Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Meterpreter bind tcp payload

From: HD Moore <hdm () metasploit com>
Date: Tue, 30 Aug 2011 10:39:55 -0500
On 8/30/2011 5:34 AM, Eric wrote:

On Tue, Aug 30, 2011 at 2:37 AM, HD Moore <hdm () metasploit com> wrote:

On 8/29/2011 6:07 AM, Eric wrote:

Hello all,

Could be a noob question, but how a system which gets exploited
successfully and having meterpreter/bind_tcp as its payload, is
supposed to be connected to a server running multi/handler. Or is the
multi/handler which has to connect to the exploited system, if so,
how?


The exploit starts the payload handler, which automatically connects to
the bind listener. If you create a bind_tcp executable you would need to
use a multi/handler - the same way as you normally do reverse_tcp,
except you would need to specify the RHOST.


Oh. But, isn't that very much similar with reverse_tcp?


Thats what I meant by being the same way as reverse_tcp. The handler for
meterpreter does the staging (the EXE doesn't contain meterpreter, only
the stager code), and Metasploit handles the meterpreter protocol.


Imagine a scenario, where I don't have a static IP address and I have
distributed bind_tcp executables.


Its leaving backdoors all over the network (the stager listener). You
still have to use Metasploit as the client side in order to speak
Meterpreter.

-HD

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: