Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / usr / lib / metasploit / docs / userguide.tex < prev next >
LaTeX Document | 2006-06-30 | 43.7 KB
open in:
MacOS 8.1 extracted |
Win98 extracted |
DOS extracted
browse contents |
view JSON data |
view as text

This file was processed as: LaTeX Document (document/latex).
Confidence	Program	Detection	Match Type	Support
`100%`	dexvert	LaTeX Document `(document/latex)`	magic	Supported
`1%`	dexvert	Corel 10 Texture `(image/corel10Texture)`	ext	Unsupported
`1%`	dexvert	Croteam texture file `(image/croteamTextureFile)`	ext	Unsupported
`1%`	dexvert	Text File `(text/txt)`	fallback	Supported
`100%`	file	LaTeX 2e document text	default
`99%`	file	LaTeX document text	default
`98%`	file	LaTeX document, ASCII text	default
`100%`	TrID	LaTeX 2e document (with rem)	default
`100%`	checkBytes	Printable ASCII	default
`100%`	perlTextCheck	Likely Text (Perl)	default
`100%`	siegfried	fmt/280 LaTeX (Master document)	default
`100%`	detectItEasy	Format: plain text[LF]	default (weak)
`100%`	xdgMime	text/x-matlab	default (weak)
hex view
+--------+-------------------------+-------------------------+--------+--------+
|00000000| 25 25 0a 25 20 54 68 69 | 73 20 66 69 6c 65 20 69 |%%.% Thi|s file i|
|00000010| 73 20 70 61 72 74 20 6f | 66 20 74 68 65 20 4d 65 |s part o|f the Me|
|00000020| 74 61 73 70 6c 6f 69 74 | 20 46 72 61 6d 65 77 6f |tasploit| Framewo|
|00000030| 72 6b 20 61 6e 64 20 6d | 61 79 20 62 65 20 72 65 |rk and m|ay be re|
|00000040| 64 69 73 74 72 69 62 75 | 74 65 64 0a 25 20 61 63 |distribu|ted.% ac|
|00000050| 63 6f 72 64 69 6e 67 20 | 74 6f 20 74 68 65 20 6c |cording |to the l|
|00000060| 69 63 65 6e 73 65 73 20 | 64 65 66 69 6e 65 64 20 |icenses |defined |
|00000070| 69 6e 20 74 68 65 20 41 | 75 74 68 6f 72 73 20 66 |in the A|uthors f|
|00000080| 69 65 6c 64 20 62 65 6c | 6f 77 2e 20 49 6e 20 74 |ield bel|ow. In t|
|00000090| 68 65 0a 25 20 63 61 73 | 65 20 6f 66 20 61 6e 20 |he.% cas|e of an |
|000000a0| 75 6e 6b 6e 6f 77 6e 20 | 6f 72 20 6d 69 73 73 69 |unknown |or missi|
|000000b0| 6e 67 20 6c 69 63 65 6e | 73 65 2c 20 74 68 69 73 |ng licen|se, this|
|000000c0| 20 66 69 6c 65 20 64 65 | 66 61 75 6c 74 73 20 74 | file de|faults t|
|000000d0| 6f 20 74 68 65 20 73 61 | 6d 65 0a 25 20 6c 69 63 |o the sa|me.% lic|
|000000e0| 65 6e 73 65 20 61 73 20 | 74 68 65 20 63 6f 72 65 |ense as |the core|
|000000f0| 20 46 72 61 6d 65 77 6f | 72 6b 20 28 64 75 61 6c | Framewo|rk (dual|
|00000100| 20 47 50 4c 76 32 20 61 | 6e 64 20 41 72 74 69 73 | GPLv2 a|nd Artis|
|00000110| 74 69 63 29 2e 20 54 68 | 65 20 6c 61 74 65 73 74 |tic). Th|e latest|
|00000120| 0a 25 20 76 65 72 73 69 | 6f 6e 20 6f 66 20 74 68 |.% versi|on of th|
|00000130| 65 20 46 72 61 6d 65 77 | 6f 72 6b 20 63 61 6e 20 |e Framew|ork can |
|00000140| 61 6c 77 61 79 73 20 62 | 65 20 6f 62 74 61 69 6e |always b|e obtain|
|00000150| 65 64 20 66 72 6f 6d 20 | 6d 65 74 61 73 70 6c 6f |ed from |metasplo|
|00000160| 69 74 2e 63 6f 6d 2e 0a | 25 25 0a 0a 25 0a 25 20 |it.com..|%%..%.% |
|00000170| 20 20 54 69 74 6c 65 3a | 20 4d 65 74 61 73 70 6c |  Title:| Metaspl|
|00000180| 6f 69 74 20 46 72 61 6d | 65 77 6f 72 6b 20 55 73 |oit Fram|ework Us|
|00000190| 65 72 20 47 75 69 64 65 | 0a 25 20 56 65 72 73 69 |er Guide|.% Versi|
|000001a0| 6f 6e 3a 20 24 52 65 76 | 69 73 69 6f 6e 3a 20 31 |on: $Rev|ision: 1|
|000001b0| 2e 31 31 20 24 0a 25 0a | 0a 5c 64 6f 63 75 6d 65 |.11 $.%.|.\docume|
|000001c0| 6e 74 63 6c 61 73 73 7b | 72 65 70 6f 72 74 7d 0a |ntclass{|report}.|
|000001d0| 5c 75 73 65 70 61 63 6b | 61 67 65 7b 67 72 61 70 |\usepack|age{grap|
|000001e0| 68 69 63 78 7d 0a 5c 75 | 73 65 70 61 63 6b 61 67 |hicx}.\u|sepackag|
|000001f0| 65 7b 63 6f 6c 6f 72 7d | 0a 5c 75 73 65 70 61 63 |e{color}|.\usepac|
|00000200| 6b 61 67 65 7b 61 6d 73 | 6d 61 74 68 7d 0a 5c 75 |kage{ams|math}.\u|
|00000210| 73 65 70 61 63 6b 61 67 | 65 5b 63 6f 6c 6f 72 6c |sepackag|e[colorl|
|00000220| 69 6e 6b 73 2c 75 72 6c | 63 6f 6c 6f 72 3d 62 6c |inks,url|color=bl|
|00000230| 75 65 2c 6c 69 6e 6b 63 | 6f 6c 6f 72 3d 62 6c 61 |ue,linkc|olor=bla|
|00000240| 63 6b 2c 63 69 74 65 63 | 6f 6c 6f 72 3d 62 6c 75 |ck,citec|olor=blu|
|00000250| 65 5d 7b 68 79 70 65 72 | 72 65 66 7d 0a 0a 5c 62 |e]{hyper|ref}..\b|
|00000260| 65 67 69 6e 7b 64 6f 63 | 75 6d 65 6e 74 7d 0a 0a |egin{doc|ument}..|
|00000270| 5c 74 69 74 6c 65 7b 4d | 65 74 61 73 70 6c 6f 69 |\title{M|etasploi|
|00000280| 74 20 46 72 61 6d 65 77 | 6f 72 6b 20 55 73 65 72 |t Framew|ork User|
|00000290| 20 47 75 69 64 65 7d 0a | 5c 61 75 74 68 6f 72 7b | Guide}.|\author{|
|000002a0| 6d 65 74 61 73 70 6c 6f | 69 74 2e 63 6f 6d 7d 0a |metasplo|it.com}.|
|000002b0| 0a 5c 62 65 67 69 6e 7b | 74 69 74 6c 65 70 61 67 |.\begin{|titlepag|
|000002c0| 65 7d 0a 20 20 20 20 5c | 62 65 67 69 6e 7b 63 65 |e}.    \|begin{ce|
|000002d0| 6e 74 65 72 7d 0a 20 20 | 20 20 20 20 20 20 09 09 |nter}.  |      ..|
|000002e0| 0a 25 5c 69 6e 63 6c 75 | 64 65 67 72 61 70 68 69 |.%\inclu|degraphi|
|000002f0| 63 73 5b 73 63 61 6c 65 | 3d 30 2e 36 5d 7b 69 6d |cs[scale|=0.6]{im|
|00000300| 61 67 65 73 2f 6c 6f 67 | 6f 2e 70 6e 67 7d 09 0a |ages/log|o.png}..|
|00000310| 0a 20 20 20 20 20 20 20 | 20 5c 68 75 67 65 7b 4d |.       | \huge{M|
|00000320| 65 74 61 73 70 6c 6f 69 | 74 20 46 72 61 6d 65 77 |etasploi|t Framew|
|00000330| 6f 72 6b 20 55 73 65 72 | 20 47 75 69 64 65 7d 0a |ork User| Guide}.|
|00000340| 09 09 5c 20 5c 5c 5b 31 | 30 6d 6d 5d 0a 09 09 5c |..\ \\[1|0mm]...\|
|00000350| 6c 61 72 67 65 7b 56 65 | 72 73 69 6f 6e 20 32 2e |large{Ve|rsion 2.|
|00000360| 36 7d 0a 09 09 5c 5c 5b | 31 32 30 6d 6d 5d 0a 09 |6}...\\[|120mm]..|
|00000370| 09 0a 20 20 20 20 20 20 | 20 20 5c 73 6d 61 6c 6c |..      |  \small|
|00000380| 7b 5c 75 72 6c 7b 68 74 | 74 70 3a 2f 2f 77 77 77 |{\url{ht|tp://www|
|00000390| 2e 6d 65 74 61 73 70 6c | 6f 69 74 2e 63 6f 6d 2f |.metaspl|oit.com/|
|000003a0| 7d 7d 0a 0a 20 20 20 20 | 20 20 20 20 5c 72 75 6c |}}..    |    \rul|
|000003b0| 65 7b 31 30 63 6d 7d 7b | 31 70 74 7d 20 5c 5c 5b |e{10cm}{|1pt} \\[|
|000003c0| 34 6d 6d 5d 0a 20 20 20 | 20 20 20 20 20 5c 72 65 |4mm].   |     \re|
|000003d0| 6e 65 77 63 6f 6d 6d 61 | 6e 64 7b 5c 61 72 72 61 |newcomma|nd{\arra|
|000003e0| 79 73 74 72 65 74 63 68 | 7d 7b 30 2e 35 7d 0a 20 |ystretch|}{0.5}. |
|000003f0| 20 20 20 5c 65 6e 64 7b | 63 65 6e 74 65 72 7d 0a |   \end{|center}.|
|00000400| 5c 65 6e 64 7b 74 69 74 | 6c 65 70 61 67 65 7d 0a |\end{tit|lepage}.|
|00000410| 0a 5c 74 61 62 6c 65 6f | 66 63 6f 6e 74 65 6e 74 |.\tableo|fcontent|
|00000420| 73 0a 0a 5c 73 65 74 6c | 65 6e 67 74 68 7b 5c 70 |s..\setl|ength{\p|
|00000430| 61 72 69 6e 64 65 6e 74 | 7d 7b 30 70 74 7d 20 5c |arindent|}{0pt} \|
|00000440| 73 65 74 6c 65 6e 67 74 | 68 7b 5c 70 61 72 73 6b |setlengt|h{\parsk|
|00000450| 69 70 7d 7b 38 70 74 7d | 0a 0a 0a 0a 5c 63 68 61 |ip}{8pt}|....\cha|
|00000460| 70 74 65 72 7b 49 6e 74 | 72 6f 64 75 63 74 69 6f |pter{Int|roductio|
|00000470| 6e 7d 0a 0a 5c 70 61 72 | 0a 54 68 69 73 20 64 6f |n}..\par|.This do|
|00000480| 63 75 6d 65 6e 74 20 69 | 73 20 61 6e 20 61 74 74 |cument i|s an att|
|00000490| 65 6d 70 74 20 61 74 20 | 61 20 75 73 65 72 20 67 |empt at |a user g|
|000004a0| 75 69 64 65 20 66 6f 72 | 20 76 65 72 73 69 6f 6e |uide for| version|
|000004b0| 20 32 2e 36 20 6f 66 20 | 74 68 65 20 4d 65 74 61 | 2.6 of |the Meta|
|000004c0| 73 70 6c 6f 69 74 0a 46 | 72 61 6d 65 77 6f 72 6b |sploit.F|ramework|
|000004d0| 2c 20 69 74 73 20 67 6f | 61 6c 20 69 73 20 74 6f |, its go|al is to|
|000004e0| 20 70 72 6f 76 69 64 65 | 20 61 20 62 61 73 69 63 | provide| a basic|
|000004f0| 20 6f 76 65 72 76 69 65 | 77 20 6f 66 20 77 68 61 | overvie|w of wha|
|00000500| 74 20 74 68 65 20 46 72 | 61 6d 65 77 6f 72 6b 20 |t the Fr|amework |
|00000510| 69 73 2c 20 68 6f 77 0a | 69 74 20 77 6f 72 6b 73 |is, how.|it works|
|00000520| 2c 20 61 6e 64 20 77 68 | 61 74 20 79 6f 75 20 63 |, and wh|at you c|
|00000530| 61 6e 20 64 6f 20 77 69 | 74 68 20 69 74 2e 20 41 |an do wi|th it. A|
|00000540| 73 20 77 69 74 68 20 6d | 6f 73 74 20 6f 70 65 6e |s with m|ost open|
|00000550| 2d 73 6f 75 72 63 65 20 | 70 72 6f 6a 65 63 74 73 |-source |projects|
|00000560| 2c 0a 63 6f 72 72 65 63 | 74 20 64 6f 63 75 6d 65 |,.correc|t docume|
|00000570| 6e 74 61 74 69 6f 6e 20 | 74 61 6b 65 73 20 62 61 |ntation |takes ba|
|00000580| 63 6b 20 73 65 61 74 20 | 74 6f 20 61 63 74 75 61 |ck seat |to actua|
|00000590| 6c 20 64 65 76 65 6c 6f | 70 6d 65 6e 74 2e 20 49 |l develo|pment. I|
|000005a0| 66 20 79 6f 75 20 77 6f | 75 6c 64 20 6c 69 6b 65 |f you wo|uld like|
|000005b0| 0a 74 6f 20 63 6f 6e 74 | 72 69 62 75 74 65 20 74 |.to cont|ribute t|
|000005c0| 6f 20 74 68 65 20 70 72 | 6f 6a 65 63 74 20 61 6e |o the pr|oject an|
|000005d0| 64 20 68 61 76 65 20 73 | 74 72 6f 6e 67 20 74 65 |d have s|trong te|
|000005e0| 63 68 6e 69 63 61 6c 20 | 77 72 69 74 69 6e 67 20 |chnical |writing |
|000005f0| 73 6b 69 6c 6c 73 2c 20 | 70 6c 65 61 73 65 0a 63 |skills, |please.c|
|00000600| 6f 6e 74 61 63 74 20 74 | 68 65 20 64 65 76 65 6c |ontact t|he devel|
|00000610| 6f 70 65 72 73 20 61 74 | 20 6d 73 66 64 65 76 5b |opers at| msfdev[|
|00000620| 61 74 5d 6d 65 74 61 73 | 70 6c 6f 69 74 2e 63 6f |at]metas|ploit.co|
|00000630| 6d 2e 0a 0a 5c 70 61 72 | 0a 54 68 65 20 4d 65 74 |m...\par|.The Met|
|00000640| 61 73 70 6c 6f 69 74 20 | 46 72 61 6d 65 77 6f 72 |asploit |Framewor|
|00000650| 6b 20 69 73 20 61 20 63 | 6f 6d 70 6c 65 74 65 20 |k is a c|omplete |
|00000660| 65 6e 76 69 72 6f 6e 6d | 65 6e 74 20 66 6f 72 20 |environm|ent for |
|00000670| 77 72 69 74 69 6e 67 2c | 20 74 65 73 74 69 6e 67 |writing,| testing|
|00000680| 2c 20 61 6e 64 0a 75 73 | 69 6e 67 20 65 78 70 6c |, and.us|ing expl|
|00000690| 6f 69 74 20 63 6f 64 65 | 2e 20 54 68 69 73 20 65 |oit code|. This e|
|000006a0| 6e 76 69 72 6f 6e 6d 65 | 6e 74 20 70 72 6f 76 69 |nvironme|nt provi|
|000006b0| 64 65 73 20 61 20 73 6f | 6c 69 64 20 70 6c 61 74 |des a so|lid plat|
|000006c0| 66 6f 72 6d 20 66 6f 72 | 0a 70 65 6e 65 74 72 61 |form for|.penetra|
|000006d0| 74 69 6f 6e 2d 74 65 73 | 74 69 6e 67 2c 20 73 68 |tion-tes|ting, sh|
|000006e0| 65 6c 6c 63 6f 64 65 20 | 64 65 76 65 6c 6f 70 6d |ellcode |developm|
|000006f0| 65 6e 74 2c 20 61 6e 64 | 20 76 75 6c 6e 65 72 61 |ent, and| vulnera|
|00000700| 62 69 6c 69 74 79 20 72 | 65 73 65 61 72 63 68 2e |bility r|esearch.|
|00000710| 20 54 68 65 0a 6d 61 6a | 6f 72 69 74 79 20 6f 66 | The.maj|ority of|
|00000720| 20 74 68 65 20 46 72 61 | 6d 65 77 6f 72 6b 20 69 | the Fra|mework i|
|00000730| 73 20 63 6f 6d 70 6f 73 | 65 64 20 6f 66 20 6f 62 |s compos|ed of ob|
|00000740| 6a 65 63 74 2d 6f 72 69 | 65 6e 74 65 64 20 50 65 |ject-ori|ented Pe|
|00000750| 72 6c 20 63 6f 64 65 2c | 20 77 69 74 68 0a 6f 70 |rl code,| with.op|
|00000760| 74 69 6f 6e 61 6c 20 63 | 6f 6d 70 6f 6e 65 6e 74 |tional c|omponent|
|00000770| 73 20 77 72 69 74 74 65 | 6e 20 69 6e 20 43 2c 20 |s writte|n in C, |
|00000780| 61 73 73 65 6d 62 6c 65 | 72 2c 20 61 6e 64 20 50 |assemble|r, and P|
|00000790| 79 74 68 6f 6e 2e 20 20 | 0a 0a 5c 70 61 72 0a 54 |ython.  |..\par.T|
|000007a0| 68 65 20 46 72 61 6d 65 | 77 6f 72 6b 20 64 65 76 |he Frame|work dev|
|000007b0| 65 6c 6f 70 6d 65 6e 74 | 20 74 65 61 6d 20 69 73 |elopment| team is|
|000007c0| 20 6d 61 64 65 20 75 70 | 20 6f 66 20 66 6f 75 72 | made up| of four|
|000007d0| 20 66 75 6c 6c 2d 74 69 | 6d 65 20 6d 65 6d 62 65 | full-ti|me membe|
|000007e0| 72 73 20 61 6e 64 20 61 | 20 68 61 6e 64 66 75 6c |rs and a| handful|
|000007f0| 0a 6f 66 20 70 61 72 74 | 2d 74 69 6d 65 20 63 6f |.of part|-time co|
|00000800| 6e 74 72 69 62 75 74 6f | 72 73 2e 20 50 6c 65 61 |ntributo|rs. Plea|
|00000810| 73 65 20 72 65 66 65 72 | 20 74 6f 20 74 68 65 20 |se refer| to the |
|00000820| 43 72 65 64 69 74 73 20 | 65 78 70 6c 6f 69 74 20 |Credits |exploit |
|00000830| 6d 6f 64 75 6c 65 20 66 | 6f 72 20 61 20 63 6f 6d |module f|or a com|
|00000840| 70 6c 65 74 65 0a 6c 69 | 73 74 69 6e 67 20 6f 66 |plete.li|sting of|
|00000850| 20 74 68 65 20 70 65 6f | 70 6c 65 20 69 6e 76 6f | the peo|ple invo|
|00000860| 6c 76 65 64 20 69 6e 20 | 74 68 65 20 70 72 6f 6a |lved in |the proj|
|00000870| 65 63 74 2e 20 49 66 20 | 79 6f 75 20 68 61 76 65 |ect. If |you have|
|00000880| 20 63 6f 6e 74 72 69 62 | 75 74 65 64 20 74 6f 20 | contrib|uted to |
|00000890| 74 68 65 20 70 72 6f 6a | 65 63 74 0a 61 6e 64 20 |the proj|ect.and |
|000008a0| 64 6f 20 6e 6f 74 20 73 | 65 65 20 79 6f 75 72 20 |do not s|ee your |
|000008b0| 6e 61 6d 65 20 6c 69 73 | 74 65 64 20 74 68 65 72 |name lis|ted ther|
|000008c0| 65 2c 20 70 6c 65 61 73 | 65 20 6c 65 74 20 75 73 |e, pleas|e let us|
|000008d0| 20 6b 6e 6f 77 2e 0a 0a | 5c 70 61 72 0a 5c 70 61 | know...|\par.\pa|
|000008e0| 67 65 62 72 65 61 6b 0a | 0a 5c 63 68 61 70 74 65 |gebreak.|.\chapte|
|000008f0| 72 7b 49 6e 73 74 61 6c | 6c 61 74 69 6f 6e 7d 0a |r{Instal|lation}.|
|00000900| 0a 20 20 20 20 5c 73 65 | 63 74 69 6f 6e 7b 49 6e |.    \se|ction{In|
|00000910| 73 74 61 6c 6c 61 74 69 | 6f 6e 20 6f 6e 20 55 6e |stallati|on on Un|
|00000920| 69 78 7d 0a 20 20 20 20 | 5c 6c 61 62 65 6c 7b 49 |ix}.    |\label{I|
|00000930| 4e 53 54 41 4c 4c 2d 55 | 4e 49 58 7d 0a 5c 70 61 |NSTALL-U|NIX}.\pa|
|00000940| 72 0a 49 6e 73 74 61 6c | 6c 69 6e 67 20 74 68 65 |r.Instal|ling the|
|00000950| 20 46 72 61 6d 65 77 6f | 72 6b 20 69 73 20 61 73 | Framewo|rk is as|
|00000960| 20 65 61 73 79 20 61 73 | 20 65 78 74 72 61 63 74 | easy as| extract|
|00000970| 69 6e 67 20 74 68 65 20 | 74 61 72 62 61 6c 6c 2c |ing the |tarball,|
|00000980| 20 63 68 61 6e 67 69 6e | 67 20 69 6e 74 6f 20 74 | changin|g into t|
|00000990| 68 65 0a 63 72 65 61 74 | 65 64 20 64 69 72 65 63 |he.creat|ed direc|
|000009a0| 74 6f 72 79 2c 20 61 6e | 64 20 65 78 65 63 75 74 |tory, an|d execut|
|000009b0| 69 6e 67 20 79 6f 75 72 | 20 70 72 65 66 65 72 72 |ing your| preferr|
|000009c0| 65 64 20 75 73 65 72 20 | 69 6e 74 65 72 66 61 63 |ed user |interfac|
|000009d0| 65 2e 20 57 65 20 73 74 | 72 6f 6e 67 6c 79 0a 72 |e. We st|rongly.r|
|000009e0| 65 63 6f 6d 6d 65 6e 64 | 20 74 68 61 74 20 79 6f |ecommend| that yo|
|000009f0| 75 20 63 6f 6d 70 69 6c | 65 20 61 6e 64 20 69 6e |u compil|e and in|
|00000a00| 73 74 61 6c 6c 20 74 68 | 65 20 54 65 72 6d 3a 3a |stall th|e Term::|
|00000a10| 52 65 61 64 4c 69 6e 65 | 3a 3a 47 6e 75 20 50 65 |ReadLine|::Gnu Pe|
|00000a20| 72 6c 20 6d 6f 64 75 6c | 65 20 66 6f 75 6e 64 0a |rl modul|e found.|
|00000a30| 69 6e 20 74 68 65 20 22 | 65 78 74 72 61 73 22 20 |in the "|extras" |
|00000a40| 73 75 62 64 69 72 65 63 | 74 6f 72 79 2e 20 54 68 |subdirec|tory. Th|
|00000a50| 69 73 20 70 61 63 6b 61 | 67 65 20 65 6e 61 62 6c |is packa|ge enabl|
|00000a60| 65 73 20 65 78 74 65 6e | 73 69 76 65 20 74 61 62 |es exten|sive tab|
|00000a70| 2d 63 6f 6d 70 6c 65 74 | 69 6f 6e 0a 73 75 70 70 |-complet|ion.supp|
|00000a80| 6f 72 74 20 69 6e 20 74 | 68 65 20 5c 74 65 78 74 |ort in t|he \text|
|00000a90| 74 74 7b 6d 73 66 63 6f | 6e 73 6f 6c 65 7d 20 69 |tt{msfco|nsole} i|
|00000aa0| 6e 74 65 72 66 61 63 65 | 3b 20 5c 74 65 78 74 74 |nterface|; \textt|
|00000ab0| 74 7b 6d 73 66 63 6f 6e | 73 6f 6c 65 7d 20 69 73 |t{msfcon|sole} is|
|00000ac0| 20 74 68 65 0a 70 72 65 | 66 65 72 72 65 64 20 55 | the.pre|ferred U|
|00000ad0| 49 20 66 6f 72 20 65 76 | 65 72 79 64 61 79 20 75 |I for ev|eryday u|
|00000ae0| 73 65 2e 20 20 49 66 20 | 53 53 4c 20 73 75 70 70 |se.  If |SSL supp|
