0

Does the metasploit module: exploit/multi/handler

  • sends payloads to stagers?
  • Or does it just listens for an incoming connection like a netcat listener?
  • Or does it do both, as needed?
0x5929
  • 335
  • 4
  • 13

1 Answers1

1

It depends. The exploit/multi/handler is more of a stub for whatever payload handler you need to run. So whichever payload you select (with set payload ...) is responsible for doing whatever it needs, just like if you were running it from a regular exploit module.

So yes, from a multi-handler, any of the following could happen:

  • A simple socket listener/connection, like netcat (for plain shell payloads)

  • A handler for stager payloads that uploads Meterpreter (for meterpreter/* payloads)

  • A handler for single-stage (stageless?) Meterpreter (for meterpreter_* payloads)

multithr3at3d
  • 12,355
  • 3
  • 29
  • 42