The Joy of Exploitation
63
info
When the short description of a module provided by the
show
and
search
com-
mands isn’t sufficient, use the
info
command followed by the module name
to display all the information, options, and targets available for that module:
msf exploit(ms08_067_netapi) >
info
set and unset
All the options for a given Metasploit module must be either set or unset,
especially if they are marked as
required
or
yes
. When you enter
show options
,
you will see information that specifies whether a field is required. Use the
set
command to set an option (turn it on); use
unset
to turn a setting off. The
next listing shows the
set
and
unset
commands in use.
NOTE
Notice that the variables are referenced using uppercase characters. This isn’t required,
but it is considered good practice.
msf exploit(ms08_067_netapi) >
set RHOST 192.168.1.155
RHOST => 192.168.1.155
msf exploit(ms08_067_netapi) >
set TARGET 3
TARGET => 3
msf exploit(ms08_067_netapi) >
show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.1.155 yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Exploit target:
Id Name
-- ----
3 Windows XP SP2 English (NX)
msf exploit(ms08_067_netapi) > unset RHOST
Unsetting RHOST...
At we set the target IP address (
RHOST
) to
192.168.1.155
(our target
machine). At we
set
the target to
3
, the “Windows XP SP2 English (NX)”
that we listed with
show targets
in “msf> show targets” on page 62. Running
show options
at confirms that our settings have been populated, as shown in
the
Module options
output.