|00000af0| 6f 72 74 20 69 73 20 64 | 65 73 69 72 65 64 2c 20 |ort is d|esired, |
|00000b00| 79 6f 75 20 73 68 6f 75 | 6c 64 20 69 6e 73 74 61 |you shou|ld insta|
|00000b10| 6c 6c 0a 74 68 65 20 4e | 65 74 3a 3a 53 53 4c 65 |ll.the N|et::SSLe|
|00000b20| 61 79 20 50 65 72 6c 20 | 6d 6f 64 75 6c 65 20 61 |ay Perl |module a|
|00000b30| 73 20 77 65 6c 6c 2c 20 | 74 68 69 73 20 63 61 6e |s well, |this can|
|00000b40| 20 61 6c 73 6f 20 62 65 | 20 66 6f 75 6e 64 20 69 | also be| found i|
|00000b50| 6e 20 74 68 65 20 22 65 | 78 74 72 61 73 22 0a 73 |n the "e|xtras".s|
|00000b60| 75 62 64 69 72 65 63 74 | 6f 72 79 2e 20 20 50 6c |ubdirect|ory.  Pl|
|00000b70| 65 61 73 65 20 72 65 66 | 65 72 20 74 6f 20 61 70 |ease ref|er to ap|
|00000b80| 70 65 6e 64 69 63 65 73 | 20 5c 72 65 66 7b 52 45 |pendices| \ref{RE|
|00000b90| 46 2d 54 41 42 7d 20 61 | 6e 64 20 5c 72 65 66 7b |F-TAB} a|nd \ref{|
|00000ba0| 52 45 46 2d 53 53 4c 7d | 20 66 6f 72 0a 64 65 74 |REF-SSL}| for.det|
|00000bb0| 61 69 6c 65 64 20 69 6e | 73 74 72 75 63 74 69 6f |ailed in|structio|
|00000bc0| 6e 73 2e 0a 0a 5c 70 61 | 72 0a 54 6f 20 70 65 72 |ns...\pa|r.To per|
|00000bd0| 66 6f 72 6d 20 61 20 73 | 79 73 74 65 6d 2d 77 69 |form a s|ystem-wi|
|00000be0| 64 65 20 69 6e 73 74 61 | 6c 6c 61 74 69 6f 6e 2c |de insta|llation,|
|00000bf0| 20 77 65 20 72 65 63 6f | 6d 6d 65 6e 64 20 74 68 | we reco|mmend th|
|00000c00| 61 74 20 79 6f 75 20 63 | 6f 70 79 20 74 68 65 20 |at you c|opy the |
|00000c10| 65 6e 74 69 72 65 0a 46 | 72 61 6d 65 77 6f 72 6b |entire.F|ramework|
|00000c20| 20 64 69 72 65 63 74 6f | 72 79 20 69 6e 74 6f 20 | directo|ry into |
|00000c30| 61 20 67 6c 6f 62 61 6c | 6c 79 20 61 63 63 65 73 |a global|ly acces|
|00000c40| 73 69 62 6c 65 20 6c 6f | 63 61 74 69 6f 6e 20 28 |sible lo|cation (|
|00000c50| 2f 75 73 72 2f 6c 6f 63 | 61 6c 2f 6d 73 66 29 20 |/usr/loc|al/msf) |
|00000c60| 61 6e 64 0a 74 68 65 6e | 20 63 72 65 61 74 65 20 |and.then| create |
|00000c70| 73 79 6d 62 6f 6c 69 63 | 20 6c 69 6e 6b 73 20 66 |symbolic| links f|
|00000c80| 72 6f 6d 20 74 68 65 20 | 6d 73 66 2a 20 61 70 70 |rom the |msf* app|
|00000c90| 6c 69 63 61 74 69 6f 6e | 73 20 74 6f 20 61 20 64 |lication|s to a d|
|00000ca0| 69 72 65 63 74 6f 72 79 | 20 69 6e 20 74 68 65 0a |irectory| in the.|
|00000cb0| 73 79 73 74 65 6d 20 70 | 61 74 68 20 28 2f 75 73 |system p|ath (/us|
|00000cc0| 72 2f 6c 6f 63 61 6c 2f | 62 69 6e 29 2e 20 55 73 |r/local/|bin). Us|
|00000cd0| 65 72 2d 73 70 65 63 69 | 66 69 63 20 6d 6f 64 75 |er-speci|fic modu|
|00000ce0| 6c 65 73 20 63 61 6e 20 | 62 65 20 70 6c 61 63 65 |les can |be place|
|00000cf0| 64 20 69 6e 74 6f 0a 5c | 24 48 4f 4d 45 2f 2e 6d |d into.\|$HOME/.m|
|00000d00| 73 66 2f 5c 76 65 72 62 | 23 3c 23 54 59 50 45 5c |sf/\verb|#<#TYPE\|
|00000d10| 76 65 72 62 23 3e 23 20 | 64 69 72 65 63 74 6f 72 |verb#># |director|
|00000d20| 79 2c 20 77 68 65 72 65 | 20 54 59 50 45 20 69 73 |y, where| TYPE is|
|00000d30| 20 6f 6e 65 20 6f 66 20 | 65 78 70 6c 6f 69 74 73 | one of |exploits|
|00000d40| 2c 0a 70 61 79 6c 6f 61 | 64 73 2c 20 6e 6f 70 73 |,.payloa|ds, nops|
|00000d50| 2c 20 6f 72 20 65 6e 63 | 6f 64 65 72 73 2e 20 0a |, or enc|oders. .|
|00000d60| 0a 20 20 20 20 5c 73 65 | 63 74 69 6f 6e 7b 49 6e |.    \se|ction{In|
|00000d70| 73 74 61 6c 6c 61 74 69 | 6f 6e 20 6f 6e 20 57 69 |stallati|on on Wi|
|00000d80| 6e 64 6f 77 73 7d 0a 20 | 20 20 20 5c 6c 61 62 65 |ndows}. |   \labe|
|00000d90| 6c 7b 49 4e 53 54 41 4c | 4c 2d 57 49 4e 33 32 7d |l{INSTAL|L-WIN32}|
|00000da0| 0a 5c 70 61 72 0a 41 66 | 74 65 72 20 6d 6f 6e 74 |.\par.Af|ter mont|
|00000db0| 68 73 20 6f 66 20 77 6f | 72 6b 69 6e 67 20 61 72 |hs of wo|rking ar|
|00000dc0| 6f 75 6e 64 20 41 63 74 | 69 76 65 53 74 61 74 65 |ound Act|iveState|
|00000dd0| 20 62 75 67 73 2c 20 77 | 65 20 66 69 6e 61 6c 6c | bugs, w|e finall|
|00000de0| 79 20 64 65 63 69 64 65 | 64 20 74 6f 20 73 63 72 |y decide|d to scr|
|00000df0| 61 70 20 69 74 0a 61 6e | 64 20 6f 6e 6c 79 20 73 |ap it.an|d only s|
|00000e00| 75 70 70 6f 72 74 20 43 | 79 67 77 69 6e 20 50 65 |upport C|ygwin Pe|
|00000e10| 72 6c 2e 20 54 68 65 20 | 4d 65 74 61 73 70 6c 6f |rl. The |Metasplo|
|00000e20| 69 74 20 46 72 61 6d 65 | 77 6f 72 6b 20 57 69 6e |it Frame|work Win|
|00000e30| 33 32 20 69 6e 73 74 61 | 6c 6c 65 72 20 69 6e 63 |32 insta|ller inc|
|00000e40| 6c 75 64 65 73 20 61 0a | 73 6c 69 6d 6d 65 64 2d |ludes a.|slimmed-|
|00000e50| 64 6f 77 6e 20 63 6f 70 | 79 20 6f 66 20 74 68 65 |down cop|y of the|
|00000e60| 20 43 79 67 77 69 6e 20 | 65 6e 76 69 72 6f 6e 6d | Cygwin |environm|
|00000e70| 65 6e 74 2c 20 74 68 69 | 73 20 69 73 20 74 68 65 |ent, thi|s is the|
|00000e80| 20 70 72 65 66 65 72 72 | 65 64 20 77 61 79 20 74 | preferr|ed way t|
|00000e90| 6f 20 75 73 65 0a 74 68 | 65 20 46 72 61 6d 65 77 |o use.th|e Framew|
|00000ea0| 6f 72 6b 20 6f 6e 20 74 | 68 65 20 57 69 6e 64 6f |ork on t|he Windo|
|00000eb0| 77 73 20 70 6c 61 74 66 | 6f 72 6d 2e 20 49 66 20 |ws platf|orm. If |
|00000ec0| 79 6f 75 20 77 6f 75 6c | 64 20 6c 69 6b 65 20 74 |you woul|d like t|
|00000ed0| 6f 20 69 6e 73 74 61 6c | 6c 20 74 68 65 0a 46 72 |o instal|l the.Fr|
|00000ee0| 61 6d 65 77 6f 72 6b 20 | 69 6e 74 6f 20 61 6e 20 |amework |into an |
|00000ef0| 65 78 69 73 74 69 6e 67 | 20 43 79 67 77 69 6e 20 |existing| Cygwin |
|00000f00| 65 6e 76 69 72 6f 6e 6d | 65 6e 74 2c 20 70 6c 65 |environm|ent, ple|
|00000f10| 61 73 65 20 72 65 66 65 | 72 20 74 6f 20 61 70 70 |ase refe|r to app|
|00000f20| 65 6e 64 69 78 0a 5c 72 | 65 66 7b 43 59 47 57 49 |endix.\r|ef{CYGWI|
|00000f30| 4e 7d 2e 0a 20 20 20 0a | 20 20 20 20 5c 73 65 63 |N}..   .|    \sec|
|00000f40| 74 69 6f 6e 7b 50 6c 61 | 74 66 6f 72 6d 20 43 61 |tion{Pla|tform Ca|
|00000f50| 76 65 61 74 73 7d 0a 20 | 20 20 20 5c 6c 61 62 65 |veats}. |   \labe|
|00000f60| 6c 7b 49 4e 53 54 41 4c | 4c 2d 43 41 56 45 41 54 |l{INSTAL|L-CAVEAT|
|00000f70| 7d 0a 5c 70 61 72 0a 57 | 68 69 6c 65 20 77 65 20 |}.\par.W|hile we |
|00000f80| 68 61 76 65 20 74 72 69 | 65 64 20 74 6f 20 73 75 |have tri|ed to su|
|00000f90| 70 70 6f 72 74 20 61 73 | 20 6d 61 6e 79 20 70 6c |pport as| many pl|
|00000fa0| 61 74 66 6f 72 6d 73 20 | 61 73 20 70 6f 73 73 69 |atforms |as possi|
|00000fb0| 62 6c 65 2c 20 74 68 65 | 72 65 20 61 72 65 20 73 |ble, the|re are s|
|00000fc0| 6f 6d 65 0a 63 6f 6d 70 | 61 74 69 62 69 6c 69 74 |ome.comp|atibilit|
|00000fd0| 79 20 62 75 67 73 20 74 | 68 61 74 20 68 61 76 65 |y bugs t|hat have|
|00000fe0| 20 63 72 6f 70 70 65 64 | 20 75 70 2e 20 54 68 65 | cropped| up. The|
|00000ff0| 20 72 61 77 20 73 6f 63 | 6b 65 74 20 73 75 70 70 | raw soc|ket supp|
|00001000| 6f 72 74 20 69 73 20 63 | 75 72 72 65 6e 74 6c 79 |ort is c|urrently|
|00001010| 0a 6e 6f 6e 2d 66 75 6e | 63 74 69 6f 6e 61 6c 20 |.non-fun|ctional |
|00001020| 69 6e 20 43 79 67 77 69 | 6e 2c 20 41 49 58 2c 20 |in Cygwi|n, AIX, |
|00001030| 48 50 2d 55 58 2c 20 61 | 6e 64 20 70 6f 73 73 69 |HP-UX, a|nd possi|
|00001040| 62 6c 79 20 53 6f 6c 61 | 72 69 73 2e 20 54 68 69 |bly Sola|ris. Thi|
|00001050| 73 20 77 69 6c 6c 20 61 | 66 66 65 63 74 0a 79 6f |s will a|ffect.yo|
|00001060| 75 72 20 61 62 69 6c 69 | 74 79 20 74 6f 20 73 70 |ur abili|ty to sp|
|00001070| 6f 6f 66 20 55 44 50 2d | 62 61 73 65 64 20 61 74 |oof UDP-|based at|
|00001080| 74 61 63 6b 73 20 75 73 | 69 6e 67 20 74 68 65 20 |tacks us|ing the |
|00001090| 5c 74 65 78 74 74 74 7b | 55 64 70 53 6f 75 72 63 |\texttt{|UdpSourc|
|000010a0| 65 49 70 7d 0a 65 6e 76 | 69 72 6f 6e 6d 65 6e 74 |eIp}.env|ironment|
|000010b0| 20 76 61 72 69 61 62 6c | 65 2e 20 57 69 6e 64 6f | variabl|e. Windo|
|000010c0| 77 73 20 75 73 65 72 73 | 20 6d 61 79 20 65 6e 63 |ws users| may enc|
|000010d0| 6f 75 6e 74 65 72 20 70 | 72 6f 62 6c 65 6d 73 20 |ounter p|roblems |
|000010e0| 77 68 65 6e 20 75 73 69 | 6e 67 20 74 68 65 20 57 |when usi|ng the W|
|000010f0| 69 6e 33 32 0a 69 6e 73 | 74 61 6c 6c 65 72 20 6f |in32.ins|taller o|
|00001100| 6e 20 61 20 73 79 73 74 | 65 6d 20 74 68 61 74 20 |n a syst|em that |
|00001110| 61 6c 72 65 61 64 79 20 | 68 61 73 20 61 6e 20 6f |already |has an o|
|00001120| 6c 64 65 72 20 76 65 72 | 73 69 6f 6e 20 6f 66 20 |lder ver|sion of |
|00001130| 43 79 67 77 69 6e 20 69 | 6e 73 74 61 6c 6c 65 64 |Cygwin i|nstalled|
|00001140| 2e 20 0a 0a 20 20 20 20 | 5c 73 65 63 74 69 6f 6e |. ..    |\section|
|00001150| 7b 53 75 70 70 6f 72 74 | 65 64 20 4f 70 65 72 61 |{Support|ed Opera|
|00001160| 74 69 6e 67 20 53 79 73 | 74 65 6d 73 7d 0a 20 20 |ting Sys|tems}.  |
|00001170| 20 20 5c 6c 61 62 65 6c | 7b 49 4e 53 54 41 4c 4c |  \label|{INSTALL|
|00001180| 2d 53 55 50 50 4f 52 54 | 7d 0a 5c 70 61 72 0a 54 |-SUPPORT|}.\par.T|
|00001190| 68 65 20 46 72 61 6d 65 | 77 6f 72 6b 20 73 68 6f |he Frame|work sho|
|000011a0| 75 6c 64 20 72 75 6e 20 | 6f 6e 20 61 6c 6d 6f 73 |uld run |on almos|
|000011b0| 74 20 61 6e 79 20 55 6e | 69 78 2d 62 61 73 65 64 |t any Un|ix-based|
|000011c0| 20 6f 70 65 72 61 74 69 | 6e 67 20 73 79 73 74 65 | operati|ng syste|
|000011d0| 6d 20 74 68 61 74 20 69 | 6e 63 6c 75 64 65 73 0a |m that i|ncludes.|
|000011e0| 61 20 63 6f 6d 70 6c 65 | 74 65 20 61 6e 64 20 6d |a comple|te and m|
|000011f0| 6f 64 65 72 6e 20 76 65 | 72 73 69 6f 6e 20 6f 66 |odern ve|rsion of|
|00001200| 20 74 68 65 20 50 65 72 | 6c 20 69 6e 74 65 72 70 | the Per|l interp|
|00001210| 72 65 74 65 72 20 28 35 | 2e 36 2b 29 2e 20 45 76 |reter (5|.6+). Ev|
|00001220| 65 72 79 20 73 74 61 62 | 6c 65 0a 76 65 72 73 69 |ery stab|le.versi|
|00001230| 6f 6e 20 6f 66 20 74 68 | 65 20 46 72 61 6d 65 77 |on of th|e Framew|
|00001240| 6f 72 6b 20 69 73 20 74 | 65 73 74 65 64 20 77 69 |ork is t|ested wi|
|00001250| 74 68 20 66 6f 75 72 20 | 70 72 69 6d 61 72 79 20 |th four |primary |
|00001260| 70 6c 61 74 66 6f 72 6d | 73 3a 20 0a 0a 5c 62 65 |platform|s: ..\be|
|00001270| 67 69 6e 7b 69 74 65 6d | 69 7a 65 7d 0a 5c 69 74 |gin{item|ize}.\it|
|00001280| 65 6d 20 4c 69 6e 75 78 | 20 28 78 38 36 2c 20 70 |em Linux| (x86, p|
|00001290| 70 63 29 20 28 32 2e 34 | 2c 20 32 2e 36 29 0a 5c |pc) (2.4|, 2.6).\|
|000012a0| 69 74 65 6d 20 57 69 6e | 64 6f 77 73 20 4e 54 20 |item Win|dows NT |
|000012b0| 28 34 2e 30 2c 20 32 30 | 30 30 2c 20 58 50 2c 20 |(4.0, 20|00, XP, |
|000012c0| 32 30 30 33 29 0a 5c 69 | 74 65 6d 20 42 53 44 20 |2003).\i|tem BSD |
|000012d0| 28 4f 70 65 6e 20 33 2e | 78 2c 20 46 72 65 65 20 |(Open 3.|x, Free |
|000012e0| 34 2e 36 2b 29 0a 5c 69 | 74 65 6d 20 4d 61 63 4f |4.6+).\i|tem MacO|
|000012f0| 53 20 58 20 28 31 30 2e | 33 2e 78 29 0a 5c 65 6e |S X (10.|3.x).\en|
|00001300| 64 7b 69 74 65 6d 69 7a | 65 7d 0a 0a 5c 70 61 72 |d{itemiz|e}..\par|
|00001310| 0a 54 68 65 20 66 6f 6c | 6c 6f 77 69 6e 67 20 70 |.The fol|lowing p|
|00001320| 6c 61 74 66 6f 72 6d 73 | 20 61 72 65 20 6b 6e 6f |latforms| are kno|
|00001330| 77 6e 20 74 6f 20 62 65 | 20 70 72 6f 62 6c 65 6d |wn to be| problem|
|00001340| 61 74 69 63 3a 0a 5c 62 | 65 67 69 6e 7b 69 74 65 |atic:.\b|egin{ite|
|00001350| 6d 69 7a 65 7d 0a 5c 69 | 74 65 6d 20 57 69 6e 64 |mize}.\i|tem Wind|
|00001360| 6f 77 73 20 39 78 20 28 | 39 35 2c 20 39 38 2c 20 |ows 9x (|95, 98, |
|00001370| 4d 45 29 0a 5c 69 74 65 | 6d 20 48 50 2d 55 58 20 |ME).\ite|m HP-UX |
|00001380| 31 31 69 20 28 72 65 71 | 75 69 72 65 73 20 50 65 |11i (req|uires Pe|
|00001390| 72 6c 20 75 70 67 72 61 | 64 65 29 0a 5c 65 6e 64 |rl upgra|de).\end|
|000013a0| 7b 69 74 65 6d 69 7a 65 | 7d 0a 0a 5c 70 61 72 0a |{itemize|}..\par.|
|000013b0| 57 65 20 68 61 76 65 20 | 72 65 63 65 69 76 65 64 |We have |received|
|000013c0| 20 6e 75 6d 65 72 6f 75 | 73 20 72 65 70 6f 72 74 | numerou|s report|
|000013d0| 73 20 6f 66 20 74 68 65 | 20 46 72 61 6d 65 77 6f |s of the| Framewo|
|000013e0| 72 6b 20 77 6f 72 6b 69 | 6e 67 20 6f 6e 20 53 6f |rk worki|ng on So|
|000013f0| 6c 61 72 69 73 2c 0a 41 | 49 58 2c 20 61 6e 64 20 |laris,.A|IX, and |
|00001400| 65 76 65 6e 20 74 68 65 | 20 53 68 61 72 70 20 5a |even the| Sharp Z|
|00001410| 61 75 72 75 73 2e 20 54 | 68 65 73 65 20 73 79 73 |aurus. T|hese sys|
|00001420| 74 65 6d 73 20 6f 66 74 | 65 6e 20 72 65 71 75 69 |tems oft|en requi|
|00001430| 72 65 20 61 6e 20 75 70 | 64 61 74 65 64 20 76 65 |re an up|dated ve|
|00001440| 72 73 69 6f 6e 0a 6f 66 | 20 50 65 72 6c 20 69 6e |rsion.of| Perl in|
|00001450| 20 63 6f 6e 6a 75 6e 63 | 74 69 6f 6e 20 77 69 74 | conjunc|tion wit|
|00001460| 68 20 74 68 65 20 47 4e | 55 20 75 74 69 6c 69 74 |h the GN|U utilit|
|00001470| 69 65 73 20 74 6f 20 66 | 75 6e 63 74 69 6f 6e 20 |ies to f|unction |
|00001480| 63 6f 72 72 65 63 74 6c | 79 2e 0a 0a 0a 20 20 20 |correctl|y....   |
|00001490| 20 5c 73 65 63 74 69 6f | 6e 7b 55 70 64 61 74 69 | \sectio|n{Updati|
|000014a0| 6e 67 20 74 68 65 20 46 | 72 61 6d 65 77 6f 72 6b |ng the F|ramework|
|000014b0| 7d 0a 20 20 20 20 5c 6c | 61 62 65 6c 7b 49 4e 53 |}.    \l|abel{INS|
|000014c0| 54 41 4c 4c 2d 55 50 44 | 41 54 45 7d 0a 5c 70 61 |TALL-UPD|ATE}.\pa|
|000014d0| 72 0a 53 74 61 72 74 69 | 6e 67 20 77 69 74 68 20 |r.Starti|ng with |
|000014e0| 76 65 72 73 69 6f 6e 20 | 32 2e 32 2c 20 74 68 65 |version |2.2, the|
|000014f0| 20 46 72 61 6d 65 77 6f | 72 6b 20 69 6e 63 6c 75 | Framewo|rk inclu|
|00001500| 64 65 73 20 74 68 65 20 | 5c 74 65 78 74 74 74 7b |des the |\texttt{|
|00001510| 6d 73 66 75 70 64 61 74 | 65 7d 20 6f 6e 6c 69 6e |msfupdat|e} onlin|
|00001520| 65 20 75 70 64 61 74 65 | 0a 75 74 69 6c 69 74 79 |e update|.utility|
|00001530| 2e 20 54 68 69 73 20 73 | 63 72 69 70 74 20 63 61 |. This s|cript ca|
|00001540| 6e 20 62 65 20 75 73 65 | 64 20 74 6f 20 64 6f 77 |n be use|d to dow|
|00001550| 6e 6c 6f 61 64 20 61 6e | 64 20 69 6e 73 74 61 6c |nload an|d instal|
|00001560| 6c 20 74 68 65 20 6c 61 | 74 65 73 74 20 76 65 72 |l the la|test ver|
|00001570| 73 69 6f 6e 20 6f 66 0a | 74 68 65 20 46 72 61 6d |sion of.|the Fram|
|00001580| 65 77 6f 72 6b 20 66 72 | 6f 6d 20 74 68 65 20 6d |ework fr|om the m|
|00001590| 65 74 61 73 70 6c 6f 69 | 74 2e 63 6f 6d 20 77 65 |etasploi|t.com we|
|000015a0| 62 20 73 69 74 65 2e 20 | 49 74 20 70 65 72 66 6f |b site. |It perfo|
|000015b0| 72 6d 73 20 70 65 72 2d | 66 69 6c 65 20 75 70 64 |rms per-|file upd|
|000015c0| 61 74 65 73 20 62 79 0a | 63 6f 6d 70 61 72 69 6e |ates by.|comparin|
|000015d0| 67 20 6c 6f 63 61 6c 20 | 66 69 6c 65 20 63 68 65 |g local |file che|
|000015e0| 63 6b 73 75 6d 73 20 77 | 69 74 68 20 74 68 6f 73 |cksums w|ith thos|
|000015f0| 65 20 61 76 61 69 6c 61 | 62 6c 65 20 66 72 6f 6d |e availa|ble from|
|00001600| 20 74 68 65 20 77 65 62 | 20 73 69 74 65 2e 20 54 | the web| site. T|
|00001610| 68 69 73 0a 70 72 6f 63 | 65 73 73 20 6f 63 63 75 |his.proc|ess occu|
|00001620| 72 73 20 61 63 72 6f 73 | 73 20 61 20 76 61 6c 69 |rs acros|s a vali|
|00001630| 64 61 74 65 64 20 53 53 | 4c 20 63 6f 6e 6e 65 63 |dated SS|L connec|
|00001640| 74 69 6f 6e 2c 20 61 73 | 73 75 6d 69 6e 67 20 74 |tion, as|suming t|
|00001650| 68 61 74 20 74 68 65 20 | 4e 65 74 3a 3a 53 53 4c |hat the |Net::SSL|
|00001660| 65 61 79 0a 6d 6f 64 75 | 6c 65 20 68 61 73 20 62 |eay.modu|le has b|
|00001670| 65 65 6e 20 69 6e 73 74 | 61 6c 6c 65 64 2e 20 54 |een inst|alled. T|
|00001680| 68 69 73 20 69 73 20 6e | 6f 74 20 63 6f 6d 70 6c |his is n|ot compl|
|00001690| 65 74 65 6c 79 20 66 61 | 69 6c 2d 73 61 66 65 20 |etely fa|il-safe |
|000016a0| 61 6e 64 20 73 74 69 6c | 6c 20 64 65 70 65 6e 64 |and stil|l depend|
|000016b0| 73 20 6f 6e 0a 74 68 65 | 20 73 65 63 75 72 69 74 |s on.the| securit|
|000016c0| 79 20 6f 66 20 74 68 65 | 20 6d 65 74 61 73 70 6c |y of the| metaspl|
|000016d0| 6f 69 74 2e 63 6f 6d 20 | 77 65 62 20 73 65 72 76 |oit.com |web serv|
|000016e0| 65 72 2e 20 54 6f 20 6c | 65 61 72 6e 20 6d 6f 72 |er. To l|earn mor|
|000016f0| 65 20 61 62 6f 75 74 20 | 74 68 65 0a 5c 74 65 78 |e about |the.\tex|
|00001700| 74 74 74 7b 6d 73 66 75 | 70 64 61 74 65 7d 20 74 |ttt{msfu|pdate} t|
|00001710| 6f 6f 6c 2c 20 73 69 6d | 70 6c 79 20 65 78 65 63 |ool, sim|ply exec|
|00001720| 75 74 65 20 69 74 20 77 | 69 74 68 20 74 68 65 20 |ute it w|ith the |
|00001730| 2d 68 20 61 72 67 75 6d | 65 6e 74 2e 20 0a 0a 5c |-h argum|ent. ..\|
|00001740| 70 61 72 0a 49 66 20 79 | 6f 75 20 77 6f 75 6c 64 |par.If y|ou would|
|00001750| 20 70 72 65 66 65 72 20 | 74 6f 20 6e 6f 74 20 75 | prefer |to not u|
|00001760| 73 65 20 74 68 65 20 6f | 6e 6c 69 6e 65 20 75 70 |se the o|nline up|
|00001770| 64 61 74 65 20 73 79 73 | 74 65 6d 2c 20 79 6f 75 |date sys|tem, you|
|00001780| 20 63 61 6e 20 73 74 69 | 6c 6c 20 64 6f 77 6e 6c | can sti|ll downl|
|00001790| 6f 61 64 0a 75 70 64 61 | 74 65 64 20 6d 6f 64 75 |oad.upda|ted modu|
|000017a0| 6c 65 73 20 61 6e 64 20 | 74 68 65 20 63 75 72 72 |les and |the curr|
|000017b0| 65 6e 74 20 73 74 61 62 | 6c 65 20 73 6e 61 70 73 |ent stab|le snaps|
|000017c0| 68 6f 74 20 70 61 63 6b | 61 67 65 20 66 72 6f 6d |hot pack|age from|
|000017d0| 20 74 68 65 20 6d 65 74 | 61 73 70 6c 6f 69 74 2e | the met|asploit.|
|000017e0| 63 6f 6d 0a 77 65 62 20 | 73 69 74 65 2e 20 41 74 |com.web |site. At|
|000017f0| 20 74 68 69 73 20 74 69 | 6d 65 2c 20 5c 74 65 78 | this ti|me, \tex|
|00001800| 74 74 74 7b 6d 73 66 75 | 70 64 61 74 65 7d 20 64 |ttt{msfu|pdate} d|
|00001810| 6f 65 73 20 6e 6f 74 20 | 73 75 70 70 6f 72 74 20 |oes not |support |
|00001820| 70 72 6f 78 79 20 73 65 | 72 76 65 72 73 2e 0a 5c |proxy se|rvers..\|
|00001830| 70 61 67 65 62 72 65 61 | 6b 0a 0a 0a 5c 63 68 61 |pagebrea|k...\cha|
|00001840| 70 74 65 72 7b 47 65 74 | 74 69 6e 67 20 53 74 61 |pter{Get|ting Sta|
|00001850| 72 74 65 64 7d 0a 0a 20 | 20 20 20 5c 73 65 63 74 |rted}.. |   \sect|
|00001860| 69 6f 6e 7b 54 68 65 20 | 43 6f 6e 73 6f 6c 65 20 |ion{The |Console |
|00001870| 49 6e 74 65 72 66 61 63 | 65 7d 0a 20 20 20 20 5c |Interfac|e}.    \|
|00001880| 6c 61 62 65 6c 7b 53 54 | 41 52 54 45 44 2d 43 4f |label{ST|ARTED-CO|
|00001890| 4e 53 4f 4c 45 7d 0a 5c | 70 61 72 0a 41 66 74 65 |NSOLE}.\|par.Afte|
|000018a0| 72 20 79 6f 75 20 68 61 | 76 65 20 69 6e 73 74 61 |r you ha|ve insta|
|000018b0| 6c 6c 65 64 20 74 68 65 | 20 46 72 61 6d 65 77 6f |lled the| Framewo|
|000018c0| 72 6b 2c 20 79 6f 75 20 | 73 68 6f 75 6c 64 20 76 |rk, you |should v|
|000018d0| 65 72 69 66 79 20 74 68 | 61 74 20 65 76 65 72 79 |erify th|at every|
|000018e0| 74 68 69 6e 67 20 69 73 | 0a 77 6f 72 6b 69 6e 67 |thing is|.working|
|000018f0| 20 63 6f 72 72 65 63 74 | 6c 79 2e 20 20 54 68 65 | correct|ly.  The|
|00001900| 20 65 61 73 69 65 73 74 | 20 77 61 79 20 74 6f 20 | easiest| way to |
|00001910| 64 6f 20 74 68 69 73 20 | 69 73 20 74 6f 20 65 78 |do this |is to ex|
|00001920| 65 63 75 74 65 20 74 68 | 65 0a 5c 74 65 78 74 74 |ecute th|e.\textt|
|00001930| 74 7b 6d 73 66 63 6f 6e | 73 6f 6c 65 7d 20 75 73 |t{msfcon|sole} us|
|00001940| 65 72 20 69 6e 74 65 72 | 66 61 63 65 2e 20 54 68 |er inter|face. Th|
|00001950| 69 73 20 69 6e 74 65 72 | 66 61 63 65 20 73 68 6f |is inter|face sho|
|00001960| 75 6c 64 20 64 69 73 70 | 6c 61 79 20 61 6e 20 61 |uld disp|lay an a|
|00001970| 73 63 69 69 20 61 72 74 | 0a 6c 6f 67 6f 2c 20 70 |scii art|.logo, p|
|00001980| 72 69 6e 74 20 74 68 65 | 20 63 75 72 72 65 6e 74 |rint the| current|
|00001990| 20 76 65 72 73 69 6f 6e | 2c 20 73 6f 6d 65 20 6d | version|, some m|
|000019a0| 6f 64 75 6c 65 20 63 6f | 75 6e 74 73 2c 20 61 6e |odule co|unts, an|
|000019b0| 64 0a 64 72 6f 70 20 74 | 6f 20 61 20 22 6d 73 66 |d.drop t|o a "msf|
|000019c0| 3e 20 22 20 70 72 6f 6d | 70 74 2e 20 46 72 6f 6d |> " prom|pt. From|
|000019d0| 20 74 68 69 73 20 70 72 | 6f 6d 70 74 2c 20 74 79 | this pr|ompt, ty|
|000019e0| 70 65 20 5c 74 65 78 74 | 74 74 7b 68 65 6c 70 7d |pe \text|tt{help}|
|000019f0| 20 74 6f 20 67 65 74 20 | 61 20 6c 69 73 74 20 6f | to get |a list o|
|00001a00| 66 0a 76 61 6c 69 64 20 | 63 6f 6d 6d 61 6e 64 73 |f.valid |commands|
|00001a10| 2e 20 59 6f 75 20 61 72 | 65 20 63 75 72 72 65 6e |. You ar|e curren|
|00001a20| 74 6c 79 20 69 6e 20 74 | 68 65 20 22 6d 61 69 6e |tly in t|he "main|
|00001a30| 22 20 6d 6f 64 65 3b 20 | 74 68 69 73 20 61 6c 6c |" mode; |this all|
|00001a40| 6f 77 73 20 79 6f 75 20 | 74 6f 20 6c 69 73 74 0a |ows you |to list.|
|00001a50| 65 78 70 6c 6f 69 74 73 | 2c 20 6c 69 73 74 20 70 |exploits|, list p|
|00001a60| 61 79 6c 6f 61 64 73 2c | 20 61 6e 64 20 63 6f 6e |ayloads,| and con|
|00001a70| 66 69 67 75 72 65 20 67 | 6c 6f 62 61 6c 20 6f 70 |figure g|lobal op|
|00001a80| 74 69 6f 6e 73 2e 20 20 | 54 6f 20 6c 69 73 74 20 |tions.  |To list |
|00001a90| 61 6c 6c 20 61 76 61 69 | 6c 61 62 6c 65 0a 65 78 |all avai|lable.ex|
|00001aa0| 70 6c 6f 69 74 73 2c 20 | 74 79 70 65 20 5c 74 65 |ploits, |type \te|
|00001ab0| 78 74 74 74 7b 73 68 6f | 77 20 65 78 70 6c 6f 69 |xttt{sho|w exploi|
|00001ac0| 74 73 7d 2e 20 54 6f 20 | 6f 62 74 61 69 6e 20 6d |ts}. To |obtain m|
|00001ad0| 6f 72 65 20 69 6e 66 6f | 72 6d 61 74 69 6f 6e 20 |ore info|rmation |
|00001ae0| 61 62 6f 75 74 20 61 20 | 67 69 76 65 6e 0a 65 78 |about a |given.ex|
|00001af0| 70 6c 6f 69 74 2c 20 74 | 79 70 65 20 5c 74 65 78 |ploit, t|ype \tex|
|00001b00| 74 74 74 7b 69 6e 66 6f | 20 6d 6f 64 75 6c 65 5c |ttt{info| module\|
|00001b10| 5f 6e 61 6d 65 7d 2e 20 | 0a 0a 5c 70 61 72 0a 54 |_name}. |..\par.T|
|00001b20| 68 65 20 5c 74 65 78 74 | 74 74 7b 6d 73 66 63 6f |he \text|tt{msfco|
|00001b30| 6e 73 6f 6c 65 7d 20 69 | 6e 74 65 72 66 61 63 65 |nsole} i|nterface|
|00001b40| 20 77 61 73 20 64 65 73 | 69 67 6e 65 64 20 74 6f | was des|igned to|
|00001b50| 20 62 65 20 66 6c 65 78 | 69 62 6c 65 20 61 6e 64 | be flex|ible and|
|00001b60| 20 66 61 73 74 2e 20 49 | 66 20 79 6f 75 0a 65 6e | fast. I|f you.en|
|00001b70| 74 65 72 20 61 20 63 6f | 6d 6d 61 6e 64 20 74 68 |ter a co|mmand th|
|00001b80| 61 74 20 69 73 20 6e 6f | 74 20 72 65 63 6f 67 6e |at is no|t recogn|
|00001b90| 69 7a 65 64 20 62 79 20 | 74 68 65 20 63 6f 6e 73 |ized by |the cons|
|00001ba0| 6f 6c 65 2c 20 69 74 20 | 77 69 6c 6c 20 73 63 61 |ole, it |will sca|
|00001bb0| 6e 20 74 68 65 20 73 79 | 73 74 65 6d 0a 70 61 74 |n the sy|stem.pat|
|00001bc0| 68 20 74 6f 20 64 65 74 | 65 72 6d 69 6e 65 20 69 |h to det|ermine i|
|00001bd0| 66 20 69 74 20 69 73 20 | 61 20 73 79 73 74 65 6d |f it is |a system|
|00001be0| 20 63 6f 6d 6d 61 6e 64 | 2e 20 49 66 20 69 74 20 | command|. If it |
|00001bf0| 66 69 6e 64 73 20 61 20 | 6d 61 74 63 68 2c 20 74 |finds a |match, t|
|00001c00| 68 61 74 0a 63 6f 6d 6d | 61 6e 64 20 77 69 6c 6c |hat.comm|and will|
|00001c10| 20 62 65 20 65 78 65 63 | 75 74 65 64 20 77 69 74 | be exec|uted wit|
|00001c20| 68 20 74 68 65 20 73 75 | 70 70 6c 69 65 64 20 61 |h the su|pplied a|
|00001c30| 72 67 75 6d 65 6e 74 73 | 2e 20 54 68 69 73 20 61 |rguments|. This a|
|00001c40| 6c 6c 6f 77 73 20 79 6f | 75 20 74 6f 20 75 73 65 |llows yo|u to use|
|00001c50| 0a 79 6f 75 72 20 73 74 | 61 6e 64 61 72 64 20 73 |.your st|andard s|
|00001c60| 65 74 20 6f 66 20 74 6f | 6f 6c 73 20 77 69 74 68 |et of to|ols with|
|00001c70| 6f 75 74 20 68 61 76 69 | 6e 67 20 74 6f 20 6c 65 |out havi|ng to le|
|00001c80| 61 76 65 20 74 68 65 20 | 63 6f 6e 73 6f 6c 65 2e |ave the |console.|
|00001c90| 20 57 65 20 68 69 67 68 | 6c 79 0a 72 65 63 6f 6d | We high|ly.recom|
|00001ca0| 6d 65 6e 64 20 74 68 61 | 74 20 79 6f 75 20 65 6e |mend tha|t you en|
|00001cb0| 61 62 6c 65 20 74 61 62 | 20 63 6f 6d 70 6c 65 74 |able tab| complet|
|00001cc0| 69 6f 6e 20 73 75 70 70 | 6f 72 74 2c 20 74 68 69 |ion supp|ort, thi|
|00001cd0| 73 20 69 73 20 69 6e 63 | 6c 75 64 65 64 20 62 79 |s is inc|luded by|
|00001ce0| 20 64 65 66 61 75 6c 74 | 20 69 6e 0a 74 68 65 20 | default| in.the |
|00001cf0| 57 69 6e 64 6f 77 73 20 | 70 61 63 6b 61 67 65 2c |Windows |package,|
|00001d00| 20 62 75 74 20 6d 61 79 | 20 72 65 71 75 69 72 65 | but may| require|
|00001d10| 20 73 6f 66 74 77 61 72 | 65 20 69 6e 73 74 61 6c | softwar|e instal|
|00001d20| 6c 61 74 69 6f 6e 20 66 | 6f 72 20 6f 74 68 65 72 |lation f|or other|
|00001d30| 20 6f 70 65 72 61 74 69 | 6e 67 0a 73 79 73 74 65 | operati|ng.syste|
|00001d40| 6d 73 2e 20 46 6f 72 20 | 6d 6f 72 65 20 69 6e 66 |ms. For |more inf|
|00001d50| 6f 72 6d 61 74 69 6f 6e | 20 6f 6e 20 74 61 62 20 |ormation| on tab |
|00001d60| 63 6f 6d 70 6c 65 74 69 | 6f 6e 2c 20 70 6c 65 61 |completi|on, plea|
|00001d70| 73 65 20 72 65 66 65 72 | 20 74 6f 20 61 70 70 65 |se refer| to appe|
|00001d80| 6e 64 69 78 0a 5c 72 65 | 66 7b 52 45 46 2d 54 41 |ndix.\re|f{REF-TA|
|00001d90| 42 7d 2e 0a 0a 5c 70 61 | 72 0a 54 68 65 20 5c 74 |B}...\pa|r.The \t|
|00001da0| 65 78 74 74 74 7b 6d 73 | 66 63 6f 6e 73 6f 6c 65 |exttt{ms|fconsole|
|00001db0| 7d 20 73 74 61 72 74 75 | 70 20 77 69 6c 6c 20 73 |} startu|p will s|
|00001dc0| 69 6d 69 6c 61 72 20 74 | 6f 20 74 68 65 20 74 65 |imilar t|o the te|
|00001dd0| 78 74 20 62 65 6c 6f 77 | 2e 0a 0a 5c 62 65 67 69 |xt below|...\begi|
|00001de0| 6e 7b 76 65 72 62 61 74 | 69 6d 7d 0a 2b 20 2d 2d |n{verbat|im}.+ --|
|00001df0| 20 2d 2d 3d 5b 20 6d 73 | 66 63 6f 6e 73 6f 6c 65 | --=[ ms|fconsole|
|00001e00| 20 76 32 2e 35 20 5b 37 | 32 20 65 78 70 6c 6f 69 | v2.5 [7|2 exploi|
|00001e10| 74 73 20 2d 20 37 35 20 | 70 61 79 6c 6f 61 64 73 |ts - 75 |payloads|
|00001e20| 5d 0a 0a 6d 73 66 20 3e | 20 0a 5c 65 6e 64 7b 76 |]..msf >| .\end{v|
|00001e30| 65 72 62 61 74 69 6d 7d | 0a 0a 0a 20 20 20 20 5c |erbatim}|...    \|
|00001e40| 73 65 63 74 69 6f 6e 7b | 54 68 65 20 43 6f 6d 6d |section{|The Comm|
|00001e50| 61 6e 64 20 4c 69 6e 65 | 20 49 6e 74 65 72 66 61 |and Line| Interfa|
|00001e60| 63 65 7d 0a 20 20 20 20 | 5c 6c 61 62 65 6c 7b 53 |ce}.    |\label{S|
|00001e70| 54 41 52 54 45 44 2d 43 | 4c 49 7d 0a 5c 70 61 72 |TARTED-C|LI}.\par|
|00001e80| 0a 49 66 20 79 6f 75 20 | 61 72 65 20 6c 6f 6f 6b |.If you |are look|
|00001e90| 69 6e 67 20 66 6f 72 20 | 61 20 77 61 79 20 74 6f |ing for |a way to|
|00001ea0| 20 61 75 74 6f 6d 61 74 | 65 20 65 78 70 6c 6f 69 | automat|e exploi|
|00001eb0| 74 20 74 65 73 74 69 6e | 67 2c 20 6f 72 20 73 69 |t testin|g, or si|
|00001ec0| 6d 70 6c 79 20 64 6f 20 | 6e 6f 74 20 77 61 6e 74 |mply do |not want|
|00001ed0| 0a 74 6f 20 75 73 65 20 | 61 6e 20 69 6e 74 65 72 |.to use |an inter|
|00001ee0| 61 63 74 69 76 65 20 69 | 6e 74 65 72 66 61 63 65 |active i|nterface|
|00001ef0| 2c 20 5c 74 65 78 74 74 | 74 7b 6d 73 66 63 6c 69 |, \textt|t{msfcli|
|00001f00| 7d 20 6d 61 79 20 62 65 | 20 74 68 65 20 73 6f 6c |} may be| the sol|
|00001f10| 75 74 69 6f 6e 2e 20 54 | 68 69 73 0a 69 6e 74 65 |ution. T|his.inte|
|00001f20| 72 66 61 63 65 20 74 61 | 6b 65 73 20 61 20 6d 61 |rface ta|kes a ma|
|00001f30| 74 63 68 20 73 74 72 69 | 6e 67 20 61 73 20 74 68 |tch stri|ng as th|
|00001f40| 65 20 66 69 72 73 74 20 | 70 61 72 61 6d 65 74 65 |e first |paramete|
|00001f50| 72 2c 20 66 6f 6c 6c 6f | 77 65 64 20 62 79 20 74 |r, follo|wed by t|
|00001f60| 68 65 20 6f 70 74 69 6f | 6e 73 0a 69 6e 20 61 20 |he optio|ns.in a |
|00001f70| 56 41 52 3d 56 41 4c 20 | 66 6f 72 6d 61 74 2c 20 |VAR=VAL |format, |
|00001f80| 61 6e 64 20 66 69 6e 61 | 6c 6c 79 20 61 6e 20 61 |and fina|lly an a|
|00001f90| 63 74 69 6f 6e 20 63 6f | 64 65 20 74 6f 20 73 70 |ction co|de to sp|
|00001fa0| 65 63 69 66 79 20 77 68 | 61 74 20 73 68 6f 75 6c |ecify wh|at shoul|
|00001fb0| 64 20 62 65 20 64 6f 6e | 65 2e 0a 54 68 65 20 6d |d be don|e..The m|
|00001fc0| 61 74 63 68 20 73 74 72 | 69 6e 67 20 69 73 20 75 |atch str|ing is u|
|00001fd0| 73 65 64 20 74 6f 20 64 | 65 74 65 72 6d 69 6e 65 |sed to d|etermine|
|00001fe0| 20 77 68 69 63 68 20 65 | 78 70 6c 6f 69 74 20 79 | which e|xploit y|
|00001ff0| 6f 75 20 77 61 6e 74 20 | 74 6f 20 6c 61 75 6e 63 |ou want |to launc|
|00002000| 68 3b 20 69 66 20 6d 6f | 72 65 0a 74 68 61 6e 20 |h; if mo|re.than |
|00002010| 6f 6e 65 20 6d 6f 64 75 | 6c 65 20 6d 61 74 63 68 |one modu|le match|
|00002020| 65 73 2c 20 61 20 6c 69 | 73 74 20 6f 66 20 70 6f |es, a li|st of po|
|00002030| 73 73 69 62 6c 65 20 6d | 6f 64 75 6c 65 73 20 77 |ssible m|odules w|
|00002040| 69 6c 6c 20 62 65 20 70 | 72 6f 76 69 64 65 64 2e |ill be p|rovided.|
|00002050| 20 0a 0a 5c 70 61 72 0a | 54 68 65 20 61 63 74 69 | ..\par.|The acti|
|00002060| 6f 6e 20 63 6f 64 65 20 | 69 73 20 61 20 73 69 6e |on code |is a sin|
|00002070| 67 6c 65 20 6c 65 74 74 | 65 72 3b 20 53 20 66 6f |gle lett|er; S fo|
|00002080| 72 20 73 75 6d 6d 61 72 | 79 2c 20 4f 20 66 6f 72 |r summar|y, O for|
|00002090| 20 6f 70 74 69 6f 6e 73 | 2c 20 41 20 66 6f 72 20 | options|, A for |
|000020a0| 61 64 76 61 6e 63 65 64 | 0a 6f 70 74 69 6f 6e 73 |advanced|.options|
|000020b0| 2c 20 50 20 66 6f 72 20 | 70 61 79 6c 6f 61 64 73 |, P for |payloads|
|000020c0| 2c 20 54 20 66 6f 72 20 | 74 61 72 67 65 74 73 2c |, T for |targets,|
|000020d0| 20 43 20 74 6f 20 74 72 | 79 20 61 20 76 75 6c 6e | C to tr|y a vuln|
|000020e0| 65 72 61 62 69 6c 69 74 | 79 20 63 68 65 63 6b 2c |erabilit|y check,|
|000020f0| 20 61 6e 64 20 45 20 74 | 6f 0a 65 78 70 6c 6f 69 | and E t|o.exploi|
|00002100| 74 2e 20 54 68 65 20 73 | 61 76 65 64 20 65 6e 76 |t. The s|aved env|
|00002110| 69 72 6f 6e 6d 65 6e 74 | 20 77 69 6c 6c 20 62 65 |ironment| will be|
|00002120| 20 6c 6f 61 64 65 64 20 | 61 6e 64 20 75 73 65 64 | loaded |and used|
|00002130| 20 61 74 20 73 74 61 72 | 74 75 70 2c 20 61 6c 6c | at star|tup, all|
|00002140| 6f 77 69 6e 67 20 79 6f | 75 0a 74 6f 20 63 6f 6e |owing yo|u.to con|
|00002150| 66 69 67 75 72 65 20 63 | 6f 6e 76 65 6e 69 65 6e |figure c|onvenien|
|00002160| 74 20 64 65 66 61 75 6c | 74 20 6f 70 74 69 6f 6e |t defaul|t option|
|00002170| 73 20 69 6e 20 74 68 65 | 20 47 6c 6f 62 61 6c 20 |s in the| Global |
|00002180| 65 6e 76 69 72 6f 6e 6d | 65 6e 74 20 6f 66 0a 5c |environm|ent of.\|
|00002190| 74 65 78 74 74 74 7b 6d | 73 66 63 6f 6e 73 6f 6c |texttt{m|sfconsol|
|000021a0| 65 7d 2c 20 73 61 76 65 | 20 74 68 65 6d 2c 20 61 |e}, save| them, a|
|000021b0| 6e 64 20 74 61 6b 65 20 | 61 64 76 61 6e 74 61 67 |nd take |advantag|
|000021c0| 65 20 6f 66 20 74 68 65 | 6d 20 69 6e 20 74 68 65 |e of the|m in the|
|000021d0| 0a 5c 74 65 78 74 74 74 | 7b 6d 73 66 63 6c 69 7d |.\texttt|{msfcli}|
|000021e0| 20 69 6e 74 65 72 66 61 | 63 65 2e 20 0a 0a 0a 20 | interfa|ce. ... |
|000021f0| 20 20 20 5c 73 65 63 74 | 69 6f 6e 7b 54 68 65 20 |   \sect|ion{The |
|00002200| 57 65 62 20 49 6e 74 65 | 72 66 61 63 65 7d 0a 20 |Web Inte|rface}. |
|00002210| 20 20 20 5c 6c 61 62 65 | 6c 7b 53 54 41 52 54 45 |   \labe|l{STARTE|
|00002220| 44 2d 57 45 42 7d 0a 5c | 70 61 72 0a 54 68 65 20 |D-WEB}.\|par.The |
|00002230| 5c 74 65 78 74 74 74 7b | 6d 73 66 77 65 62 7d 20 |\texttt{|msfweb} |
|00002240| 69 6e 74 65 72 66 61 63 | 65 20 69 73 20 61 20 73 |interfac|e is a s|
|00002250| 74 61 6e 64 2d 61 6c 6f | 6e 65 20 77 65 62 20 73 |tand-alo|ne web s|
|00002260| 65 72 76 65 72 20 74 68 | 61 74 20 61 6c 6c 6f 77 |erver th|at allow|
|00002270| 73 0a 79 6f 75 20 74 6f | 20 68 61 72 6e 65 73 73 |s.you to| harness|
|00002280| 20 74 68 65 20 70 6f 77 | 65 72 20 6f 66 20 74 68 | the pow|er of th|
|00002290| 65 20 46 72 61 6d 65 77 | 6f 72 6b 20 74 68 72 6f |e Framew|ork thro|
