"Mulit/handler" how do it works ?

[pierre]

Hello,

Habitually with Metasploit, i do this:

1.Pick an exploit

2.Setting exploit options

3.Pick a payload

4.Setting payload options

5.Run exploit

6.Connecting to the remote

7.Performing post-exploitation process

But then I discovered that I can do this:

1.Create a .exe payload with options

2."use multi/handler" in metasploit

3.Setting handler options

4.Wait for a vitcim payload execution

6.Connecting to the remote

7.Performing post-exploitation process

 

What is "multi/handler" ??

[digininja]

Multi handler just starts the payload receiver and waits for a connection or connects out.

It is used when you are connecting in from things like exe's or web shells.

[pierre]

So no exploit are needed, only a payload ?

The exploit is the human himself by launching the payload ?

Edited June 8, 2016 by tot94

[digininja]

You need a way to run the payload, be that through an exploit or just built into an executable.

[pierre]

Ah ok thanks I didn't understand it in that way...

Thanks you very much

[i8igmac]

a buffer over flow for a ftp server for example, you have to configure the exploit module and include a payload. 

The exploit module will craft a large packet that will trigger the buffer overflow, metasploit will generate the payload and place the shellcode inside this Large packet and send it off...

the exploit module will launch the packet onto the network using the ftp protocal and also configure the payload multi handler to handle the payload with metasploit sockets.

multi handler is simply a module that can be configured to handle payloads.

[pierre]

Thank you I fully understand how it works now, the big difference between exploit & payload :)