60
Chapter 5
NOTE
You can perform a
search
or
use
at any time within an exploit to switch to a different
exploit or module.
Now, with the prompt reflecting our chosen module, we can enter
show
options
to display the options specific to the MS08-067 exploit:
msf exploit(ms08_067_netapi) >
show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Exploit target:
Id Name
-- ----
0 Automatic Targeting
msf exploit(ms08_067_netapi) >
This contextual approach to accessing options keeps the interface simpler
and allows you to focus only on the options that matter at the moment.
msf> show payloads
Recall from Chapter 2 that payloads are platform-specific portions of code
delivered to a target. As with
show options
, when you run
show payloads
from a
module-specific prompt, Metasploit displays only the payloads that are com-
patible with that module. In the case of Microsoft Windows–based exploits,
these payloads may be as simple as a command prompt on the target or as
complex as a full graphical interface on the target machine. To see an active
list of payloads, run the following command:
msf>
show payloads
This would show you all payloads available in Metasploit; however, if you
are in an actual exploit, you will see only payloads applicable to the attack.
For example, running
show payloads
from the
msf exploit(ms08_067_netapi)
prompt would result in the output shown next.
In the previous example we searched for the MS08-067 module. Now
let’s find out the payloads for that module by entering
show payloads
. Notice
in the example that only Windows-based payloads are shown. Metasploit
will generally identify the type of payloads that can be used with a particu-
lar attack.