|000022a0| 75 67 68 20 61 20 62 72 | 6f 77 73 65 72 2e 20 54 |ugh a br|owser. T|
|000022b0| 68 69 73 20 69 6e 74 65 | 72 66 61 63 65 20 0a 69 |his inte|rface .i|
|000022c0| 73 20 73 74 69 6c 6c 20 | 70 72 69 6d 69 74 69 76 |s still |primitiv|
|000022d0| 65 2c 20 62 75 74 20 6d | 61 79 20 62 65 20 75 73 |e, but m|ay be us|
|000022e0| 65 66 75 6c 20 66 6f 72 | 20 74 65 61 6d 2d 62 61 |eful for| team-ba|
|000022f0| 73 65 64 20 70 65 6e 65 | 74 72 61 74 69 6f 6e 20 |sed pene|tration |
|00002300| 74 65 73 74 69 6e 67 0a | 65 6e 76 69 72 6f 6e 6d |testing.|environm|
|00002310| 65 6e 74 73 20 61 6e 64 | 20 6c 69 76 65 20 64 65 |ents and| live de|
|00002320| 6d 6f 6e 73 74 72 61 74 | 69 6f 6e 73 2e 20 49 66 |monstrat|ions. If|
|00002330| 20 79 6f 75 20 70 6c 61 | 6e 20 6f 6e 20 75 73 69 | you pla|n on usi|
|00002340| 6e 67 20 5c 74 65 78 74 | 74 74 7b 6d 73 66 77 65 |ng \text|tt{msfwe|
|00002350| 62 7d 20 6f 6e 0a 74 68 | 65 20 57 69 6e 64 6f 77 |b} on.th|e Window|
|00002360| 73 20 70 6c 61 74 66 6f | 72 6d 2c 20 6b 65 65 70 |s platfo|rm, keep|
|00002370| 20 69 6e 20 6d 69 6e 64 | 20 74 68 61 74 20 43 79 | in mind| that Cy|
|00002380| 67 77 69 6e 20 64 6f 65 | 73 20 6e 6f 74 20 73 75 |gwin doe|s not su|
|00002390| 70 70 6f 72 74 20 63 6f | 70 79 2d 6f 6e 2d 77 72 |pport co|py-on-wr|
|000023a0| 69 74 65 0a 28 43 4f 57 | 29 20 66 6f 72 20 66 6f |ite.(COW|) for fo|
|000023b0| 72 6b 65 64 20 70 72 6f | 63 65 73 73 65 73 2e 20 |rked pro|cesses. |
|000023c0| 53 69 6e 63 65 20 5c 74 | 65 78 74 74 74 7b 6d 73 |Since \t|exttt{ms|
|000023d0| 66 77 65 62 7d 20 75 73 | 65 73 20 74 68 65 20 5c |fweb} us|es the \|
|000023e0| 74 65 78 74 74 74 7b 66 | 6f 72 6b 28 29 7d 20 63 |texttt{f|ork()} c|
|000023f0| 61 6c 6c 0a 74 6f 20 68 | 61 6e 64 6c 65 20 6e 65 |all.to h|andle ne|
|00002400| 77 20 63 6f 6e 6e 65 63 | 74 69 6f 6e 73 2c 20 69 |w connec|tions, i|
|00002410| 74 20 77 69 6c 6c 20 72 | 75 6e 20 6d 75 63 68 20 |t will r|un much |
|00002420| 73 6c 6f 77 65 72 20 61 | 6e 64 20 75 73 65 20 6d |slower a|nd use m|
|00002430| 75 63 68 20 6d 6f 72 65 | 20 6d 65 6d 6f 72 79 20 |uch more| memory |
|00002440| 74 68 61 6e 0a 69 66 20 | 69 74 20 77 61 73 20 72 |than.if |it was r|
|00002450| 75 6e 6e 69 6e 67 20 6f | 6e 20 61 20 63 6f 6d 70 |unning o|n a comp|
|00002460| 61 72 61 62 6c 65 20 55 | 6e 69 78 20 73 79 73 74 |arable U|nix syst|
|00002470| 65 6d 2e 0a 0a 5c 70 61 | 72 0a 53 74 61 72 74 69 |em...\pa|r.Starti|
|00002480| 6e 67 20 77 69 74 68 20 | 76 65 72 73 69 6f 6e 20 |ng with |version |
|00002490| 32 2e 33 2c 20 5c 74 65 | 78 74 74 74 7b 6d 73 66 |2.3, \te|xttt{msf|
|000024a0| 77 65 62 7d 20 70 72 6f | 76 69 64 65 73 20 61 6e |web} pro|vides an|
|000024b0| 20 66 61 73 74 20 6d 75 | 6c 74 69 2d 75 73 65 72 | fast mu|lti-user|
|000024c0| 20 77 65 62 20 73 68 65 | 6c 6c 2e 20 54 68 69 73 | web she|ll. This|
|000024d0| 20 0a 73 79 73 74 65 6d | 20 61 6c 6c 6f 77 73 20 | .system| allows |
|000024e0| 79 6f 75 20 74 6f 20 73 | 68 61 72 65 20 79 6f 75 |you to s|hare you|
|000024f0| 72 20 61 63 74 69 76 65 | 20 73 65 73 73 69 6f 6e |r active| session|
|00002500| 73 20 77 69 74 68 20 6f | 74 68 65 72 20 5c 74 65 |s with o|ther \te|
|00002510| 78 74 74 74 7b 6d 73 66 | 77 65 62 7d 20 75 73 65 |xttt{msf|web} use|
|00002520| 72 73 2e 20 54 68 65 0a | 73 68 65 6c 6c 20 63 6f |rs. The.|shell co|
|00002530| 6e 73 6f 6c 65 20 28 61 | 6e 64 20 74 68 65 20 72 |nsole (a|nd the r|
|00002540| 65 73 74 20 6f 66 20 5c | 74 65 78 74 74 74 7b 6d |est of \|texttt{m|
|00002550| 73 66 77 65 62 7d 29 20 | 68 61 76 65 20 62 65 65 |sfweb}) |have bee|
|00002560| 6e 20 74 65 73 74 65 64 | 20 77 69 74 68 20 46 69 |n tested| with Fi|
|00002570| 72 65 66 6f 78 0a 31 2e | 30 2c 20 49 6e 74 65 72 |refox.1.|0, Inter|
|00002580| 6e 65 74 20 45 78 70 6c | 6f 72 65 72 20 36 2e 30 |net Expl|orer 6.0|
|00002590| 2c 20 61 6e 64 20 74 68 | 65 20 53 61 66 61 72 69 |, and th|e Safari|
|000025a0| 2f 4b 6f 6e 71 75 65 72 | 6f 72 20 62 72 6f 77 73 |/Konquer|or brows|
|000025b0| 65 72 73 2e 20 0a 0a 5c | 70 61 72 0a 54 68 65 20 |ers. ..\|par.The |
|000025c0| 5c 74 65 78 74 74 74 7b | 6d 73 66 77 65 62 7d 20 |\texttt{|msfweb} |
|000025d0| 69 6e 74 65 72 66 61 63 | 65 20 70 72 6f 76 69 64 |interfac|e provid|
|000025e0| 65 73 20 61 6c 6d 6f 73 | 74 20 6e 6f 20 73 65 63 |es almos|t no sec|
|000025f0| 75 72 69 74 79 20 77 68 | 61 74 73 6f 65 76 65 72 |urity wh|atsoever|
|00002600| 3b 20 61 6e 79 6f 6e 65 | 20 77 68 6f 20 63 61 6e |; anyone| who can|
|00002610| 20 63 6f 6e 6e 65 63 74 | 20 0a 74 6f 20 74 68 65 | connect| .to the|
|00002620| 20 5c 74 65 78 74 74 74 | 7b 6d 73 66 77 65 62 7d | \texttt|{msfweb}|
|00002630| 20 73 65 72 76 69 63 65 | 20 63 6f 75 6c 64 20 70 | service| could p|
|00002640| 6f 74 65 6e 74 69 61 6c | 6c 79 20 67 61 69 6e 20 |otential|ly gain |
|00002650| 61 63 63 65 73 73 20 74 | 6f 20 74 68 65 20 75 6e |access t|o the un|
|00002660| 64 65 72 6c 79 69 6e 67 | 20 73 79 73 74 65 6d 2e |derlying| system.|
|00002670| 20 0a 54 68 65 20 64 65 | 66 61 75 6c 74 20 63 6f | .The de|fault co|
|00002680| 6e 66 69 67 75 72 61 74 | 69 6f 6e 20 69 73 20 74 |nfigurat|ion is t|
|00002690| 6f 20 6c 69 73 74 65 6e | 20 6f 6e 20 74 68 65 20 |o listen| on the |
|000026a0| 6c 6f 6f 70 62 61 63 6b | 20 61 64 64 72 65 73 73 |loopback| address|
|000026b0| 20 6f 6e 6c 79 2c 20 74 | 68 69 73 20 63 61 6e 20 | only, t|his can |
|000026c0| 62 65 0a 63 68 61 6e 67 | 65 64 20 62 79 20 75 73 |be.chang|ed by us|
|000026d0| 69 6e 67 20 2d 61 20 6f | 70 74 69 6f 6e 20 74 6f |ing -a o|ption to|
|000026e0| 20 73 70 65 63 69 66 79 | 20 74 68 65 20 6c 6f 63 | specify| the loc|
|000026f0| 61 6c 20 49 50 20 61 64 | 64 72 65 73 73 2e 20 49 |al IP ad|dress. I|
|00002700| 66 20 79 6f 75 20 77 6f | 75 6c 64 20 6c 69 6b 65 |f you wo|uld like|
|00002710| 20 74 6f 20 6f 70 65 6e | 20 74 68 65 0a 73 65 72 | to open| the.ser|
|00002720| 76 65 72 20 75 70 20 74 | 6f 20 74 68 65 20 65 6e |ver up t|o the en|
|00002730| 74 69 72 65 20 6e 65 74 | 77 6f 72 6b 2c 20 70 61 |tire net|work, pa|
|00002740| 73 73 20 30 2e 30 2e 30 | 2e 30 20 74 6f 20 74 68 |ss 0.0.0|.0 to th|
|00002750| 65 20 2d 61 20 6f 70 74 | 69 6f 6e 20 6f 66 20 6d |e -a opt|ion of m|
|00002760| 73 66 77 65 62 2e 20 4a | 75 73 74 20 6c 69 6b 65 |sfweb. J|ust like|
|00002770| 20 74 68 65 20 0a 63 6f | 6d 6d 61 6e 64 2d 6c 69 | the .co|mmand-li|
|00002780| 6e 65 20 69 6e 74 65 72 | 66 61 63 65 2c 20 74 68 |ne inter|face, th|
|00002790| 65 20 73 61 76 65 64 20 | 65 6e 76 69 72 6f 6e 6d |e saved |environm|
|000027a0| 65 6e 74 20 69 73 20 6c | 6f 61 64 65 64 20 6f 6e |ent is l|oaded on|
|000027b0| 20 73 74 61 72 74 75 70 | 20 61 6e 64 20 63 61 6e | startup| and can|
|000027c0| 20 61 66 66 65 63 74 20 | 6d 6f 64 75 6c 65 20 0a | affect |module .|
|000027d0| 73 65 74 74 69 6e 67 73 | 2e 20 57 65 20 64 6f 20 |settings|. We do |
|000027e0| 6e 6f 74 20 72 65 63 6f | 6d 6d 65 6e 64 20 74 68 |not reco|mmend th|
|000027f0| 61 74 20 79 6f 75 20 65 | 78 70 6f 73 65 20 74 68 |at you e|xpose th|
|00002800| 65 20 5c 74 65 78 74 74 | 74 7b 6d 73 66 77 65 62 |e \textt|t{msfweb|
|00002810| 7d 20 69 6e 74 65 72 66 | 61 63 65 20 74 6f 0a 61 |} interf|ace to.a|
|00002820| 6e 20 75 6e 74 72 75 73 | 74 65 64 20 6e 65 74 77 |n untrus|ted netw|
|00002830| 6f 72 6b 2e 20 0a 0a 5c | 70 61 67 65 62 72 65 61 |ork. ..\|pagebrea|
|00002840| 6b 0a 5c 63 68 61 70 74 | 65 72 7b 54 68 65 20 45 |k.\chapt|er{The E|
|00002850| 6e 76 69 72 6f 6e 6d 65 | 6e 74 7d 0a 0a 5c 70 61 |nvironme|nt}..\pa|
|00002860| 72 0a 54 68 65 20 65 6e | 76 69 72 6f 6e 6d 65 6e |r.The en|vironmen|
|00002870| 74 20 73 79 73 74 65 6d | 20 69 73 20 61 20 63 6f |t system| is a co|
|00002880| 72 65 20 63 6f 6d 70 6f | 6e 65 6e 74 20 6f 66 20 |re compo|nent of |
|00002890| 74 68 65 20 46 72 61 6d | 65 77 6f 72 6b 3b 20 74 |the Fram|ework; t|
|000028a0| 68 65 20 69 6e 74 65 72 | 66 61 63 65 73 20 75 73 |he inter|faces us|
|000028b0| 65 0a 69 74 20 74 6f 20 | 63 6f 6e 66 69 67 75 72 |e.it to |configur|
|000028c0| 65 20 73 65 74 74 69 6e | 67 73 2c 20 74 68 65 20 |e settin|gs, the |
|000028d0| 70 61 79 6c 6f 61 64 73 | 20 75 73 65 20 69 74 20 |payloads| use it |
|000028e0| 70 61 74 63 68 20 6f 70 | 63 6f 64 65 73 2c 20 74 |patch op|codes, t|
|000028f0| 68 65 20 65 78 70 6c 6f | 69 74 73 0a 75 73 65 20 |he explo|its.use |
|00002900| 69 74 20 74 6f 20 64 65 | 66 69 6e 65 20 70 61 72 |it to de|fine par|
|00002910| 61 6d 65 74 65 72 73 2c | 20 61 6e 64 20 69 74 20 |ameters,| and it |
|00002920| 69 73 20 75 73 65 64 20 | 69 6e 74 65 72 6e 61 6c |is used |internal|
|00002930| 6c 79 20 74 6f 20 70 61 | 73 73 20 6f 70 74 69 6f |ly to pa|ss optio|
|00002940| 6e 73 20 62 65 74 77 65 | 65 6e 0a 6d 6f 64 75 6c |ns betwe|en.modul|
|00002950| 65 73 2e 20 54 68 65 20 | 65 6e 76 69 72 6f 6e 6d |es. The |environm|
|00002960| 65 6e 74 20 73 79 73 74 | 65 6d 20 69 73 20 6c 6f |ent syst|em is lo|
|00002970| 67 69 63 61 6c 6c 79 20 | 64 69 76 69 64 65 64 20 |gically |divided |
|00002980| 69 6e 74 6f 20 61 20 47 | 6c 6f 62 61 6c 20 61 6e |into a G|lobal an|
|00002990| 64 20 54 65 6d 70 6f 72 | 61 72 79 20 65 6e 76 69 |d Tempor|ary envi|
|000029a0| 72 6f 6e 6d 65 6e 74 2e | 20 20 0a 0a 5c 70 61 72 |ronment.|  ..\par|
|000029b0| 0a 45 61 63 68 20 65 78 | 70 6c 6f 69 74 20 6d 61 |.Each ex|ploit ma|
|000029c0| 69 6e 74 61 69 6e 73 20 | 69 74 73 20 6f 77 6e 20 |intains |its own |
|000029d0| 54 65 6d 70 6f 72 61 72 | 79 20 65 6e 76 69 72 6f |Temporar|y enviro|
|000029e0| 6e 6d 65 6e 74 2c 20 77 | 68 69 63 68 20 6f 76 65 |nment, w|hich ove|
|000029f0| 72 72 69 64 65 73 20 74 | 68 65 20 47 6c 6f 62 61 |rrides t|he Globa|
|00002a00| 6c 0a 65 6e 76 69 72 6f | 6e 6d 65 6e 74 2e 20 57 |l.enviro|nment. W|
|00002a10| 68 65 6e 20 79 6f 75 20 | 73 65 6c 65 63 74 20 61 |hen you |select a|
|00002a20| 6e 20 65 78 70 6c 6f 69 | 74 20 76 69 61 20 74 68 |n exploi|t via th|
|00002a30| 65 20 5c 74 65 78 74 74 | 74 7b 75 73 65 7d 20 63 |e \textt|t{use} c|
|00002a40| 6f 6d 6d 61 6e 64 2c 20 | 74 68 65 0a 54 65 6d 70 |ommand, |the.Temp|
|00002a50| 6f 72 61 72 79 20 65 6e | 76 69 72 6f 6e 6d 65 6e |orary en|vironmen|
|00002a60| 74 20 66 6f 72 20 74 68 | 61 74 20 65 78 70 6c 6f |t for th|at explo|
|00002a70| 69 74 20 69 73 20 6c 6f | 61 64 65 64 20 61 6e 64 |it is lo|aded and|
|00002a80| 20 74 68 65 20 70 72 65 | 76 69 6f 75 73 20 6f 6e | the pre|vious on|
|00002a90| 65 20 69 73 20 73 61 76 | 65 64 0a 6f 66 66 2e 20 |e is sav|ed.off. |
|00002aa0| 49 66 20 79 6f 75 20 73 | 77 69 74 63 68 20 62 61 |If you s|witch ba|
|00002ab0| 63 6b 20 74 6f 20 74 68 | 65 20 70 72 65 76 69 6f |ck to th|e previo|
|00002ac0| 75 73 20 65 78 70 6c 6f | 69 74 2c 20 74 68 65 20 |us explo|it, the |
|00002ad0| 54 65 6d 70 6f 72 61 72 | 79 20 65 6e 76 69 72 6f |Temporar|y enviro|
|00002ae0| 6e 6d 65 6e 74 20 66 6f | 72 0a 74 68 61 74 20 65 |nment fo|r.that e|
|00002af0| 78 70 6c 6f 69 74 20 69 | 73 20 6c 6f 61 64 65 64 |xploit i|s loaded|
|00002b00| 20 61 67 61 69 6e 2e 20 | 20 20 0a 0a 20 20 20 20 | again. |  ..    |
|00002b10| 5c 73 65 63 74 69 6f 6e | 7b 47 6c 6f 62 61 6c 20 |\section|{Global |
|00002b20| 45 6e 76 69 72 6f 6e 6d | 65 6e 74 7d 0a 20 20 20 |Environm|ent}.   |
|00002b30| 20 5c 6c 61 62 65 6c 7b | 45 4e 56 2d 47 4c 4f 42 | \label{|ENV-GLOB|
|00002b40| 41 4c 7d 0a 5c 70 61 72 | 0a 54 68 65 20 47 6c 6f |AL}.\par|.The Glo|
|00002b50| 62 61 6c 20 65 6e 76 69 | 72 6f 6e 6d 65 6e 74 20 |bal envi|ronment |
|00002b60| 69 73 20 61 63 63 65 73 | 73 65 64 20 74 68 72 6f |is acces|sed thro|
|00002b70| 75 67 68 20 74 68 65 20 | 63 6f 6e 73 6f 6c 65 20 |ugh the |console |
|00002b80| 76 69 61 20 74 68 65 20 | 5c 74 65 78 74 74 74 7b |via the |\texttt{|
|00002b90| 73 65 74 67 7d 20 61 6e | 64 0a 5c 74 65 78 74 74 |setg} an|d.\textt|
|00002ba0| 74 7b 75 6e 73 65 74 67 | 7d 20 63 6f 6d 6d 61 6e |t{unsetg|} comman|
|00002bb0| 64 73 2e 20 54 68 65 20 | 66 6f 6c 6c 6f 77 69 6e |ds. The |followin|
|00002bc0| 67 20 65 78 61 6d 70 6c | 65 20 73 68 6f 77 73 20 |g exampl|e shows |
|00002bd0| 74 68 65 20 47 6c 6f 62 | 61 6c 20 65 6e 76 69 72 |the Glob|al envir|
|00002be0| 6f 6e 6d 65 6e 74 0a 73 | 74 61 74 65 20 61 66 74 |onment.s|tate aft|
|00002bf0| 65 72 20 61 20 66 72 65 | 73 68 20 69 6e 73 74 61 |er a fre|sh insta|
|00002c00| 6c 6c 61 74 69 6f 6e 2e | 20 43 61 6c 6c 69 6e 67 |llation.| Calling|
|00002c10| 20 5c 74 65 78 74 74 74 | 7b 73 65 74 67 7d 20 77 | \texttt|{setg} w|
|00002c20| 69 74 68 20 6e 6f 20 61 | 72 67 75 6d 65 6e 74 73 |ith no a|rguments|
|00002c30| 0a 64 69 73 70 6c 61 79 | 73 20 74 68 65 20 63 75 |.display|s the cu|
|00002c40| 72 72 65 6e 74 20 67 6c | 6f 62 61 6c 20 65 6e 76 |rrent gl|obal env|
|00002c50| 69 72 6f 6e 6d 65 6e 74 | 2c 20 63 61 6c 6c 69 6e |ironment|, callin|
|00002c60| 67 20 5c 74 65 78 74 74 | 74 7b 75 6e 73 65 74 67 |g \textt|t{unsetg|
|00002c70| 7d 20 77 69 74 68 20 6e | 6f 0a 61 72 67 75 6d 65 |} with n|o.argume|
|00002c80| 6e 74 73 20 77 69 6c 6c | 20 63 6c 65 61 72 20 74 |nts will| clear t|
|00002c90| 68 65 20 65 6e 74 69 72 | 65 20 67 6c 6f 62 61 6c |he entir|e global|
|00002ca0| 20 65 6e 76 69 72 6f 6e | 6d 65 6e 74 2e 20 44 65 | environ|ment. De|
|00002cb0| 66 61 75 6c 74 20 73 65 | 74 74 69 6e 67 73 20 61 |fault se|ttings a|
|00002cc0| 72 65 0a 61 75 74 6f 6d | 61 74 69 63 61 6c 6c 79 |re.autom|atically|
|00002cd0| 20 6c 6f 61 64 65 64 20 | 77 68 65 6e 20 74 68 65 | loaded |when the|
|00002ce0| 20 69 6e 74 65 72 66 61 | 63 65 20 73 74 61 72 74 | interfa|ce start|
|00002cf0| 73 2e 0a 0a 0a 5c 62 65 | 67 69 6e 7b 76 65 72 62 |s....\be|gin{verb|
|00002d00| 61 74 69 6d 7d 0a 6d 73 | 66 20 3e 20 73 65 74 67 |atim}.ms|f > setg|
|00002d10| 0a 41 6c 74 65 72 6e 61 | 74 65 45 78 69 74 3a 20 |.Alterna|teExit: |
|00002d20| 32 0a 44 65 62 75 67 4c | 65 76 65 6c 3a 20 30 0a |2.DebugL|evel: 0.|
|00002d30| 45 6e 63 6f 64 65 72 3a | 20 4d 73 66 3a 3a 45 6e |Encoder:| Msf::En|
|00002d40| 63 6f 64 65 72 3a 3a 50 | 65 78 46 6e 73 74 65 6e |coder::P|exFnsten|
|00002d50| 76 4d 6f 76 0a 4c 6f 67 | 67 69 6e 67 3a 20 30 0a |vMov.Log|ging: 0.|
|00002d60| 4e 6f 70 3a 20 4d 73 66 | 3a 3a 4e 6f 70 3a 3a 50 |Nop: Msf|::Nop::P|
|00002d70| 65 78 0a 52 61 6e 64 6f | 6d 4e 6f 70 73 3a 20 31 |ex.Rando|mNops: 1|
|00002d80| 0a 5c 65 6e 64 7b 76 65 | 72 62 61 74 69 6d 7d 0a |.\end{ve|rbatim}.|
|00002d90| 0a 0a 20 20 20 20 5c 73 | 65 63 74 69 6f 6e 7b 54 |..    \s|ection{T|
|00002da0| 65 6d 70 6f 72 61 72 79 | 20 45 6e 76 69 72 6f 6e |emporary| Environ|
|00002db0| 6d 65 6e 74 7d 0a 20 20 | 20 20 5c 6c 61 62 65 6c |ment}.  |  \label|
|00002dc0| 7b 45 4e 56 2d 54 45 4d | 50 7d 0a 5c 70 61 72 0a |{ENV-TEM|P}.\par.|
|00002dd0| 0a 54 68 65 20 54 65 6d | 70 6f 72 61 72 79 20 65 |.The Tem|porary e|
|00002de0| 6e 76 69 72 6f 6e 6d 65 | 6e 74 20 69 73 20 61 63 |nvironme|nt is ac|
|00002df0| 63 65 73 73 65 64 20 74 | 68 72 6f 75 67 68 20 74 |cessed t|hrough t|
|00002e00| 68 65 20 5c 74 65 78 74 | 74 74 7b 73 65 74 7d 20 |he \text|tt{set} |
|00002e10| 61 6e 64 0a 5c 74 65 78 | 74 74 74 7b 75 6e 73 65 |and.\tex|ttt{unse|
|00002e20| 74 7d 20 63 6f 6d 6d 61 | 6e 64 73 2e 20 54 68 69 |t} comma|nds. Thi|
|00002e30| 73 20 65 6e 76 69 72 6f | 6e 6d 65 6e 74 20 6f 6e |s enviro|nment on|
|00002e40| 6c 79 20 61 70 70 6c 69 | 65 73 20 74 6f 20 74 68 |ly appli|es to th|
|00002e50| 65 20 63 75 72 72 65 6e | 74 6c 79 20 6c 6f 61 64 |e curren|tly load|
|00002e60| 65 64 0a 65 78 70 6c 6f | 69 74 20 6d 6f 64 75 6c |ed.explo|it modul|
|00002e70| 65 3b 20 73 77 69 74 63 | 68 69 6e 67 20 74 6f 20 |e; switc|hing to |
|00002e80| 61 6e 6f 74 68 65 72 20 | 65 78 70 6c 6f 69 74 20 |another |exploit |
|00002e90| 76 69 61 20 74 68 65 20 | 5c 74 65 78 74 74 74 7b |via the |\texttt{|
|00002ea0| 75 73 65 7d 20 63 6f 6d | 6d 61 6e 64 20 77 69 6c |use} com|mand wil|
|00002eb0| 6c 0a 72 65 73 75 6c 74 | 20 69 6e 20 74 68 65 20 |l.result| in the |
|00002ec0| 54 65 6d 70 6f 72 61 72 | 79 20 65 6e 76 69 72 6f |Temporar|y enviro|
|00002ed0| 6e 6d 65 6e 74 20 66 6f | 72 20 74 68 65 20 63 75 |nment fo|r the cu|
|00002ee0| 72 72 65 6e 74 20 6d 6f | 64 75 6c 65 20 62 65 69 |rrent mo|dule bei|
|00002ef0| 6e 67 20 73 77 61 70 70 | 65 64 20 6f 75 74 0a 77 |ng swapp|ed out.w|
|00002f00| 69 74 68 20 74 68 65 20 | 65 6e 76 69 72 6f 6e 6d |ith the |environm|
|00002f10| 65 6e 74 20 6f 66 20 74 | 68 65 20 6e 65 77 20 6d |ent of t|he new m|
|00002f20| 6f 64 75 6c 65 2e 20 49 | 66 20 6e 6f 20 65 78 70 |odule. I|f no exp|
|00002f30| 6c 6f 69 74 20 69 73 20 | 63 75 72 72 65 6e 74 6c |loit is |currentl|
|00002f40| 79 20 61 63 74 69 76 65 | 2c 20 74 68 65 0a 5c 74 |y active|, the.\t|
|00002f50| 65 78 74 74 74 7b 73 65 | 74 7d 20 61 6e 64 20 5c |exttt{se|t} and \|
|00002f60| 74 65 78 74 74 74 7b 75 | 6e 73 65 74 7d 20 63 6f |texttt{u|nset} co|
|00002f70| 6d 6d 61 6e 64 73 20 77 | 69 6c 6c 20 6e 6f 74 20 |mmands w|ill not |
|00002f80| 62 65 20 61 76 61 69 6c | 61 62 6c 65 2e 20 53 77 |be avail|able. Sw|
|00002f90| 69 74 63 68 69 6e 67 20 | 62 61 63 6b 0a 74 6f 20 |itching |back.to |
|00002fa0| 74 68 65 20 6f 72 69 67 | 69 6e 61 6c 20 65 78 70 |the orig|inal exp|
|00002fb0| 6c 6f 69 74 20 6d 6f 64 | 75 6c 65 20 77 69 6c 6c |loit mod|ule will|
|00002fc0| 20 72 65 73 75 6c 74 20 | 69 6e 20 74 68 65 20 6f | result |in the o|
|00002fd0| 72 69 67 69 6e 61 6c 20 | 65 6e 76 69 72 6f 6e 6d |riginal |environm|
|00002fe0| 65 6e 74 20 62 65 69 6e | 67 0a 72 65 73 74 6f 72 |ent bein|g.restor|
|00002ff0| 65 64 2e 20 49 6e 61 63 | 74 69 76 65 20 54 65 6d |ed. Inac|tive Tem|
|00003000| 70 6f 72 61 72 79 20 65 | 6e 76 69 72 6f 6e 6d 65 |porary e|nvironme|
|00003010| 6e 74 73 20 61 72 65 20 | 73 69 6d 70 6c 79 20 73 |nts are |simply s|
|00003020| 74 6f 72 65 64 20 69 6e | 20 6d 65 6d 6f 72 79 20 |tored in| memory |
|00003030| 61 6e 64 0a 61 63 74 69 | 76 61 74 65 64 20 6f 6e |and.acti|vated on|
|00003040| 63 65 20 74 68 65 69 72 | 20 61 73 73 6f 63 69 61 |ce their| associa|
|00003050| 74 65 64 20 6d 6f 64 75 | 6c 65 20 68 61 73 20 62 |ted modu|le has b|
|00003060| 65 65 6e 20 73 65 6c 65 | 63 74 65 64 2e 20 54 68 |een sele|cted. Th|
|00003070| 65 20 66 6f 6c 6c 6f 77 | 69 6e 67 20 65 78 61 6d |e follow|ing exam|
|00003080| 70 6c 65 0a 73 68 6f 77 | 73 20 68 6f 77 20 74 68 |ple.show|s how th|
|00003090| 65 20 5c 74 65 78 74 74 | 74 7b 75 73 65 7d 20 63 |e \textt|t{use} c|
|000030a0| 6f 6d 6d 61 6e 64 20 73 | 65 6c 65 63 74 73 20 61 |ommand s|elects a|
|000030b0| 6e 20 61 63 74 69 76 65 | 20 65 78 70 6c 6f 69 74 |n active| exploit|
|000030c0| 20 61 6e 64 20 68 6f 77 | 20 74 68 65 0a 5c 74 65 | and how| the.\te|
|000030d0| 78 74 74 74 7b 62 61 63 | 6b 7d 20 63 6f 6d 6d 61 |xttt{bac|k} comma|
|000030e0| 6e 64 20 72 65 76 65 72 | 74 73 20 74 6f 20 74 68 |nd rever|ts to th|
|000030f0| 65 20 6d 61 69 6e 20 6d | 6f 64 65 2e 20 20 0a 0a |e main m|ode.  ..|
|00003100| 5c 62 65 67 69 6e 7b 76 | 65 72 62 61 74 69 6d 7d |\begin{v|erbatim}|
|00003110| 0a 6d 73 66 20 3e 20 75 | 73 65 20 77 69 6e 73 5f |.msf > u|se wins_|
|00003120| 6d 73 30 34 5f 30 34 35 | 0a 6d 73 66 20 77 69 6e |ms04_045|.msf win|
|00003130| 73 5f 6d 73 30 34 5f 30 | 34 35 20 3e 20 73 65 74 |s_ms04_0|45 > set|
|00003140| 0a 6d 73 66 20 77 69 6e | 73 5f 6d 73 30 34 5f 30 |.msf win|s_ms04_0|
|00003150| 34 35 20 3e 20 73 65 74 | 20 46 4f 4f 20 42 41 52 |45 > set| FOO BAR|
|00003160| 0a 46 4f 4f 20 2d 3e 20 | 42 41 52 0a 6d 73 66 20 |.FOO -> |BAR.msf |
|00003170| 77 69 6e 73 5f 6d 73 30 | 34 5f 30 34 35 20 3e 20 |wins_ms0|4_045 > |
|00003180| 73 65 74 0a 46 4f 4f 3a | 20 42 41 52 0a 6d 73 66 |set.FOO:| BAR.msf|
|00003190| 20 77 69 6e 73 5f 6d 73 | 30 34 5f 30 34 35 20 3e | wins_ms|04_045 >|
|000031a0| 20 62 61 63 6b 0a 6d 73 | 66 20 3e 20 75 73 65 20 | back.ms|f > use |
|000031b0| 6f 70 65 6e 76 69 65 77 | 5f 6f 6d 6e 69 62 61 63 |openview|_omnibac|
|000031c0| 6b 0a 6d 73 66 20 6f 70 | 65 6e 76 69 65 77 5f 6f |k.msf op|enview_o|
|000031d0| 6d 6e 69 62 61 63 6b 20 | 3e 20 73 65 74 20 52 45 |mniback |> set RE|
|000031e0| 44 20 42 4c 55 45 0a 52 | 45 44 20 2d 3e 20 42 4c |D BLUE.R|ED -> BL|
|000031f0| 55 45 0a 6d 73 66 20 6f | 70 65 6e 76 69 65 77 5f |UE.msf o|penview_|
|00003200| 6f 6d 6e 69 62 61 63 6b | 20 3e 20 73 65 74 0a 52 |omniback| > set.R|
|00003210| 45 44 3a 20 42 4c 55 45 | 0a 6d 73 66 20 6f 70 65 |ED: BLUE|.msf ope|
|00003220| 6e 76 69 65 77 5f 6f 6d | 6e 69 62 61 63 6b 20 3e |nview_om|niback >|
|00003230| 20 62 61 63 6b 0a 6d 73 | 66 20 3e 20 75 73 65 20 | back.ms|f > use |
|00003240| 77 69 6e 73 5f 6d 73 30 | 34 5f 30 34 35 0a 6d 73 |wins_ms0|4_045.ms|
|00003250| 66 20 77 69 6e 73 5f 6d | 73 30 34 5f 30 34 35 20 |f wins_m|s04_045 |
|00003260| 3e 20 73 65 74 0a 46 4f | 4f 3a 20 42 41 52 0a 6d |> set.FO|O: BAR.m|
|00003270| 73 66 20 77 69 6e 73 5f | 6d 73 30 34 5f 30 34 35 |sf wins_|ms04_045|
|00003280| 20 3e 0a 5c 65 6e 64 7b | 76 65 72 62 61 74 69 6d | >.\end{|verbatim|
|00003290| 7d 0a 0a 0a 20 20 20 20 | 5c 73 65 63 74 69 6f 6e |}...    |\section|
|000032a0| 7b 53 61 76 65 64 20 45 | 6e 76 69 72 6f 6e 6d 65 |{Saved E|nvironme|
|000032b0| 6e 74 7d 0a 20 20 20 20 | 5c 6c 61 62 65 6c 7b 45 |nt}.    |\label{E|
|000032c0| 4e 56 2d 53 41 56 45 7d | 0a 5c 70 61 72 0a 54 68 |NV-SAVE}|.\par.Th|
|000032d0| 65 20 5c 74 65 78 74 74 | 74 7b 73 61 76 65 7d 20 |e \textt|t{save} |
|000032e0| 63 6f 6d 6d 61 6e 64 20 | 63 61 6e 20 62 65 20 75 |command |can be u|
|000032f0| 73 65 64 20 74 6f 20 73 | 79 6e 63 68 72 6f 6e 69 |sed to s|ynchroni|
|00003300| 7a 65 20 74 68 65 20 47 | 6c 6f 62 61 6c 20 61 6e |ze the G|lobal an|
|00003310| 64 20 61 6c 6c 0a 54 65 | 6d 70 6f 72 61 72 79 20 |d all.Te|mporary |
|00003320| 65 6e 76 69 72 6f 6e 6d | 65 6e 74 73 20 74 6f 20 |environm|ents to |
|00003330| 64 69 73 6b 2e 20 54 68 | 65 20 73 61 76 65 64 20 |disk. Th|e saved |
|00003340| 65 6e 76 69 72 6f 6e 6d | 65 6e 74 20 69 73 20 77 |environm|ent is w|
|00003350| 72 69 74 74 65 6e 20 74 | 6f 0a 7e 2f 2e 6d 73 66 |ritten t|o.~/.msf|
|00003360| 2f 63 6f 6e 66 69 67 20 | 61 6e 64 20 77 69 6c 6c |/config |and will|
|00003370| 20 62 65 20 6c 6f 61 64 | 65 64 20 77 68 65 6e 20 | be load|ed when |
|00003380| 61 6e 79 20 6f 66 20 74 | 68 65 20 75 73 65 72 20 |any of t|he user |
|00003390| 69 6e 74 65 72 66 61 63 | 65 73 20 61 72 65 20 65 |interfac|es are e|
|000033a0| 78 65 63 75 74 65 64 2e | 20 20 0a 0a 0a 20 20 20 |xecuted.|  ...   |
|000033b0| 20 5c 73 65 63 74 69 6f | 6e 7b 45 6e 76 69 72 6f | \sectio|n{Enviro|
|000033c0| 6e 6d 65 6e 74 20 45 66 | 66 69 63 69 65 6e 63 79 |nment Ef|ficiency|
|000033d0| 7d 0a 20 20 20 20 5c 6c | 61 62 65 6c 7b 45 4e 56 |}.    \l|abel{ENV|
|000033e0| 2d 45 46 46 7d 0a 5c 70 | 61 72 0a 54 68 69 73 20 |-EFF}.\p|ar.This |
|000033f0| 73 70 6c 69 74 20 65 6e | 76 69 72 6f 6e 6d 65 6e |split en|vironmen|
|00003400| 74 20 73 79 73 74 65 6d | 20 61 6c 6c 6f 77 73 20 |t system| allows |
|00003410| 79 6f 75 20 73 61 76 65 | 20 74 69 6d 65 20 64 75 |you save| time du|
|00003420| 72 69 6e 67 20 65 78 70 | 6c 6f 69 74 20 64 65 76 |ring exp|loit dev|
|00003430| 65 6c 6f 70 6d 65 6e 74 | 0a 61 6e 64 20 70 65 6e |elopment|.and pen|
|00003440| 65 74 72 61 74 69 6f 6e | 20 74 65 73 74 69 6e 67 |etration| testing|
|00003450| 2e 20 43 6f 6d 6d 6f 6e | 20 6f 70 74 69 6f 6e 73 |. Common| options|
|00003460| 20 62 65 74 77 65 65 6e | 20 65 78 70 6c 6f 69 74 | between| exploit|
|00003470| 73 20 63 61 6e 20 62 65 | 20 64 65 66 69 6e 65 64 |s can be| defined|
|00003480| 20 69 6e 20 74 68 65 0a | 47 6c 6f 62 61 6c 20 65 | in the.|Global e|
|00003490| 6e 76 69 72 6f 6e 6d 65 | 6e 74 20 6f 6e 63 65 20 |nvironme|nt once |
|000034a0| 61 6e 64 20 61 75 74 6f | 6d 61 74 69 63 61 6c 6c |and auto|maticall|
|000034b0| 79 20 75 73 65 64 20 69 | 6e 20 61 6e 79 20 65 78 |y used i|n any ex|
|000034c0| 70 6c 6f 69 74 20 79 6f | 75 20 6c 6f 61 64 20 74 |ploit yo|u load t|
|000034d0| 68 65 72 65 61 66 74 65 | 72 2e 20 20 0a 0a 5c 70 |hereafte|r.  ..\p|
|000034e0| 61 72 0a 54 68 65 20 65 | 78 61 6d 70 6c 65 20 62 |ar.The e|xample b|
|000034f0| 65 6c 6f 77 20 73 68 6f | 77 73 20 68 6f 77 20 74 |elow sho|ws how t|
|00003500| 68 65 20 5c 74 65 78 74 | 74 74 7b 4c 50 4f 52 54 |he \text|tt{LPORT|
|00003510| 7d 2c 20 5c 74 65 78 74 | 74 74 7b 4c 48 4f 53 54 |}, \text|tt{LHOST|
|00003520| 7d 2c 20 61 6e 64 0a 5c | 74 65 78 74 74 74 7b 50 |}, and.\|texttt{P|
|00003530| 41 59 4c 4f 41 44 7d 20 | 67 6c 6f 62 61 6c 20 65 |AYLOAD} |global e|
|00003540| 6e 76 69 72 6f 6e 6d 65 | 6e 74 73 20 63 61 6e 20 |nvironme|nts can |
|00003550| 62 65 20 75 73 65 64 20 | 74 6f 20 73 61 76 65 20 |be used |to save |
|00003560| 74 69 6d 65 20 77 68 65 | 6e 20 65 78 70 6c 6f 69 |time whe|n exploi|
|00003570| 74 69 6e 67 20 61 0a 73 | 65 74 20 6f 66 20 57 69 |ting a.s|et of Wi|
|00003580| 6e 64 6f 77 73 2d 62 61 | 73 65 64 20 74 61 72 67 |ndows-ba|sed targ|
|00003590| 65 74 73 2e 20 49 66 20 | 74 68 69 73 20 65 6e 76 |ets. If |this env|
|000035a0| 69 72 6f 6e 6d 65 6e 74 | 20 77 61 73 20 73 65 74 |ironment| was set|
|000035b0| 20 61 6e 64 20 61 20 4c | 69 6e 75 78 20 65 78 70 | and a L|inux exp|
|000035c0| 6c 6f 69 74 0a 77 61 73 | 20 62 65 69 6e 67 20 75 |loit.was| being u|
|000035d0| 73 65 64 2c 20 74 68 65 | 20 54 65 6d 70 6f 72 61 |sed, the| Tempora|
|000035e0| 72 79 20 65 6e 76 69 72 | 6f 6e 6d 65 6e 74 20 28 |ry envir|onment (|
|000035f0| 76 69 61 20 5c 74 65 78 | 74 74 74 7b 73 65 74 7d |via \tex|ttt{set}|
|00003600| 20 61 6e 64 20 5c 74 65 | 78 74 74 74 7b 75 6e 73 | and \te|xttt{uns|
|00003610| 65 74 7d 29 0a 63 6f 75 | 6c 64 20 62 65 20 75 73 |et}).cou|ld be us|
|00003620| 65 64 20 74 6f 20 6f 76 | 65 72 72 69 64 65 20 74 |ed to ov|erride t|
|00003630| 68 65 73 65 20 64 65 66 | 61 75 6c 74 73 2e 20 20 |hese def|aults.  |
|00003640| 0a 0a 5c 62 65 67 69 6e | 7b 76 65 72 62 61 74 69 |..\begin|{verbati|
|00003650| 6d 7d 0a 6d 73 66 20 3e | 20 73 65 74 67 20 4c 50 |m}.msf >| setg LP|
|00003660| 4f 52 54 20 31 32 33 34 | 0a 4c 50 4f 52 54 20 2d |ORT 1234|.LPORT -|
|00003670| 3e 20 31 32 33 34 0a 6d | 73 66 20 3e 20 73 65 74 |> 1234.m|sf > set|
|00003680| 67 20 4c 48 4f 53 54 20 | 31 39 32 2e 31 36 38 2e |g LHOST |192.168.|
|00003690| 30 2e 31 30 20 0a 4c 48 | 4f 53 54 20 2d 3e 20 31 |0.10 .LH|OST -> 1|
|000036a0| 39 32 2e 31 36 38 2e 30 | 2e 31 30 0a 6d 73 66 20 |92.168.0|.10.msf |
|000036b0| 3e 20 73 65 74 67 20 50 | 41 59 4c 4f 41 44 20 77 |> setg P|AYLOAD w|
|000036c0| 69 6e 33 32 5f 72 65 76 | 65 72 73 65 0a 50 41 59 |in32_rev|erse.PAY|
|000036d0| 4c 4f 41 44 20 2d 3e 20 | 77 69 6e 33 32 5f 72 65 |LOAD -> |win32_re|
|000036e0| 76 65 72 73 65 0a 6d 73 | 66 20 3e 20 75 73 65 20 |verse.ms|f > use |
|000036f0| 61 70 61 63 68 65 5f 63 | 68 75 6e 6b 65 64 5f 77 |apache_c|hunked_w|
|00003700| 69 6e 33 32 20 0a 6d 73 | 66 20 61 70 61 63 68 65 |in32 .ms|f apache|
|00003710| 5f 63 68 75 6e 6b 65 64 | 5f 77 69 6e 33 32 28 77 |_chunked|_win32(w|
|00003720| 69 6e 33 32 5f 72 65 76 | 65 72 73 65 29 20 3e 20 |in32_rev|erse) > |
|00003730| 73 68 6f 77 20 6f 70 74 | 69 6f 6e 73 20 0a 45 78 |show opt|ions .Ex|
|00003740| 70 6c 6f 69 74 20 61 6e | 64 20 50 61 79 6c 6f 61 |ploit an|d Payloa|
|00003750| 64 20 4f 70 74 69 6f 6e | 73 0a 3d 3d 3d 3d 3d 3d |d Option|s.======|
|00003760| 3d 3d 3d 3d 3d 3d 3d 3d | 3d 3d 3d 3d 3d 3d 3d 3d |========|========|
|00003770| 3d 3d 3d 3d 3d 0a 0a 20 | 20 45 78 70 6c 6f 69 74 |=====.. | Exploit|
|00003780| 3a 20 20 20 20 4e 61 6d | 65 20 20 20 20 20 20 44 |:    Nam|e      D|
|00003790| 65 66 61 75 6c 74 20 20 | 20 20 44 65 73 63 72 69 |efault  |  Descri|
|000037a0| 70 74 69 6f 6e 0a 20 20 | 2d 2d 2d 2d 2d 2d 2d 2d |ption.  |--------|
|000037b0| 20 20 20 20 2d 2d 2d 2d | 2d 2d 20 20 20 20 2d 2d |    ----|--    --|
|000037c0| 2d 2d 2d 2d 2d 20 20 20 | 20 2d 2d 2d 2d 2d 2d 2d |-----   | -------|
|000037d0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 20 20 20 20 0a |--------|---    .|
|000037e0| 20 20 6f 70 74 69 6f 6e | 61 6c 20 20 20 20 53 53 |  option|al    SS|
|000037f0| 4c 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |L       |        |
|00003800| 20 20 20 55 73 65 20 53 | 53 4c 0a 20 20 72 65 71 |   Use S|SL.  req|
|00003810| 75 69 72 65 64 20 20 20 | 20 52 48 4f 53 54 20 20 |uired   | RHOST  |
|00003820| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 54 68 |        |      Th|
|00003830| 65 20 74 61 72 67 65 74 | 20 61 64 64 72 65 73 73 |e target| address|
|00003840| 0a 20 20 72 65 71 75 69 | 72 65 64 20 20 20 20 52 |.  requi|red    R|
|00003850| 50 4f 52 54 20 20 20 20 | 20 38 30 20 20 20 20 20 |PORT    | 80     |
|00003860| 20 20 20 20 54 68 65 20 | 74 61 72 67 65 74 20 70 |    The |target p|
|00003870| 6f 72 74 0a 20 20 0a 20 | 20 50 61 79 6c 6f 61 64 |ort.  . | Payload|
|00003880| 3a 20 20 20 20 4e 61 6d | 65 20 20 20 20 20 20 20 |:    Nam|e       |
|00003890| 20 44 65 66 61 75 6c 74 | 20 20 20 20 44 65 73 63 | Default|    Desc|
|000038a0| 72 69 70 74 69 6f 6e 0a | 20 20 2d 2d 2d 2d 2d 2d |ription.|  ------|
|000038b0| 2d 2d 20 20 20 20 2d 2d | 2d 2d 2d 2d 2d 2d 20 20 |--    --|------  |
|000038c0| 20 20 2d 2d 2d 2d 2d 2d | 2d 20 20 20 20 2d 2d 2d |  ------|-    ---|
|000038d0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000038e0| 2d 2d 2d 2d 2d 2d 2d 2d | 2d 2d 2d 2d 2d 2d 2d 2d |--------|--------|
|000038f0| 2d 2d 2d 2d 2d 2d 2d 20 | 20 20 20 0a 20 20 6f 70 |------- |   .  op|
|00003900| 74 69 6f 6e 61 6c 20 20 | 20 20 45 58 49 54 46 55 |tional  |  EXITFU|
|00003910| 4e 43 20 20 20 20 20 73 | 65 68 20 20 20 20 20 20 |NC     s|eh      |
|00003920| 20 20 20 20 20 20 20 45 | 78 69 74 20 74 65 63 68 |       E|xit tech|
|00003930| 6e 69 71 75 65 3a 20 22 | 70 72 6f 63 65 73 73 22 |nique: "|process"|
|00003940| 2c 20 22 74 68 72 65 61 | 64 22 2c 20 22 73 65 68 |, "threa|d", "seh|
|00003950| 22 0a 20 20 72 65 71 75 | 69 72 65 64 20 20 20 20 |".  requ|ired    |
|00003960| 4c 50 4f 52 54 20 20 20 | 20 20 20 20 20 31 32 33 |LPORT   |     123|
|00003970| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 4c 6f 63 |        |     Loc|
|00003980| 61 6c 20 70 6f 72 74 20 | 74 6f 20 72 65 63 65 69 |al port |to recei|
|00003990| 76 65 20 63 6f 6e 6e 65 | 63 74 69 6f 6e 0a 20 20 |ve conne|ction.  |
|000039a0| 72 65 71 75 69 72 65 64 | 20 20 20 20 4c 48 4f 53 |required|    LHOS|
|000039b0| 54 20 20 20 20 20 20 20 | 20 31 39 32 2e 31 36 38 |T       | 192.168|
|000039c0| 2e 30 2e 31 30 20 20 20 | 20 4c 6f 63 61 6c 20 61 |.0.10   | Local a|
|000039d0| 64 64 72 65 73 73 20 74 | 6f 20 72 65 63 65 69 76 |ddress t|o receiv|
|000039e0| 65 20 63 6f 6e 6e 65 63 | 74 69 6f 6e 0a 5c 65 6e |e connec|tion.\en|
|000039f0| 64 7b 76 65 72 62 61 74 | 69 6d 7d 0a 0a 0a 20 20 |d{verbat|im}...  |
|00003a00| 20 20 5c 73 65 63 74 69 | 6f 6e 7b 45 6e 76 69 72 |  \secti|on{Envir|
|00003a10| 6f 6e 6d 65 6e 74 20 56 | 61 72 69 61 62 6c 65 73 |onment V|ariables|
|00003a20| 7d 0a 20 20 20 20 5c 6c | 61 62 65 6c 7b 45 4e 56 |}.    \l|abel{ENV|
|00003a30| 2d 56 41 52 7d 0a 5c 70 | 61 72 0a 54 68 65 20 65 |-VAR}.\p|ar.The e|
|00003a40| 6e 76 69 72 6f 6e 6d 65 | 6e 74 20 63 61 6e 20 62 |nvironme|nt can b|
|00003a50| 65 20 75 73 65 64 20 74 | 6f 20 63 6f 6e 66 69 67 |e used t|o config|
|00003a60| 75 72 65 20 6d 61 6e 79 | 20 61 73 70 65 63 74 73 |ure many| aspects|
|00003a70| 20 6f 66 20 74 68 65 20 | 46 72 61 6d 65 77 6f 72 | of the |Framewor|
|00003a80| 6b 2c 20 72 61 6e 67 69 | 6e 67 0a 66 72 6f 6d 20 |k, rangi|ng.from |
|00003a90| 75 73 65 72 20 69 6e 74 | 65 72 66 61 63 65 20 73 |user int|erface s|
|00003aa0| 65 74 74 69 6e 67 73 20 | 74 6f 20 73 70 65 63 69 |ettings |to speci|
|00003ab0| 66 69 63 20 74 69 6d 65 | 6f 75 74 20 6f 70 74 69 |fic time|out opti|
|00003ac0| 6f 6e 73 20 69 6e 20 74 | 68 65 20 6e 65 74 77 6f |ons in t|he netwo|
|00003ad0| 72 6b 20 73 6f 63 6b 65 | 74 0a 41 50 49 2e 20 54 |rk socke|t.API. T|
|00003ae0| 68 69 73 20 73 65 63 74 | 69 6f 6e 20 64 65 73 63 |his sect|ion desc|
|00003af0| 72 69 62 65 73 20 74 68 | 65 20 6d 6f 73 74 20 63 |ribes th|e most c|
|00003b00| 6f 6d 6d 6f 6e 6c 79 20 | 75 73 65 64 20 65 6e 76 |ommonly |used env|
|00003b10| 69 72 6f 6e 6d 65 6e 74 | 20 76 61 72 69 61 62 6c |ironment| variabl|
|00003b20| 65 73 2e 20 20 0a 0a 5c | 70 61 72 0a 46 6f 72 20 |es.  ..\|par.For |
|00003b30| 61 20 63 6f 6d 70 6c 65 | 74 65 20 6c 69 73 74 69 |a comple|te listi|
|00003b40| 6e 67 20 6f 66 20 61 6c | 6c 20 65 6e 76 69 72 6f |ng of al|l enviro|
|00003b50| 6e 6d 65 6e 74 20 76 61 | 72 69 61 62 6c 65 73 2c |nment va|riables,|
|00003b60| 20 70 6c 65 61 73 65 20 | 73 65 65 20 74 68 65 20 | please |see the |
|00003b70| 66 69 6c 65 0a 45 6e 76 | 69 72 6f 6e 6d 65 6e 74 |file.Env|ironment|
|00003b80| 2e 74 78 74 20 69 6e 20 | 74 68 65 20 22 64 6f 63 |.txt in |the "doc|
|00003b90| 73 22 20 73 75 62 64 69 | 72 65 63 74 6f 72 79 20 |s" subdi|rectory |
|00003ba0| 6f 66 20 74 68 65 20 46 | 72 61 6d 65 77 6f 72 6b |of the F|ramework|
|00003bb0| 2e 20 0a 0a 0a 09 5c 73 | 75 62 73 65 63 74 69 6f |. ....\s|ubsectio|
|00003bc0| 6e 7b 44 65 62 75 67 4c | 65 76 65 6c 7d 0a 5c 70 |n{DebugL|evel}.\p|
|00003bd0| 61 72 0a 54 68 69 73 20 | 76 61 72 69 61 62 6c 65 |ar.This |variable|
|00003be0| 20 69 73 20 75 73 65 64 | 20 74 6f 20 63 6f 6e 74 | is used| to cont|
|00003bf0| 72 6f 6c 20 74 68 65 20 | 76 65 72 62 6f 73 69 74 |rol the |verbosit|
|00003c00| 79 20 6f 66 20 64 65 62 | 75 67 67 69 6e 67 20 6d |y of deb|ugging m|
|00003c10| 65 73 73 61 67 65 73 20 | 70 72 6f 76 69 64 65 64 |essages |provided|
|00003c20| 20 62 79 0a 74 68 65 20 | 63 6f 6d 70 6f 6e 65 6e | by.the |componen|
|00003c30| 74 73 20 6f 66 20 74 68 | 65 20 46 72 61 6d 65 77 |ts of th|e Framew|
|00003c40| 6f 72 6b 2e 20 53 65 74 | 74 69 6e 67 20 74 68 69 |ork. Set|ting thi|
|00003c50| 73 20 76 61 6c 75 65 20 | 74 6f 20 30 20 77 69 6c |s value |to 0 wil|
|00003c60| 6c 20 70 72 65 76 65 6e | 74 20 64 65 62 75 67 67 |l preven|t debugg|
|00003c70| 69 6e 67 0a 6d 65 73 73 | 61 67 65 73 20 66 72 6f |ing.mess|ages fro|
|00003c80| 6d 20 62 65 69 6e 67 20 | 64 69 73 70 6c 61 79 65 |m being |displaye|
|00003c90| 64 20 28 64 65 66 61 75 | 6c 74 29 2e 20 53 75 70 |d (defau|lt). Sup|
|00003ca0| 70 6f 72 74 65 64 20 76 | 61 6c 75 65 73 20 6f 66 |ported v|alues of|
|00003cb0| 20 44 65 62 75 67 4c 65 | 76 65 6c 20 72 61 6e 67 | DebugLe|vel rang|
|00003cc0| 65 20 66 72 6f 6d 20 30 | 20 74 6f 20 35 2e 20 0a |e from 0| to 5. .|
|00003cd0| 0a 09 5c 73 75 62 73 65 | 63 74 69 6f 6e 7b 4c 6f |..\subse|ction{Lo|
|00003ce0| 67 67 69 6e 67 7d 0a 5c | 70 61 72 0a 54 68 69 73 |gging}.\|par.This|
|00003cf0| 20 76 61 72 69 61 62 6c | 65 20 69 73 20 75 73 65 | variabl|e is use|
|00003d00| 64 20 74 6f 20 65 6e 61 | 62 6c 65 20 6f 72 20 64 |d to ena|ble or d|
|00003d10| 69 73 61 62 6c 65 20 73 | 65 73 73 69 6f 6e 20 6c |isable s|ession l|
|00003d20| 6f 67 67 69 6e 67 2e 20 | 53 65 73 73 69 6f 6e 20 |ogging. |Session |
|00003d30| 6c 6f 67 73 20 61 72 65 | 0a 73 74 6f 72 65 64 20 |logs are|.stored |
|00003d40| 69 6e 20 7e 2f 2e 6d 73 | 66 2f 6c 6f 67 73 20 62 |in ~/.ms|f/logs b|
|00003d50| 79 20 64 65 66 61 75 6c | 74 2c 20 74 68 65 20 64 |y defaul|t, the d|
|00003d60| 69 72 65 63 74 6f 72 79 | 20 63 61 6e 20 62 65 20 |irectory| can be |
|00003d70| 63 68 61 6e 67 65 64 20 | 75 73 65 64 20 74 68 65 |changed |used the|
|00003d80| 0a 5c 74 65 78 74 74 74 | 7b 4c 6f 67 44 69 72 7d |.\texttt|{LogDir}|
|00003d90| 20 65 6e 76 69 72 6f 6e | 6d 65 6e 74 20 76 61 72 | environ|ment var|
|00003da0| 69 61 62 6c 65 2e 20 59 | 6f 75 20 63 61 6e 20 75 |iable. Y|ou can u|
|00003db0| 73 65 20 74 68 65 20 5c | 74 65 78 74 74 74 7b 6d |se the \|texttt{m|
|00003dc0| 73 66 6c 6f 67 64 75 6d | 70 7d 0a 75 74 69 6c 69 |sflogdum|p}.utili|
|00003dd0| 74 79 20 74 6f 20 76 69 | 65 77 20 74 68 65 20 67 |ty to vi|ew the g|
|00003de0| 65 6e 65 72 61 74 65 64 | 20 73 65 73 73 69 6f 6e |enerated| session|
|00003df0| 20 6c 6f 67 73 2e 20 54 | 68 65 73 65 20 6c 6f 67 | logs. T|hese log|
|00003e00| 73 20 63 6f 6e 74 61 69 | 6e 20 74 68 65 20 63 6f |s contai|n the co|
|00003e10| 6d 70 6c 65 74 65 0a 65 | 6e 76 69 72 6f 6e 6d 65 |mplete.e|nvironme|
|00003e20| 6e 74 20 66 6f 72 20 74 | 68 65 20 65 78 70 6c 6f |nt for t|he explo|
|00003e30| 69 74 20 61 73 20 77 65 | 6c 6c 20 61 73 20 70 65 |it as we|ll as pe|
|00003e40| 72 2d 70 61 63 6b 65 74 | 20 74 69 6d 65 73 74 61 |r-packet| timesta|
|00003e50| 6d 70 73 2e 20 0a 0a 09 | 5c 73 75 62 73 65 63 74 |mps. ...|\subsect|
|00003e60| 69 6f 6e 7b 4c 6f 67 44 | 69 72 7d 0a 5c 70 61 72 |ion{LogD|ir}.\par|
|00003e70| 0a 54 68 69 73 20 6f 70 | 74 69 6f 6e 20 73 70 65 |.This op|tion spe|
|00003e80| 63 69 66 69 65 73 20 77 | 68 61 74 20 64 69 72 65 |cifies w|hat dire|
|00003e90| 63 74 6f 72 79 20 74 68 | 65 20 6c 6f 67 20 66 69 |ctory th|e log fi|
|00003ea0| 6c 65 73 20 73 68 6f 75 | 6c 64 20 62 65 20 73 74 |les shou|ld be st|
|00003eb0| 6f 72 65 64 20 69 6e 2e | 20 49 74 0a 64 65 66 61 |ored in.| It.defa|
|00003ec0| 75 6c 74 73 20 74 6f 20 | 7e 2f 2e 6d 73 66 2f 6c |ults to |~/.msf/l|
|00003ed0| 6f 67 73 2e 20 54 68 65 | 72 65 20 61 72 65 20 74 |ogs. The|re are t|
|00003ee0| 77 6f 20 74 79 70 65 73 | 20 6f 66 20 6c 6f 67 20 |wo types| of log |
|00003ef0| 66 69 6c 65 73 2c 20 74 | 68 65 20 6d 73 66 63 6f |files, t|he msfco|
|00003f00| 6e 73 6f 6c 65 20 6c 6f | 67 20 61 6e 64 20 74 68 |nsole lo|g and th|
|00003f10| 65 0a 73 65 73 73 69 6f | 6e 20 6c 6f 67 73 2e 20 |e.sessio|n logs. |
|00003f20| 54 68 65 20 6d 73 66 63 | 6f 6e 73 6f 6c 65 2e 6c |The msfc|onsole.l|
|00003f30| 6f 67 20 77 69 6c 6c 20 | 72 65 63 6f 72 64 20 65 |og will |record e|
|00003f40| 61 63 68 20 73 69 67 6e | 69 66 69 63 61 6e 74 20 |ach sign|ificant |
|00003f50| 61 63 74 69 6f 6e 20 70 | 65 72 66 6f 72 6d 65 64 |action p|erformed|
|00003f60| 20 62 79 20 74 68 65 0a | 63 6f 6e 73 6f 6c 65 20 | by the.|console |
|00003f70| 69 6e 74 65 72 66 61 63 | 65 2e 20 53 74 61 72 74 |interfac|e. Start|
|00003f80| 69 6e 67 20 77 69 74 68 | 20 76 65 72 73 69 6f 6e |ing with| version|
|00003f90| 20 32 2e 34 2c 20 74 68 | 65 20 5c 74 65 78 74 74 | 2.4, th|e \textt|
|00003fa0| 74 7b 6d 73 66 63 6f 6e | 73 6f 6c 65 7d 20 69 6e |t{msfcon|sole} in|
|00003fb0| 74 65 72 66 61 63 65 20 | 77 69 6c 6c 0a 72 65 63 |terface |will.rec|
|00003fc0| 6f 72 64 20 77 68 65 6e | 20 69 74 20 77 61 73 20 |ord when| it was |
|00003fd0| 73 74 61 72 74 65 64 2c | 20 73 74 6f 70 70 65 64 |started,| stopped|
|00003fe0| 2c 20 61 6e 64 20 77 68 | 61 74 20 73 79 73 74 65 |, and wh|at syste|
|00003ff0| 6d 20 63 6f 6d 6d 61 6e | 64 73 20 77 65 72 65 20 |m comman|ds were |
|00004000| 65 78 65 63 75 74 65 64 | 2e 20 41 0a 6e 65 77 20 |executed|. A.new |
|00004010| 73 65 73 73 69 6f 6e 20 | 6c 6f 67 20 77 69 6c 6c |session |log will|
|00004020| 20 62 65 20 63 72 65 61 | 74 65 64 20 66 6f 72 20 | be crea|ted for |
|00004030| 65 61 63 68 20 73 75 63 | 63 65 73 73 66 75 6c 20 |each suc|cessful |
|00004040| 65 78 70 6c 6f 69 74 20 | 61 74 74 65 6d 70 74 2e |exploit |attempt.|
|00004050| 20 0a 0a 09 5c 73 75 62 | 73 65 63 74 69 6f 6e 7b | ...\sub|section{|
|00004060| 45 6e 63 6f 64 65 72 7d | 0a 5c 70 61 72 0a 54 68 |Encoder}|.\par.Th|
|00004070| 69 73 20 76 61 72 69 61 | 62 6c 65 20 63 61 6e 20 |is varia|ble can |
|00004080| 62 65 20 73 65 74 20 74 | 6f 20 61 20 63 6f 6d 6d |be set t|o a comm|
|00004090| 61 20 73 65 70 61 72 61 | 74 65 64 20 6c 69 73 74 |a separa|ted list|
|000040a0| 20 6f 66 20 70 72 65 66 | 65 72 72 65 64 20 45 6e | of pref|erred En|
|000040b0| 63 6f 64 65 72 73 2e 20 | 54 68 65 0a 46 72 61 6d |coders. |The.Fram|
|000040c0| 65 77 6f 72 6b 20 77 69 | 6c 6c 20 74 72 79 20 74 |ework wi|ll try t|
|000040d0| 68 69 73 20 6c 69 73 74 | 20 6f 66 20 45 6e 63 6f |his list| of Enco|
|000040e0| 64 65 72 73 20 66 69 72 | 73 74 20 28 69 6e 20 6f |ders fir|st (in o|
|000040f0| 72 64 65 72 29 2c 20 61 | 6e 64 20 74 68 65 6e 20 |rder), a|nd then |
|00004100| 66 61 6c 6c 20 74 68 72 | 6f 75 67 68 0a 74 6f 20 |fall thr|ough.to |
|00004110| 61 6e 79 20 72 65 6d 61 | 69 6e 69 6e 67 20 45 6e |any rema|ining En|
|00004120| 63 6f 64 65 72 73 2e 20 | 54 68 65 20 45 6e 63 6f |coders. |The Enco|
|00004130| 64 65 72 73 20 63 61 6e | 20 62 65 20 6c 69 73 74 |ders can| be list|
|00004140| 65 64 20 77 69 74 68 20 | 5c 74 65 78 74 74 74 7b |ed with |\texttt{|
|00004150| 73 68 6f 77 20 65 6e 63 | 6f 64 65 72 73 7d 2e 20 |show enc|oders}. |
|00004160| 20 0a 0a 5c 62 65 67 69 | 6e 7b 76 65 72 62 61 74 | ..\begi|n{verbat|
|00004170| 69 6d 7d 0a 6d 73 66 3e | 20 73 65 74 20 45 6e 63 |im}.msf>| set Enc|
|00004180| 6f 64 65 72 20 53 68 69 | 6b 61 74 61 47 61 4e 61 |oder Shi|kataGaNa|
|00004190| 69 0a 5c 65 6e 64 7b 76 | 65 72 62 61 74 69 6d 7d |i.\end{v|erbatim}|
|000041a0| 0a 0a 09 5c 73 75 62 73 | 65 63 74 69 6f 6e 7b 45 |...\subs|ection{E|
|000041b0| 6e 63 6f 64 65 72 44 6f | 6e 74 46 61 6c 6c 54 68 |ncoderDo|ntFallTh|
|000041c0| 72 6f 75 67 68 7d 0a 5c | 70 61 72 0a 54 68 69 73 |rough}.\|par.This|
|000041d0| 20 6f 70 74 69 6f 6e 20 | 74 65 6c 6c 73 20 74 68 | option |tells th|
|000041e0| 65 20 46 72 61 6d 65 77 | 6f 72 6b 20 74 6f 20 6e |e Framew|ork to n|
|000041f0| 6f 74 20 66 61 6c 6c 20 | 74 68 72 6f 75 67 68 20 |ot fall |through |
|00004200| 74 6f 20 72 65 6d 61 69 | 6e 69 6e 67 20 45 6e 63 |to remai|ning Enc|
|00004210| 6f 64 65 72 73 20 69 66 | 20 74 68 65 0a 65 6e 74 |oders if| the.ent|
|00004220| 69 72 65 20 70 72 65 66 | 65 72 72 65 64 20 6c 69 |ire pref|erred li|
|00004230| 73 74 20 66 61 69 6c 73 | 2e 20 20 54 68 69 73 20 |st fails|.  This |
|00004240| 69 73 20 75 73 65 66 75 | 6c 20 66 6f 72 20 6b 65 |is usefu|l for ke|
|00004250| 65 70 69 6e 67 20 79 6f | 75 72 20 73 74 65 61 6c |eping yo|ur steal|
|00004260| 74 68 69 6e 65 73 73 20 | 6f 6e 20 61 0a 6e 65 74 |thiness |on a.net|
|00004270| 77 6f 72 6b 20 61 6e 64 | 20 6e 6f 74 20 61 63 63 |work and| not acc|
|00004280| 69 64 65 6e 74 61 6c 6c | 79 20 66 61 6c 6c 69 6e |identall|y fallin|
|00004290| 67 20 74 68 72 6f 75 67 | 68 20 74 6f 20 61 6e 20 |g throug|h to an |
|000042a0| 75 6e 77 61 6e 74 65 64 | 20 45 6e 63 6f 64 65 72 |unwanted| Encoder|
|000042b0| 20 62 65 63 61 75 73 65 | 0a 79 6f 75 72 20 70 72 | because|.your pr|
|000042c0| 65 66 65 72 72 65 64 20 | 45 6e 63 6f 64 65 72 20 |eferred |Encoder |
|000042d0| 66 61 69 6c 65 64 2e 20 | 20 0a 0a 09 5c 73 75 62 |failed. | ...\sub|
|000042e0| 73 65 63 74 69 6f 6e 7b | 4e 6f 70 7d 0a 5c 70 61 |section{|Nop}.\pa|
|000042f0| 72 0a 54 68 69 73 20 68 | 61 73 20 74 68 65 20 73 |r.This h|as the s|
|00004300| 61 6d 65 20 62 65 68 61 | 76 69 6f 72 20 61 73 20 |ame beha|vior as |
|00004310| 74 68 65 20 45 6e 63 6f | 64 65 72 20 65 6e 74 72 |the Enco|der entr|
|00004320| 79 20 61 62 6f 76 65 2c | 20 65 78 63 65 70 74 20 |y above,| except |
|00004330| 69 74 20 69 73 20 75 73 | 65 64 20 74 6f 0a 73 70 |it is us|ed to.sp|
|00004340| 65 63 69 66 79 20 74 68 | 65 20 6c 69 73 74 20 6f |ecify th|e list o|
|00004350| 66 20 70 72 65 66 65 72 | 72 65 64 20 4e 6f 70 20 |f prefer|red Nop |
|00004360| 67 65 6e 65 72 61 74 6f | 72 20 6d 6f 64 75 6c 65 |generato|r module|
|00004370| 73 2e 20 54 68 65 20 4e | 6f 70 20 67 65 6e 65 72 |s. The N|op gener|
|00004380| 61 74 6f 72 73 20 63 61 | 6e 20 62 65 0a 6c 69 73 |ators ca|n be.lis|
|00004390| 74 65 64 20 77 69 74 68 | 20 5c 74 65 78 74 74 74 |ted with| \texttt|
|000043a0| 7b 73 68 6f 77 20 6e 6f | 70 73 7d 2e 20 20 0a 0a |{show no|ps}.  ..|
|000043b0| 5c 62 65 67 69 6e 7b 76 | 65 72 62 61 74 69 6d 7d |\begin{v|erbatim}|
|000043c0| 0a 6d 73 66 3e 20 73 65 | 74 20 4e 6f 70 20 4f 70 |.msf> se|t Nop Op|
|000043d0| 74 79 0a 5c 65 6e 64 7b | 76 65 72 62 61 74 69 6d |ty.\end{|verbatim|
|000043e0| 7d 0a 0a 09 5c 73 75 62 | 73 65 63 74 69 6f 6e 7b |}...\sub|section{|
|000043f0| 4e 6f 70 44 6f 6e 74 46 | 61 6c 6c 54 68 72 6f 75 |NopDontF|allThrou|
|00004400| 67 68 7d 0a 5c 70 61 72 | 0a 54 68 69 73 20 6f 70 |gh}.\par|.This op|
|00004410| 74 69 6f 6e 20 68 61 73 | 20 74 68 65 20 73 61 6d |tion has| the sam|
|00004420| 65 20 62 65 68 61 76 69 | 6f 72 20 61 73 20 5c 74 |e behavi|or as \t|
|00004430| 65 78 74 74 74 7b 45 6e | 63 6f 64 65 72 44 6f 6e |exttt{En|coderDon|
|00004440| 74 46 61 6c 6c 54 68 72 | 6f 75 67 68 7d 2c 20 65 |tFallThr|ough}, e|
|00004450| 78 63 65 70 74 20 69 74 | 0a 61 70 70 6c 69 65 73 |xcept it|.applies|
|00004460| 20 74 6f 20 74 68 65 20 | 4e 6f 70 20 70 72 65 66 | to the |Nop pref|
|00004470| 65 72 72 65 64 20 6c 69 | 73 74 2e 20 0a 0a 09 5c |erred li|st. ...\|
|00004480| 73 75 62 73 65 63 74 69 | 6f 6e 7b 52 61 6e 64 6f |subsecti|on{Rando|
|00004490| 6d 4e 6f 70 73 7d 0a 5c | 70 61 72 0a 54 68 69 73 |mNops}.\|par.This|
|000044a0| 20 6f 70 74 69 6f 6e 20 | 61 6c 6c 6f 77 73 20 72 | option |allows r|
|000044b0| 61 6e 64 6f 6d 69 7a 65 | 64 20 6e 6f 70 20 73 6c |andomize|d nop sl|
|000044c0| 65 64 73 20 74 6f 20 62 | 65 20 75 73 65 64 20 69 |eds to b|e used i|
|000044d0| 6e 73 74 65 61 64 20 6f | 66 20 74 68 65 20 73 74 |nstead o|f the st|
|000044e0| 61 6e 64 61 72 64 20 6e | 6f 70 0a 6f 70 63 6f 64 |andard n|op.opcod|
|000044f0| 65 2e 20 52 61 6e 64 6f | 6d 4e 6f 70 73 20 73 68 |e. Rando|mNops sh|
|00004500| 6f 75 6c 64 20 62 65 20 | 73 74 61 62 6c 65 20 77 |ould be |stable w|
|00004510| 69 74 68 20 61 6c 6c 20 | 65 78 70 6c 6f 69 74 20 |ith all |exploit |
|00004520| 6d 6f 64 75 6c 65 73 20 | 69 6e 63 6c 75 64 65 64 |modules |included|
|00004530| 20 69 6e 20 74 68 65 0a | 46 72 61 6d 65 77 6f 72 | in the.|Framewor|
|00004540| 6b 20 61 6e 64 20 69 73 | 20 6e 6f 77 20 65 6e 61 |k and is| now ena|
|00004550| 62 6c 65 64 20 62 79 20 | 64 65 66 61 75 6c 74 2e |bled by |default.|
|00004560| 20 4e 6f 74 20 61 6c 6c | 20 61 72 63 68 69 74 65 | Not all| archite|
|00004570| 63 74 75 72 65 73 20 61 | 6e 64 20 6e 6f 70 20 67 |ctures a|nd nop g|
|00004580| 65 6e 65 72 61 74 6f 72 | 0a 6d 6f 64 75 6c 65 73 |enerator|.modules|
|00004590| 20 73 75 70 70 6f 72 74 | 20 72 61 6e 64 6f 6d 69 | support| randomi|
|000045a0| 7a 61 74 69 6f 6e 2e 0a | 0a 09 5c 73 75 62 73 65 |zation..|..\subse|
|000045b0| 63 74 69 6f 6e 7b 43 6f | 6e 6e 65 63 74 54 69 6d |ction{Co|nnectTim|
|000045c0| 65 6f 75 74 7d 0a 5c 70 | 61 72 0a 54 68 69 73 20 |eout}.\p|ar.This |
|000045d0| 6f 70 74 69 6f 6e 20 61 | 6c 6c 6f 77 73 20 79 6f |option a|llows yo|
|000045e0| 75 20 74 6f 20 73 70 65 | 63 69 66 79 20 74 68 65 |u to spe|cify the|
|000045f0| 20 63 6f 6e 6e 65 63 74 | 20 74 69 6d 65 6f 75 74 | connect| timeout|
|00004600| 20 66 6f 72 20 54 43 50 | 20 73 6f 63 6b 65 74 73 | for TCP| sockets|
|00004610| 2e 20 54 68 69 73 0a 76 | 61 6c 75 65 20 64 65 66 |. This.v|alue def|
