Beta Book
PARTS:
Part 6
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Part 23
Part 24
Part 25
SEARCH
0-9
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Prev
|
Current Page 199
|
Next
Shon Harris, Allen Harper, Chris Eagle, and Jonathan Ness
"Gray Hat Hacking, Second Edition"
168.1.220
As you can see, the syntax to set an option is
set
Metasploit is often particular about the case of the option name and option, so it is
best to use uppercase if the option is listed in uppercase. With the exploit module set, we
next need to set the payload and the target type. The payload is the action that happens
after the vulnerability is exploited. It??™s like choosing what you want to happen as a result
of exploiting the vulnerability. For this first example, let??™s use a payload that simply
opens a command shell listening on a TCP port.
msf exploit(ms06_025_rras) > show payloads
Compatible payloads
===================
...
windows/shell_bind_tcp Windows Command Shell, Bind TCP Inline
windows/shell_bind_tcp_xpfw Windows Disable Windows ICF, Command
Shell, Bind TCP Inline
windows/shell_reverse_tcp Windows Command Shell, Reverse TCP
Inline
...
Here we see three payloads, each of which can be used to load an inline command
shell. The use of the word ???inline??? here means the command shell is set up in one
roundtrip. The alternative is ???staged??? payloads, which fit into a smaller buffer but
require an additional network roundtrip to set up. Due to the nature of some vulnerabilities,
buffer space in the exploit is at a premium and a staged exploit is a better option.
Pages:
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
The Art of Agile Development (page 2)
Absalom's Hair (page 85)
Absolute Surrender and Other Addresses (page 1)