example

Staged

Split into smaller parts for stealth.

windows/meterpreter/reverse_tcp

Non-Staged

Single, larger payload for simplicity.

windows/meterpreter_reverse_tcp

hashtag
Popular Payload Types

  1. Meterpreter:

    • A memory-resident payload with advanced post-exploitation features.

    • Example:

  2. Generic Shells:

    • Provides basic shell access to the target.

    • Example:

  3. Advanced Payloads:

    • Payloads that include specialized functionalities, such as VNC or PowerShell.

    • Examples:

      • windows/vncinject/reverse_tcp – Provides remote desktop access.

      • windows/x64/powershell_reverse_tcp – Executes a reverse shell via PowerShell.

hashtag
Configuring Payloads

  1. Setting the Payload:

    • Select a payload compatible with the exploit:

    • Example:

  2. Configuring Payload Options:

    • Use the show options command to view configurable parameters for the payload:

    • Example Parameters:

      • LHOST: Local host (attacker's IP).

      • LPORT: Listening port for the payload.

      • RHOSTS: Target host(s) IP address.

  3. Setting Options:

  4. Persistent Options:

    • Use setg to globally configure parameters across multiple modules:

hashtag
Example: Exploiting MS17-010 with Payloads

  1. Select the Exploit:

  2. Set the Payload:

  3. Configure Options:

  4. Execute the Exploit:

  5. Post-Exploitation:

    • After a successful session, interact with the Meterpreter shell:

hashtag
Command Cheatsheet

Command
Description

show targets

Lists supported targets for the module.

set target <index>

Manually sets the target index.

show payloads

Lists compatible payloads for the exploit.

set payload <payload_name>

Assigns a payload to the exploit.

show options

Displays configurable parameters.

set <option> <value>

Configures a parameter for the payload.

setg <option> <value>

Sets a global parameter for all modules.

PreviousWorking with Metasploit ModulesNextEncoders & Msfvenom: Advanced Exploitation Techniques