|00004620| 61 75 6c 74 73 20 74 6f | 20 31 30 20 61 6e 64 20 |aults to| 10 and |
|00004630| 6d 61 79 20 6e 65 65 64 | 20 74 6f 20 62 65 20 69 |may need| to be i|
|00004640| 6e 63 72 65 61 73 65 64 | 20 74 6f 20 65 78 70 6c |ncreased| to expl|
|00004650| 6f 69 74 20 73 79 73 74 | 65 6d 73 20 61 63 72 6f |oit syst|ems acro|
|00004660| 73 73 20 73 6c 6f 77 20 | 6c 69 6e 6b 73 2e 20 0a |ss slow |links. .|
|00004670| 0a 09 5c 73 75 62 73 65 | 63 74 69 6f 6e 7b 52 65 |..\subse|ction{Re|
|00004680| 63 76 54 69 6d 65 6f 75 | 74 7d 0a 5c 70 61 72 0a |cvTimeou|t}.\par.|
|00004690| 54 68 69 73 20 6f 70 74 | 69 6f 6e 20 73 70 65 63 |This opt|ion spec|
|000046a0| 69 66 69 65 73 20 74 68 | 65 20 6d 61 78 69 6d 75 |ifies th|e maximu|
|000046b0| 6d 20 6e 75 6d 62 65 72 | 20 6f 66 20 73 65 63 6f |m number| of seco|
|000046c0| 6e 64 73 20 61 6c 6c 6f | 77 65 64 20 66 6f 72 20 |nds allo|wed for |
|000046d0| 73 6f 63 6b 65 74 20 72 | 65 61 64 73 0a 74 68 61 |socket r|eads.tha|
|000046e0| 74 20 73 70 65 63 69 66 | 69 65 64 20 74 68 65 20 |t specif|ied the |
|000046f0| 73 70 65 63 69 61 6c 20 | 6c 65 6e 67 74 68 20 76 |special |length v|
|00004700| 61 6c 75 65 20 6f 66 20 | 2d 31 2e 20 54 68 69 73 |alue of |-1. This|
|00004710| 20 6d 61 79 20 6e 65 65 | 64 20 74 6f 20 62 65 20 | may nee|d to be |
|00004720| 69 6e 63 72 65 61 73 65 | 64 20 69 66 0a 79 6f 75 |increase|d if.you|
|00004730| 20 61 72 65 20 65 78 70 | 6c 6f 69 74 69 6e 67 20 | are exp|loiting |
|00004740| 73 79 73 74 65 6d 73 20 | 6f 76 65 72 20 61 20 73 |systems |over a s|
|00004750| 6c 6f 77 20 6c 69 6e 6b | 20 61 6e 64 20 72 75 6e |low link| and run|
|00004760| 6e 69 6e 67 20 69 6e 74 | 6f 20 70 72 6f 62 6c 65 |ning int|o proble|
|00004770| 6d 73 2e 20 0a 0a 09 5c | 73 75 62 73 65 63 74 69 |ms. ...\|subsecti|
|00004780| 6f 6e 7b 52 65 63 76 54 | 69 6d 65 6f 75 74 4c 6f |on{RecvT|imeoutLo|
|00004790| 6f 70 7d 0a 5c 70 61 72 | 0a 54 68 69 73 20 6f 70 |op}.\par|.This op|
|000047a0| 74 69 6f 6e 20 73 70 65 | 63 69 66 69 65 73 20 74 |tion spe|cifies t|
|000047b0| 68 65 20 6d 61 78 69 6d | 75 6d 20 6e 75 6d 62 65 |he maxim|um numbe|
|000047c0| 72 20 6f 66 20 73 65 63 | 6f 6e 64 73 20 74 6f 20 |r of sec|onds to |
|000047d0| 77 61 69 74 20 66 6f 72 | 20 64 61 74 61 20 6f 6e |wait for| data on|
|000047e0| 20 61 20 73 6f 63 6b 65 | 74 0a 62 65 66 6f 72 65 | a socke|t.before|
|000047f0| 20 72 65 74 75 72 6e 69 | 6e 67 20 69 74 2e 20 45 | returni|ng it. E|
|00004800| 61 63 68 20 74 69 6d 65 | 20 74 68 61 74 20 64 61 |ach time| that da|
|00004810| 74 61 20 69 73 20 72 65 | 63 65 69 76 65 64 20 77 |ta is re|ceived w|
|00004820| 69 74 68 69 6e 20 74 68 | 69 73 20 70 65 72 69 6f |ithin th|is perio|
|00004830| 64 2c 20 74 68 65 0a 6c | 6f 6f 70 20 73 74 61 72 |d, the.l|oop star|
|00004840| 74 73 20 61 67 61 69 6e | 2e 20 54 68 69 73 20 6d |ts again|. This m|
|00004850| 61 79 20 6e 65 65 64 20 | 74 6f 20 62 65 20 69 6e |ay need |to be in|
|00004860| 63 72 65 61 73 65 64 20 | 69 66 20 79 6f 75 20 61 |creased |if you a|
|00004870| 72 65 20 65 78 70 6c 6f | 69 74 69 6e 67 20 73 79 |re explo|iting sy|
|00004880| 73 74 65 6d 73 0a 6f 76 | 65 72 20 61 20 73 6c 6f |stems.ov|er a slo|
|00004890| 77 20 6c 69 6e 6b 20 61 | 6e 64 20 72 75 6e 6e 69 |w link a|nd runni|
|000048a0| 6e 67 20 69 6e 74 6f 20 | 70 72 6f 62 6c 65 6d 73 |ng into |problems|
|000048b0| 2e 20 20 0a 0a 09 5c 73 | 75 62 73 65 63 74 69 6f |.  ...\s|ubsectio|
|000048c0| 6e 7b 50 72 6f 78 69 65 | 73 7d 0a 5c 70 61 72 0a |n{Proxie|s}.\par.|
|000048d0| 54 68 69 73 20 65 6e 76 | 69 72 6f 6e 6d 65 6e 74 |This env|ironment|
|000048e0| 20 76 61 72 69 61 62 6c | 65 20 66 6f 72 63 65 73 | variabl|e forces|
|000048f0| 20 61 6c 6c 20 54 43 50 | 20 73 6f 63 6b 65 74 73 | all TCP| sockets|
|00004900| 20 74 6f 20 67 6f 20 74 | 68 72 6f 75 67 68 20 74 | to go t|hrough t|
|00004910| 68 65 20 73 70 65 63 69 | 66 69 65 64 0a 70 72 6f |he speci|fied.pro|
|00004920| 78 79 20 63 68 61 69 6e | 2e 20 54 68 65 20 66 6f |xy chain|. The fo|
|00004930| 72 6d 61 74 20 6f 66 20 | 74 68 65 20 63 68 61 69 |rmat of |the chai|
|00004940| 6e 20 74 79 70 65 3a 68 | 6f 73 74 3a 70 6f 72 74 |n type:h|ost:port|
|00004950| 20 66 6f 72 20 65 61 63 | 68 20 70 72 6f 78 79 2c | for eac|h proxy,|
|00004960| 20 73 65 70 61 72 61 74 | 65 64 20 62 79 0a 63 6f | separat|ed by.co|
|00004970| 6d 6d 61 73 2e 20 54 68 | 69 73 20 72 65 6c 65 61 |mmas. Th|is relea|
|00004980| 73 65 20 69 6e 63 6c 75 | 64 65 73 20 73 75 70 70 |se inclu|des supp|
|00004990| 6f 72 74 20 66 6f 72 20 | 73 6f 63 6b 73 34 20 61 |ort for |socks4 a|
|000049a0| 6e 64 20 68 74 74 70 20 | 70 72 6f 78 79 20 74 79 |nd http |proxy ty|
|000049b0| 70 65 73 2e 20 0a 0a 09 | 5c 73 75 62 73 65 63 74 |pes. ...|\subsect|
|000049c0| 69 6f 6e 7b 46 6f 72 63 | 65 53 53 4c 7d 0a 5c 70 |ion{Forc|eSSL}.\p|
|000049d0| 61 72 0a 54 68 69 73 20 | 65 6e 76 69 72 6f 6e 6d |ar.This |environm|
|000049e0| 65 6e 74 20 76 61 72 69 | 61 62 6c 65 20 66 6f 72 |ent vari|able for|
|000049f0| 63 65 73 20 61 6c 6c 20 | 54 43 50 20 73 6f 63 6b |ces all |TCP sock|
|00004a00| 65 74 73 20 74 6f 20 6e | 65 67 6f 74 69 61 74 65 |ets to n|egotiate|
|00004a10| 20 74 68 65 20 53 53 4c | 20 70 72 6f 74 6f 63 6f | the SSL| protoco|
|00004a20| 6c 2e 0a 54 68 69 73 20 | 69 73 20 6f 6e 6c 79 20 |l..This |is only |
|00004a30| 75 73 65 66 75 6c 20 77 | 68 65 6e 20 61 6e 20 65 |useful w|hen an e|
|00004a40| 78 70 6c 6f 69 74 20 6d | 6f 64 75 6c 65 20 64 6f |xploit m|odule do|
|00004a50| 65 73 20 6e 6f 74 20 70 | 72 6f 76 69 64 65 20 74 |es not p|rovide t|
|00004a60| 68 65 20 5c 74 65 78 74 | 74 74 7b 53 53 4c 7d 0a |he \text|tt{SSL}.|
|00004a70| 75 73 65 72 20 6f 70 74 | 69 6f 6e 2e 20 20 0a 0a |user opt|ion.  ..|
|00004a80| 09 5c 73 75 62 73 65 63 | 74 69 6f 6e 7b 55 64 70 |.\subsec|tion{Udp|
|00004a90| 53 6f 75 72 63 65 49 70 | 7d 0a 5c 70 61 72 0a 54 |SourceIp|}.\par.T|
|00004aa0| 68 69 73 20 65 6e 76 69 | 72 6f 6e 6d 65 6e 74 20 |his envi|ronment |
|00004ab0| 76 61 72 69 61 62 6c 65 | 20 63 61 6e 20 62 65 20 |variable| can be |
|00004ac0| 75 73 65 64 20 74 6f 20 | 63 6f 6e 74 72 6f 6c 20 |used to |control |
|00004ad0| 74 68 65 20 73 6f 75 72 | 63 65 20 49 50 20 61 64 |the sour|ce IP ad|
|00004ae0| 64 72 65 73 73 20 66 72 | 6f 6d 0a 77 68 69 63 68 |dress fr|om.which|
|00004af0| 20 61 6c 6c 20 55 44 50 | 20 64 61 74 61 67 72 61 | all UDP| datagra|
|00004b00| 6d 73 20 61 72 65 20 73 | 65 6e 74 2e 20 54 68 69 |ms are s|ent. Thi|
|00004b10| 73 20 6f 70 74 69 6f 6e | 20 69 73 20 6f 6e 6c 79 |s option| is only|
|00004b20| 20 65 66 66 65 63 74 69 | 76 65 20 77 68 65 6e 20 | effecti|ve when |
|00004b30| 75 73 65 64 20 77 69 74 | 68 20 61 0a 55 44 50 2d |used wit|h a.UDP-|
|00004b40| 62 61 73 65 64 20 65 78 | 70 6c 6f 69 74 20 28 4d |based ex|ploit (M|
|00004b50| 53 53 51 4c 2c 20 49 53 | 53 2c 20 65 74 63 29 2e |SSQL, IS|S, etc).|
|00004b60| 20 54 68 69 73 20 6f 70 | 74 69 6f 6e 20 64 65 70 | This op|tion dep|
|00004b70| 65 6e 64 73 20 6f 6e 20 | 62 65 69 6e 67 20 61 62 |ends on |being ab|
|00004b80| 6c 65 20 74 6f 20 6f 70 | 65 6e 20 61 0a 72 61 77 |le to op|en a.raw|
|00004b90| 20 73 6f 63 6b 65 74 3b | 20 73 6f 6d 65 74 68 69 | socket;| somethi|
|00004ba0| 6e 67 20 74 68 61 74 20 | 69 73 20 6e 6f 72 6d 61 |ng that |is norma|
|00004bb0| 6c 6c 79 20 6f 6e 6c 79 | 20 61 76 61 69 6c 61 62 |lly only| availab|
|00004bc0| 6c 65 20 74 6f 20 74 68 | 65 20 72 6f 6f 74 20 6f |le to th|e root o|
|00004bd0| 72 0a 61 64 6d 69 6e 69 | 73 74 72 61 74 69 76 65 |r.admini|strative|
|00004be0| 20 75 73 65 72 2e 20 41 | 73 20 6f 66 20 74 68 65 | user. A|s of the|
|00004bf0| 20 32 2e 32 20 72 65 6c | 65 61 73 65 2c 20 74 68 | 2.2 rel|ease, th|
|00004c00| 69 73 20 66 65 61 74 75 | 72 65 20 69 73 20 6e 6f |is featu|re is no|
|00004c10| 74 20 77 6f 72 6b 69 6e | 67 20 77 69 74 68 20 74 |t workin|g with t|
|00004c20| 68 65 0a 43 79 67 77 69 | 6e 20 65 6e 76 69 72 6f |he.Cygwi|n enviro|
|00004c30| 6e 6d 65 6e 74 2e 20 0a | 0a 09 5c 73 75 62 73 65 |nment. .|..\subse|
|00004c40| 63 74 69 6f 6e 7b 4e 69 | 6e 6a 61 48 6f 73 74 7d |ction{Ni|njaHost}|
|00004c50| 0a 5c 70 61 72 0a 54 68 | 69 73 20 65 6e 76 69 72 |.\par.Th|is envir|
|00004c60| 6f 6e 6d 65 6e 74 20 76 | 61 72 69 61 62 6c 65 20 |onment v|ariable |
|00004c70| 63 61 6e 20 62 65 20 75 | 73 65 64 20 72 65 64 69 |can be u|sed redi|
|00004c80| 72 65 63 74 20 61 6c 6c | 20 70 61 79 6c 6f 61 64 |rect all| payload|
|00004c90| 20 63 6f 6e 6e 65 63 74 | 69 6f 6e 73 20 74 6f 20 | connect|ions to |
|00004ca0| 61 0a 73 6f 63 6b 65 74 | 4e 69 6e 6a 61 20 73 65 |a.socket|Ninja se|
|00004cb0| 72 76 65 72 2e 20 54 68 | 69 73 20 76 61 6c 75 65 |rver. Th|is value|
|00004cc0| 20 73 68 6f 75 6c 64 20 | 62 65 20 74 68 65 20 49 | should |be the I|
|00004cd0| 50 20 61 64 64 72 65 73 | 73 20 6f 66 20 74 68 65 |P addres|s of the|
|00004ce0| 20 73 79 73 74 65 6d 20 | 72 75 6e 6e 69 6e 67 0a | system |running.|
|00004cf0| 74 68 65 20 73 6f 63 6b | 65 74 4e 69 6e 6a 61 20 |the sock|etNinja |
|00004d00| 63 6f 6e 73 6f 6c 65 20 | 28 70 65 72 6c 20 73 6f |console |(perl so|
|00004d10| 63 6b 65 63 74 4e 69 6e | 6a 61 2e 70 6c 20 2d 64 |ckectNin|ja.pl -d|
|00004d20| 29 2e 20 20 0a 0a 09 5c | 73 75 62 73 65 63 74 69 |).  ...\|subsecti|
|00004d30| 6f 6e 7b 4e 69 6e 6a 61 | 50 6f 72 74 7d 0a 5c 70 |on{Ninja|Port}.\p|
|00004d40| 61 72 0a 54 68 69 73 20 | 65 6e 76 69 72 6f 6e 6d |ar.This |environm|
|00004d50| 65 6e 74 20 76 61 72 69 | 61 62 6c 65 20 63 61 6e |ent vari|able can|
|00004d60| 20 62 65 20 75 73 65 64 | 20 77 69 74 68 20 74 68 | be used| with th|
|00004d70| 65 20 4e 69 6e 6a 61 48 | 6f 73 74 20 76 61 72 69 |e NinjaH|ost vari|
|00004d80| 61 62 6c 65 20 74 6f 20 | 72 65 64 69 72 65 63 74 |able to |redirect|
|00004d90| 0a 70 61 79 6c 6f 61 64 | 20 63 6f 6e 6e 65 63 74 |.payload| connect|
|00004da0| 69 6f 6e 73 20 74 6f 20 | 61 20 73 79 73 74 65 6d |ions to |a system|
|00004db0| 20 72 75 6e 6e 69 6e 67 | 20 74 68 65 20 73 6f 63 | running| the soc|
|00004dc0| 6b 65 74 4e 69 6e 6a 61 | 20 73 65 72 76 65 72 2e |ketNinja| server.|
|00004dd0| 20 54 68 69 73 20 76 61 | 6c 75 65 0a 73 68 6f 75 | This va|lue.shou|
|00004de0| 6c 64 20 62 65 20 74 68 | 65 20 70 6f 72 74 20 6e |ld be th|e port n|
|00004df0| 75 6d 62 65 72 20 6f 66 | 20 74 68 65 20 73 6f 63 |umber of| the soc|
|00004e00| 6b 65 74 4e 69 6e 6a 61 | 20 63 6f 6e 73 6f 6c 65 |ketNinja| console|
|00004e10| 2e 20 0a 0a 09 5c 73 75 | 62 73 65 63 74 69 6f 6e |. ...\su|bsection|
|00004e20| 7b 4e 69 6e 6a 61 44 6f | 6e 74 4b 69 6c 6c 7d 0a |{NinjaDo|ntKill}.|
|00004e30| 5c 70 61 72 0a 54 68 69 | 73 20 6f 70 74 69 6f 6e |\par.Thi|s option|
|00004e40| 20 63 61 6e 20 62 65 20 | 75 73 65 64 20 74 6f 20 | can be |used to |
|00004e50| 65 78 70 6c 6f 69 74 20 | 6d 75 6c 74 69 70 6c 65 |exploit |multiple|
|00004e60| 20 73 79 73 74 65 6d 73 | 20 61 74 20 6f 6e 63 65 | systems| at once|
|00004e70| 20 61 6e 64 20 69 73 20 | 70 61 72 74 69 63 75 6c | and is |particul|
|00004e80| 61 72 0a 75 73 65 66 75 | 6c 20 77 68 65 6e 20 66 |ar.usefu|l when f|
|00004e90| 69 72 69 6e 67 20 61 20 | 55 44 50 2d 62 61 73 65 |iring a |UDP-base|
|00004ea0| 64 20 65 78 70 6c 6f 69 | 74 20 61 74 20 61 20 6e |d exploi|t at a n|
|00004eb0| 65 74 77 6f 72 6b 20 62 | 72 6f 61 64 63 61 73 74 |etwork b|roadcast|
|00004ec0| 20 61 64 64 72 65 73 73 | 2e 20 0a 0a 09 5c 73 75 | address|. ...\su|
|00004ed0| 62 73 65 63 74 69 6f 6e | 7b 41 6c 74 65 72 6e 61 |bsection|{Alterna|
|00004ee0| 74 65 45 78 69 74 7d 0a | 5c 70 61 72 0a 54 68 69 |teExit}.|\par.Thi|
|00004ef0| 73 20 6f 70 74 69 6f 6e | 20 69 73 20 61 20 77 6f |s option| is a wo|
|00004f00| 72 6b 61 72 6f 75 6e 64 | 20 66 6f 72 20 61 20 62 |rkaround| for a b|
|00004f10| 75 67 20 66 6f 75 6e 64 | 20 69 6e 20 63 65 72 74 |ug found| in cert|
|00004f20| 61 69 6e 20 76 65 72 73 | 69 6f 6e 73 20 6f 66 20 |ain vers|ions of |
|00004f30| 74 68 65 20 50 65 72 6c | 0a 69 6e 74 65 72 70 72 |the Perl|.interpr|
|00004f40| 65 74 65 72 2e 20 49 66 | 20 74 68 65 20 5c 74 65 |eter. If| the \te|
|00004f50| 78 74 74 74 7b 6d 73 66 | 63 6f 6e 73 6f 6c 65 7d |xttt{msf|console}|
|00004f60| 20 69 6e 74 65 72 66 61 | 63 65 20 63 72 61 73 68 | interfa|ce crash|
|00004f70| 65 73 20 77 69 74 68 20 | 61 20 73 65 67 6d 65 6e |es with |a segmen|
|00004f80| 74 61 74 69 6f 6e 20 66 | 61 75 6c 74 20 6f 6e 0a |tation f|ault on.|
|00004f90| 65 78 69 74 2c 20 74 72 | 79 20 73 65 74 74 69 6e |exit, tr|y settin|
|00004fa0| 67 20 74 68 65 20 76 61 | 6c 75 65 20 6f 66 20 74 |g the va|lue of t|
|00004fb0| 68 69 73 20 76 61 72 69 | 61 62 6c 65 20 74 6f 20 |his vari|able to |
|00004fc0| 32 2e 20 0a 09 0a 5c 70 | 61 67 65 62 72 65 61 6b |2. ...\p|agebreak|
|00004fd0| 0a 0a 5c 63 68 61 70 74 | 65 72 7b 55 73 69 6e 67 |..\chapt|er{Using|
|00004fe0| 20 74 68 65 20 46 72 61 | 6d 65 77 6f 72 6b 7d 0a | the Fra|mework}.|
|00004ff0| 0a 0a 09 5c 73 65 63 74 | 69 6f 6e 7b 43 68 6f 6f |...\sect|ion{Choo|
|00005000| 73 69 6e 67 20 61 6e 20 | 45 78 70 6c 6f 69 74 20 |sing an |Exploit |
|00005010| 4d 6f 64 75 6c 65 7d 0a | 5c 70 61 72 0a 46 72 6f |Module}.|\par.Fro|
|00005020| 6d 20 74 68 65 20 5c 74 | 65 78 74 74 74 7b 6d 73 |m the \t|exttt{ms|
|00005030| 66 63 6f 6e 73 6f 6c 65 | 7d 20 69 6e 74 65 72 66 |fconsole|} interf|
|00005040| 61 63 65 2c 20 79 6f 75 | 20 6d 61 79 20 76 69 65 |ace, you| may vie|
|00005050| 77 20 74 68 65 20 61 76 | 61 69 6c 61 62 6c 65 20 |w the av|ailable |
|00005060| 65 78 70 6c 6f 69 74 20 | 6d 6f 64 75 6c 65 73 0a |exploit |modules.|
|00005070| 74 68 72 6f 75 67 68 20 | 77 69 74 68 20 74 68 65 |through |with the|
|00005080| 20 5c 74 65 78 74 74 74 | 7b 73 68 6f 77 20 65 78 | \texttt|{show ex|
|00005090| 70 6c 6f 69 74 73 7d 20 | 63 6f 6d 6d 61 6e 64 2e |ploits} |command.|
|000050a0| 20 53 65 6c 65 63 74 20 | 61 6e 20 65 78 70 6c 6f | Select |an explo|
|000050b0| 69 74 20 77 69 74 68 20 | 74 68 65 0a 5c 74 65 78 |it with |the.\tex|
|000050c0| 74 74 74 7b 75 73 65 7d | 20 63 6f 6d 6d 61 6e 64 |ttt{use}| command|
|000050d0| 2c 20 73 70 65 63 69 66 | 79 69 6e 67 20 74 68 65 |, specif|ying the|
|000050e0| 20 73 68 6f 72 74 20 6d | 6f 64 75 6c 65 20 6e 61 | short m|odule na|
|000050f0| 6d 65 20 61 73 20 74 68 | 65 20 61 72 67 75 6d 65 |me as th|e argume|
|00005100| 6e 74 2e 20 54 68 65 0a | 5c 74 65 78 74 74 74 7b |nt. The.|\texttt{|
|00005110| 69 6e 66 6f 7d 20 63 6f | 6d 6d 61 6e 64 20 63 61 |info} co|mmand ca|
|00005120| 6e 20 62 65 20 75 73 65 | 64 20 74 6f 20 76 69 65 |n be use|d to vie|
|00005130| 77 20 69 6e 66 6f 72 6d | 61 74 69 6f 6e 20 61 62 |w inform|ation ab|
|00005140| 6f 75 74 20 61 20 73 70 | 65 63 69 66 69 63 20 65 |out a sp|ecific e|
|00005150| 78 70 6c 6f 69 74 20 6d | 6f 64 75 6c 65 2e 20 0a |xploit m|odule. .|
|00005160| 0a 0a 09 5c 73 65 63 74 | 69 6f 6e 7b 43 6f 6e 66 |...\sect|ion{Conf|
|00005170| 69 67 75 72 69 6e 67 20 | 74 68 65 20 41 63 74 69 |iguring |the Acti|
|00005180| 76 65 20 45 78 70 6c 6f | 69 74 7d 0a 5c 70 61 72 |ve Explo|it}.\par|
|00005190| 0a 4f 6e 63 65 20 79 6f | 75 20 68 61 76 65 20 73 |.Once yo|u have s|
|000051a0| 65 6c 65 63 74 65 64 20 | 61 6e 20 65 78 70 6c 6f |elected |an explo|
|000051b0| 69 74 2c 20 74 68 65 20 | 6e 65 78 74 20 73 74 65 |it, the |next ste|
|000051c0| 70 20 69 73 20 74 6f 20 | 64 65 74 65 72 6d 69 6e |p is to |determin|
|000051d0| 65 20 77 68 61 74 20 6f | 70 74 69 6f 6e 73 20 69 |e what o|ptions i|
|000051e0| 74 0a 72 65 71 75 69 72 | 65 73 2e 20 54 68 69 73 |t.requir|es. This|
