Metasploit mailing list archives
Re: Meterpreter bind tcp payload
From: HD Moore <hdm () metasploit com>
Date: Tue, 30 Aug 2011 10:39:55 -0500
On 8/30/2011 5:34 AM, Eric wrote:
On Tue, Aug 30, 2011 at 2:37 AM, HD Moore <hdm () metasploit com> wrote:On 8/29/2011 6:07 AM, Eric wrote:Hello all, Could be a noob question, but how a system which gets exploited successfully and having meterpreter/bind_tcp as its payload, is supposed to be connected to a server running multi/handler. Or is the multi/handler which has to connect to the exploited system, if so, how?The exploit starts the payload handler, which automatically connects to the bind listener. If you create a bind_tcp executable you would need to use a multi/handler - the same way as you normally do reverse_tcp, except you would need to specify the RHOST.Oh. But, isn't that very much similar with reverse_tcp?
Thats what I meant by being the same way as reverse_tcp. The handler for meterpreter does the staging (the EXE doesn't contain meterpreter, only the stager code), and Metasploit handles the meterpreter protocol.
Imagine a scenario, where I don't have a static IP address and I have distributed bind_tcp executables.
Its leaving backdoors all over the network (the stager listener). You still have to use Metasploit as the client side in order to speak Meterpreter. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Meterpreter bind tcp payload Eric (Aug 29)
- Re: Meterpreter bind tcp payload HD Moore (Aug 29)
- Re: Meterpreter bind tcp payload Eric (Aug 30)
- Re: Meterpreter bind tcp payload HD Moore (Aug 30)
- Re: Meterpreter bind tcp payload egypt (Aug 30)
- Re: Meterpreter bind tcp payload Eric (Aug 30)
- Re: Meterpreter bind tcp payload HD Moore (Aug 29)