Does the metasploit module: exploit/multi/handler
- sends payloads to stagers?
- Or does it just listens for an incoming connection like a netcat listener?
- Or does it do both, as needed?
Does the metasploit module: exploit/multi/handler
It depends. The exploit/multi/handler
is more of a stub for whatever payload handler you need to run. So whichever payload you select (with set payload ...
) is responsible for doing whatever it needs, just like if you were running it from a regular exploit module.
So yes, from a multi-handler, any of the following could happen:
A simple socket listener/connection, like netcat (for plain shell payloads)
A handler for stager payloads that uploads Meterpreter (for meterpreter/*
payloads)
A handler for single-stage (stageless?) Meterpreter (for meterpreter_*
payloads)