- This topic has 8 replies, 6 voices, and was last updated 9 years, 1 month ago by
.
-
Posts
-
-
-
The “best” payload to use will depend on you scenario.
http://www.offensive-security.com/metasploit-unleashed/Payload_Types
-
-
-
-
@midnight monster wrote:
oh steve are you kiding!! it has hundred compatible payload and it takes a lot of time for me
OK. What is the server OS and vulnerability? If it’s Windows then Meterpereter (as mentioned by BILLV) is always a favorite of mine.
Steve
-
On Windows, a meterpreter is always better because all windows post modules support it (plus tons of features). It also communicates in SSL, so that adds a bit more stealth. On Linux though, it’s a different story, honestly you’re probably better off with a non-meterpreter shell, because the Linux meterpreter isn’t as good as the windows one.
reverse vs bind… come to think about it, I almost never use bind these days on a machine behind a firewall. But people do use bind shells.
By the way, when you select an exploit, and do “show payloads” — that will only show all the payloads compatible with that particular exploit. If you’re testing a web app exploit, keep in mind php/exec might not return an output (even though the command ran successfully).
If you’re still clueless about which payload to use, just use a reverse meterpreter like everybody else has been recommending.
Lastly, perhaps you should consider asking Metasploit questions on #metasploit in freenode, so the actual metasploit dev team can answer your questions more quickly.
And yes… I did sign up for an account here just to answer your question.
-
-
-
- You must be logged in to reply to this topic.
