9

I'm new to the metasploit and in a book it was said that when a reverse shell is used by an attacker, a handler is initiated. I've searched the about it but doesn't found any satisfactory information about the 'Handler'. What is it?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Abhirup Bakshi
  • 167
  • 1
  • 6

1 Answers1

18

I thought that this would be easier to look up, but everything I found was oddly worded.

The reason why there is not a good description is because the handler does what it is told to do. So, quite literally, it just "responds". But there are some common use cases that should make it easier to understand.

The handler is a process on the attacking machine (metasploit) that listens for and responds to connections made from the target. So, when you launch a reverse shell, it's the handler that is listening to the port you set up and then responds to the reverse shell.

The handler knows what the incoming connection needs. For instance, if it is a staged shell, that it requires the next stage.

And it can provide an interface for you to interact with the remote shell.

It can do more than this, depending on the payload, but this should give you the best idea.

schroeder
  • 123,438
  • 55
  • 284
  • 319