|000051f0| 20 63 61 6e 20 62 65 20 | 61 63 63 6f 6d 70 6c 69 | can be |accompli|
|00005200| 73 68 65 64 20 77 69 74 | 68 20 74 68 65 20 5c 74 |shed wit|h the \t|
|00005210| 65 78 74 74 74 7b 73 68 | 6f 77 20 6f 70 74 69 6f |exttt{sh|ow optio|
|00005220| 6e 73 7d 20 63 6f 6d 6d | 61 6e 64 2e 20 4d 6f 73 |ns} comm|and. Mos|
|00005230| 74 20 65 78 70 6c 6f 69 | 74 73 0a 75 73 65 20 5c |t exploi|ts.use \|
|00005240| 74 65 78 74 74 74 7b 52 | 48 4f 53 54 7d 20 74 6f |texttt{R|HOST} to|
|00005250| 20 73 70 65 63 69 66 79 | 20 74 68 65 20 74 61 72 | specify| the tar|
|00005260| 67 65 74 20 61 64 64 72 | 65 73 73 20 61 6e 64 20 |get addr|ess and |
|00005270| 5c 74 65 78 74 74 74 7b | 52 50 4f 52 54 7d 20 74 |\texttt{|RPORT} t|
|00005280| 6f 20 73 65 74 20 74 68 | 65 20 74 61 72 67 65 74 |o set th|e target|
|00005290| 20 70 6f 72 74 2e 20 55 | 73 65 0a 74 68 65 20 5c | port. U|se.the \|
|000052a0| 74 65 78 74 74 74 7b 73 | 65 74 7d 20 63 6f 6d 6d |texttt{s|et} comm|
|000052b0| 61 6e 64 20 74 6f 20 63 | 6f 6e 66 69 67 75 72 65 |and to c|onfigure|
|000052c0| 20 74 68 65 20 61 70 70 | 72 6f 70 72 69 61 74 65 | the app|ropriate|
|000052d0| 20 76 61 6c 75 65 73 20 | 66 6f 72 20 61 6c 6c 20 | values |for all |
|000052e0| 72 65 71 75 69 72 65 64 | 20 6f 70 74 69 6f 6e 73 |required| options|
|000052f0| 2e 20 49 66 0a 79 6f 75 | 20 68 61 76 65 20 61 6e |. If.you| have an|
|00005300| 79 20 71 75 65 73 74 69 | 6f 6e 73 20 61 62 6f 75 |y questi|ons abou|
|00005310| 74 20 77 68 61 74 20 61 | 20 67 69 76 65 6e 20 6f |t what a| given o|
|00005320| 70 74 69 6f 6e 20 64 6f | 65 73 2c 20 72 65 66 65 |ption do|es, refe|
|00005330| 72 20 74 6f 20 74 68 65 | 20 6d 6f 64 75 6c 65 0a |r to the| module.|
|00005340| 73 6f 75 72 63 65 20 63 | 6f 64 65 2e 20 41 64 76 |source c|ode. Adv|
|00005350| 61 6e 63 65 64 20 6f 70 | 74 69 6f 6e 73 20 61 72 |anced op|tions ar|
|00005360| 65 20 61 76 61 69 6c 61 | 62 6c 65 20 77 69 74 68 |e availa|ble with|
|00005370| 20 73 6f 6d 65 20 65 78 | 70 6c 6f 69 74 20 6d 6f | some ex|ploit mo|
|00005380| 64 75 6c 65 73 2c 20 74 | 68 65 73 65 20 63 61 6e |dules, t|hese can|
|00005390| 0a 62 65 20 76 69 65 77 | 65 64 20 77 69 74 68 20 |.be view|ed with |
|000053a0| 74 68 65 20 5c 74 65 78 | 74 74 74 7b 73 68 6f 77 |the \tex|ttt{show|
|000053b0| 20 61 64 76 61 6e 63 65 | 64 7d 20 63 6f 6d 6d 61 | advance|d} comma|
|000053c0| 6e 64 2e 20 0a 0a 09 5c | 73 65 63 74 69 6f 6e 7b |nd. ...\|section{|
|000053d0| 56 65 72 69 66 79 69 6e | 67 20 74 68 65 20 45 78 |Verifyin|g the Ex|
|000053e0| 70 6c 6f 69 74 20 4f 70 | 74 69 6f 6e 73 7d 0a 5c |ploit Op|tions}.\|
|000053f0| 70 61 72 09 0a 54 68 65 | 20 5c 74 65 78 74 74 74 |par..The| \texttt|
|00005400| 7b 63 68 65 63 6b 7d 20 | 63 6f 6d 6d 61 6e 64 20 |{check} |command |
|00005410| 63 61 6e 20 62 65 20 75 | 73 65 64 20 74 6f 20 64 |can be u|sed to d|
|00005420| 65 74 65 72 6d 69 6e 65 | 20 77 68 65 74 68 65 72 |etermine| whether|
|00005430| 20 74 68 65 20 74 61 72 | 67 65 74 20 73 79 73 74 | the tar|get syst|
|00005440| 65 6d 20 69 73 0a 76 75 | 6c 6e 65 72 61 62 6c 65 |em is.vu|lnerable|
|00005450| 20 74 6f 20 74 68 65 20 | 61 63 74 69 76 65 20 65 | to the |active e|
|00005460| 78 70 6c 6f 69 74 20 6d | 6f 64 75 6c 65 2e 20 54 |xploit m|odule. T|
|00005470| 68 69 73 20 69 73 20 61 | 20 71 75 69 63 6b 20 77 |his is a| quick w|
|00005480| 61 79 20 74 6f 20 76 65 | 72 69 66 79 20 74 68 61 |ay to ve|rify tha|
|00005490| 74 20 61 6c 6c 0a 6f 70 | 74 69 6f 6e 73 20 68 61 |t all.op|tions ha|
|000054a0| 76 65 20 62 65 65 6e 20 | 63 6f 72 72 65 63 74 6c |ve been |correctl|
|000054b0| 79 20 73 65 74 20 61 6e | 64 20 74 68 61 74 20 74 |y set an|d that t|
|000054c0| 68 65 20 74 61 72 67 65 | 74 20 69 73 20 61 63 74 |he targe|t is act|
|000054d0| 75 61 6c 6c 79 20 76 75 | 6c 6e 65 72 61 62 6c 65 |ually vu|lnerable|
|000054e0| 20 74 6f 0a 65 78 70 6c | 6f 69 74 61 74 69 6f 6e | to.expl|oitation|
|000054f0| 2e 20 4e 6f 74 20 61 6c | 6c 20 65 78 70 6c 6f 69 |. Not al|l exploi|
|00005500| 74 20 6d 6f 64 75 6c 65 | 73 20 68 61 76 65 20 69 |t module|s have i|
|00005510| 6d 70 6c 65 6d 65 6e 74 | 65 64 20 74 68 65 20 63 |mplement|ed the c|
|00005520| 68 65 63 6b 20 66 75 6e | 63 74 69 6f 6e 61 6c 69 |heck fun|ctionali|
|00005530| 74 79 2e 0a 49 6e 20 6d | 61 6e 79 20 63 61 73 65 |ty..In m|any case|
|00005540| 73 20 69 74 20 69 73 20 | 6e 65 61 72 6c 79 20 69 |s it is |nearly i|
|00005550| 6d 70 6f 73 73 69 62 6c | 65 20 74 6f 20 64 65 74 |mpossibl|e to det|
|00005560| 65 72 6d 69 6e 65 20 77 | 68 65 74 68 65 72 20 61 |ermine w|hether a|
|00005570| 20 73 65 72 76 69 63 65 | 20 69 73 0a 76 75 6c 6e | service| is.vuln|
|00005580| 65 72 61 62 6c 65 20 77 | 69 74 68 6f 75 74 20 61 |erable w|ithout a|
|00005590| 63 74 75 61 6c 6c 79 20 | 65 78 70 6c 6f 69 74 69 |ctually |exploiti|
|000055a0| 6e 67 20 69 74 2e 20 41 | 20 5c 74 65 78 74 74 74 |ng it. A| \texttt|
|000055b0| 7b 63 68 65 63 6b 7d 20 | 63 6f 6d 6d 61 6e 64 20 |{check} |command |
|000055c0| 73 68 6f 75 6c 64 20 6e | 65 76 65 72 20 72 65 73 |should n|ever res|
|000055d0| 75 6c 74 0a 69 6e 20 74 | 68 65 20 74 61 72 67 65 |ult.in t|he targe|
|000055e0| 74 20 73 79 73 74 65 6d | 20 63 72 61 73 68 69 6e |t system| crashin|
|000055f0| 67 20 6f 72 20 62 65 63 | 6f 6d 69 6e 67 20 75 6e |g or bec|oming un|
|00005600| 61 76 61 69 6c 61 62 6c | 65 2e 20 4d 61 6e 79 20 |availabl|e. Many |
|00005610| 6d 6f 64 75 6c 65 73 20 | 73 69 6d 70 6c 79 0a 64 |modules |simply.d|
|00005620| 69 73 70 6c 61 79 20 76 | 65 72 73 69 6f 6e 20 69 |isplay v|ersion i|
|00005630| 6e 66 6f 72 6d 61 74 69 | 6f 6e 20 61 6e 64 20 65 |nformati|on and e|
|00005640| 78 70 65 63 74 20 79 6f | 75 20 74 6f 20 61 6e 61 |xpect yo|u to ana|
|00005650| 6c 79 7a 65 20 69 74 20 | 62 65 66 6f 72 65 20 70 |lyze it |before p|
|00005660| 72 6f 63 65 65 64 69 6e | 67 2e 20 20 0a 0a 0a 09 |roceedin|g.  ....|
|00005670| 5c 73 65 63 74 69 6f 6e | 7b 53 65 6c 65 63 74 69 |\section|{Selecti|
|00005680| 6e 67 20 61 20 54 61 72 | 67 65 74 7d 0a 5c 70 61 |ng a Tar|get}.\pa|
|00005690| 72 0a 4d 61 6e 79 20 65 | 78 70 6c 6f 69 74 73 20 |r.Many e|xploits |
|000056a0| 77 69 6c 6c 20 72 65 71 | 75 69 72 65 20 74 68 65 |will req|uire the|
|000056b0| 20 5c 74 65 78 74 74 74 | 7b 54 41 52 47 45 54 7d | \texttt|{TARGET}|
|000056c0| 20 65 6e 76 69 72 6f 6e | 6d 65 6e 74 20 76 61 72 | environ|ment var|
|000056d0| 69 61 62 6c 65 20 74 6f | 20 62 65 20 73 65 74 20 |iable to| be set |
|000056e0| 74 6f 20 74 68 65 0a 69 | 6e 64 65 78 20 6e 75 6d |to the.i|ndex num|
|000056f0| 62 65 72 20 6f 66 20 74 | 68 65 20 64 65 73 69 72 |ber of t|he desir|
|00005700| 65 64 20 74 61 72 67 65 | 74 2e 20 54 68 65 20 5c |ed targe|t. The \|
|00005710| 74 65 78 74 74 74 7b 73 | 68 6f 77 20 74 61 72 67 |texttt{s|how targ|
|00005720| 65 74 73 7d 20 63 6f 6d | 6d 61 6e 64 20 77 69 6c |ets} com|mand wil|
|00005730| 6c 20 6c 69 73 74 20 61 | 6c 6c 0a 74 61 72 67 65 |l list a|ll.targe|
|00005740| 74 73 20 70 72 6f 76 69 | 64 65 64 20 62 79 20 74 |ts provi|ded by t|
|00005750| 68 65 20 65 78 70 6c 6f | 69 74 20 6d 6f 64 75 6c |he explo|it modul|
|00005760| 65 2e 20 4d 61 6e 79 20 | 65 78 70 6c 6f 69 74 73 |e. Many |exploits|
|00005770| 20 77 69 6c 6c 20 64 65 | 66 61 75 6c 74 20 74 6f | will de|fault to|
|00005780| 20 61 0a 62 72 75 74 65 | 2d 66 6f 72 63 65 20 74 | a.brute|-force t|
|00005790| 61 72 67 65 74 20 74 79 | 70 65 3b 20 74 68 69 73 |arget ty|pe; this|
|000057a0| 20 6d 61 79 20 6e 6f 74 | 20 62 65 20 64 65 73 69 | may not| be desi|
|000057b0| 72 61 62 6c 65 20 69 6e | 20 61 6c 6c 20 73 69 74 |rable in| all sit|
|000057c0| 75 61 74 69 6f 6e 73 2e | 20 0a 0a 09 5c 73 65 63 |uations.| ...\sec|
|000057d0| 74 69 6f 6e 7b 53 65 6c | 65 63 74 69 6e 67 20 74 |tion{Sel|ecting t|
|000057e0| 68 65 20 50 61 79 6c 6f | 61 64 7d 0a 5c 70 61 72 |he Paylo|ad}.\par|
|000057f0| 09 0a 54 68 65 20 70 61 | 79 6c 6f 61 64 20 69 73 |..The pa|yload is|
|00005800| 20 74 68 65 20 61 63 74 | 75 61 6c 20 63 6f 64 65 | the act|ual code|
|00005810| 20 74 68 61 74 20 77 69 | 6c 6c 20 72 75 6e 20 6f | that wi|ll run o|
|00005820| 6e 20 74 68 65 20 74 61 | 72 67 65 74 20 73 79 73 |n the ta|rget sys|
|00005830| 74 65 6d 20 61 66 74 65 | 72 20 61 0a 73 75 63 63 |tem afte|r a.succ|
|00005840| 65 73 73 66 75 6c 20 65 | 78 70 6c 6f 69 74 20 61 |essful e|xploit a|
|00005850| 74 74 65 6d 70 74 2e 20 | 55 73 65 20 74 68 65 20 |ttempt. |Use the |
|00005860| 5c 74 65 78 74 74 74 7b | 73 68 6f 77 20 70 61 79 |\texttt{|show pay|
|00005870| 6c 6f 61 64 73 7d 20 63 | 6f 6d 6d 61 6e 64 20 74 |loads} c|ommand t|
|00005880| 6f 20 6c 69 73 74 20 61 | 6c 6c 20 70 61 79 6c 6f |o list a|ll paylo|
|00005890| 61 64 73 0a 63 6f 6d 70 | 61 74 69 62 6c 65 20 77 |ads.comp|atible w|
|000058a0| 69 74 68 20 74 68 65 20 | 63 75 72 72 65 6e 74 20 |ith the |current |
|000058b0| 65 78 70 6c 6f 69 74 2e | 20 49 66 20 79 6f 75 20 |exploit.| If you |
|000058c0| 61 72 65 20 62 65 68 69 | 6e 64 20 61 20 66 69 72 |are behi|nd a fir|
|000058d0| 65 77 61 6c 6c 2c 20 79 | 6f 75 20 6d 61 79 20 77 |ewall, y|ou may w|
|000058e0| 61 6e 74 0a 74 6f 20 75 | 73 65 20 61 20 62 69 6e |ant.to u|se a bin|
|000058f0| 64 20 73 68 65 6c 6c 20 | 70 61 79 6c 6f 61 64 2c |d shell |payload,|
|00005900| 20 69 66 20 79 6f 75 72 | 20 74 61 72 67 65 74 20 | if your| target |
|00005910| 69 73 20 62 65 68 69 6e | 64 20 6f 6e 65 20 61 6e |is behin|d one an|
|00005920| 64 20 79 6f 75 20 61 72 | 65 20 6e 6f 74 2c 20 79 |d you ar|e not, y|
|00005930| 6f 75 0a 77 6f 75 6c 64 | 20 75 73 65 20 61 20 72 |ou.would| use a r|
|00005940| 65 76 65 72 73 65 20 63 | 6f 6e 6e 65 63 74 20 70 |everse c|onnect p|
|00005950| 61 79 6c 6f 61 64 2e 20 | 59 6f 75 20 63 61 6e 20 |ayload. |You can |
|00005960| 75 73 65 20 74 68 65 20 | 5c 74 65 78 74 74 74 7b |use the |\texttt{|
|00005970| 69 6e 66 6f 20 70 61 79 | 6c 6f 61 64 5c 5f 6e 61 |info pay|load\_na|
|00005980| 6d 65 7d 20 63 6f 6d 6d | 61 6e 64 0a 74 6f 20 76 |me} comm|and.to v|
|00005990| 69 65 77 20 64 65 74 61 | 69 6c 65 64 20 69 6e 66 |iew deta|iled inf|
|000059a0| 6f 72 6d 61 74 69 6f 6e | 20 61 62 6f 75 74 20 61 |ormation| about a|
|000059b0| 20 67 69 76 65 6e 20 70 | 61 79 6c 6f 61 64 2e 20 | given p|ayload. |
|000059c0| 20 0a 0a 5c 70 61 72 0a | 4f 6e 63 65 20 79 6f 75 | ..\par.|Once you|
|000059d0| 20 68 61 76 65 20 64 65 | 63 69 64 65 64 20 6f 6e | have de|cided on|
|000059e0| 20 61 20 70 61 79 6c 6f | 61 64 2c 20 75 73 65 20 | a paylo|ad, use |
|000059f0| 74 68 65 20 5c 74 65 78 | 74 74 74 7b 73 65 74 7d |the \tex|ttt{set}|
|00005a00| 20 63 6f 6d 6d 61 6e 64 | 20 74 6f 20 73 70 65 63 | command| to spec|
|00005a10| 69 66 79 20 74 68 65 20 | 70 61 79 6c 6f 61 64 0a |ify the |payload.|
|00005a20| 6d 6f 64 75 6c 65 20 6e | 61 6d 65 20 61 73 20 74 |module n|ame as t|
|00005a30| 68 65 20 76 61 6c 75 65 | 20 66 6f 72 20 74 68 65 |he value| for the|
|00005a40| 20 5c 74 65 78 74 74 74 | 7b 50 41 59 4c 4f 41 44 | \texttt|{PAYLOAD|
|00005a50| 7d 20 65 6e 76 69 72 6f | 6e 6d 65 6e 74 20 76 61 |} enviro|nment va|
|00005a60| 72 69 61 62 6c 65 2e 20 | 4f 6e 63 65 20 74 68 65 |riable. |Once the|
|00005a70| 20 70 61 79 6c 6f 61 64 | 0a 68 61 73 20 62 65 65 | payload|.has bee|
|00005a80| 6e 20 73 65 74 2c 20 75 | 73 65 20 74 68 65 20 5c |n set, u|se the \|
|00005a90| 74 65 78 74 74 74 7b 73 | 68 6f 77 20 6f 70 74 69 |texttt{s|how opti|
|00005aa0| 6f 6e 73 7d 20 63 6f 6d | 6d 61 6e 64 20 74 6f 20 |ons} com|mand to |
|00005ab0| 64 69 73 70 6c 61 79 20 | 61 6c 6c 20 61 76 61 69 |display |all avai|
|00005ac0| 6c 61 62 6c 65 20 70 61 | 79 6c 6f 61 64 0a 6f 70 |lable pa|yload.op|
|00005ad0| 74 69 6f 6e 73 2e 20 4d | 6f 73 74 20 70 61 79 6c |tions. M|ost payl|
|00005ae0| 6f 61 64 73 20 68 61 76 | 65 20 61 74 20 6c 65 61 |oads hav|e at lea|
|00005af0| 73 74 20 6f 6e 65 20 72 | 65 71 75 69 72 65 64 20 |st one r|equired |
|00005b00| 6f 70 74 69 6f 6e 2e 20 | 41 64 76 61 6e 63 65 64 |option. |Advanced|
|00005b10| 20 6f 70 74 69 6f 6e 73 | 20 61 72 65 0a 70 72 6f | options| are.pro|
|00005b20| 76 69 64 65 64 20 62 79 | 20 61 20 68 61 6e 64 66 |vided by| a handf|
|00005b30| 75 6c 20 6f 66 20 70 61 | 79 6c 6f 61 64 20 6f 70 |ul of pa|yload op|
|00005b40| 74 69 6f 6e 73 3b 20 75 | 73 65 20 74 68 65 20 5c |tions; u|se the \|
|00005b50| 74 65 78 74 74 74 7b 73 | 68 6f 77 20 61 64 76 61 |texttt{s|how adva|
|00005b60| 6e 63 65 64 7d 20 63 6f | 6d 6d 61 6e 64 20 74 6f |nced} co|mmand to|
|00005b70| 20 76 69 65 77 0a 74 68 | 65 73 65 2e 20 50 6c 65 | view.th|ese. Ple|
|00005b80| 61 73 65 20 6b 65 65 70 | 20 69 6e 20 6d 69 6e 64 |ase keep| in mind|
|00005b90| 20 74 68 61 74 20 79 6f | 75 20 77 69 6c 6c 20 62 | that yo|u will b|
|00005ba0| 65 20 61 6c 6c 6f 77 65 | 64 20 74 6f 20 73 65 6c |e allowe|d to sel|
|00005bb0| 65 63 74 20 61 6e 79 20 | 70 61 79 6c 6f 61 64 0a |ect any |payload.|
|00005bc0| 63 6f 6d 70 61 74 69 62 | 6c 65 20 77 69 74 68 20 |compatib|le with |
|00005bd0| 74 68 61 74 20 65 78 70 | 6c 6f 69 74 2c 20 65 76 |that exp|loit, ev|
|00005be0| 65 6e 20 69 66 20 69 74 | 20 6e 6f 74 20 63 6f 6d |en if it| not com|
|00005bf0| 70 61 74 69 62 6c 65 20 | 77 69 74 68 20 79 6f 75 |patible |with you|
|00005c00| 72 20 63 75 72 72 65 6e | 74 6c 79 0a 73 65 6c 65 |r curren|tly.sele|
|00005c10| 63 74 65 64 20 5c 74 65 | 78 74 74 74 7b 54 41 52 |cted \te|xttt{TAR|
|00005c20| 47 45 54 7d 2e 20 46 6f | 72 20 65 78 61 6d 70 6c |GET}. Fo|r exampl|
|00005c30| 65 2c 20 69 66 20 79 6f | 75 20 73 65 6c 65 63 74 |e, if yo|u select|
|00005c40| 20 61 20 4c 69 6e 75 78 | 20 74 61 72 67 65 74 2c | a Linux| target,|
|00005c50| 20 79 65 74 20 63 68 6f | 6f 73 65 0a 61 20 42 53 | yet cho|ose.a BS|
|00005c60| 44 20 70 61 79 6c 6f 61 | 64 2c 20 79 6f 75 20 73 |D payloa|d, you s|
|00005c70| 68 6f 75 6c 64 20 6e 6f | 74 20 65 78 70 65 63 74 |hould no|t expect|
|00005c80| 20 74 68 65 20 65 78 70 | 6c 6f 69 74 20 74 6f 20 | the exp|loit to |
|00005c90| 77 6f 72 6b 2e 0a 0a 0a | 09 5c 73 65 63 74 69 6f |work....|.\sectio|
|00005ca0| 6e 7b 4c 61 75 6e 63 68 | 69 6e 67 20 74 68 65 20 |n{Launch|ing the |
|00005cb0| 45 78 70 6c 6f 69 74 7d | 0a 5c 70 61 72 0a 54 68 |Exploit}|.\par.Th|
|00005cc0| 65 20 5c 74 65 78 74 74 | 74 7b 65 78 70 6c 6f 69 |e \textt|t{exploi|
|00005cd0| 74 7d 20 63 6f 6d 6d 61 | 6e 64 20 77 69 6c 6c 20 |t} comma|nd will |
|00005ce0| 6c 61 75 6e 63 68 20 74 | 68 65 20 61 74 74 61 63 |launch t|he attac|
|00005cf0| 6b 2e 20 49 66 20 65 76 | 65 72 79 74 68 69 6e 67 |k. If ev|erything|
|00005d00| 20 77 65 6e 74 20 77 65 | 6c 6c 2c 20 79 6f 75 72 | went we|ll, your|
|00005d10| 0a 70 61 79 6c 6f 61 64 | 20 77 69 6c 6c 20 65 78 |.payload| will ex|
|00005d20| 65 63 75 74 65 20 61 6e | 64 20 70 6f 74 65 6e 74 |ecute an|d potent|
|00005d30| 69 61 6c 6c 79 20 70 72 | 6f 76 69 64 65 20 79 6f |ially pr|ovide yo|
|00005d40| 75 20 77 69 74 68 20 61 | 6e 20 69 6e 74 65 72 61 |u with a|n intera|
|00005d50| 63 74 69 76 65 20 63 6f | 6d 6d 61 6e 64 0a 73 68 |ctive co|mmand.sh|
|00005d60| 65 6c 6c 20 6f 6e 20 74 | 68 65 20 65 78 70 6c 6f |ell on t|he explo|
|00005d70| 69 74 65 64 20 73 79 73 | 74 65 6d 2e 20 0a 0a 0a |ited sys|tem. ...|
|00005d80| 5c 70 61 67 65 62 72 65 | 61 6b 0a 5c 63 68 61 70 |\pagebre|ak.\chap|
|00005d90| 74 65 72 7b 41 64 76 61 | 6e 63 65 64 20 46 65 61 |ter{Adva|nced Fea|
|00005da0| 74 75 72 65 73 7d 0a 0a | 5c 70 61 72 0a 54 68 69 |tures}..|\par.Thi|
|00005db0| 73 20 73 65 63 74 69 6f | 6e 20 63 6f 76 65 72 73 |s sectio|n covers|
|00005dc0| 20 73 6f 6d 65 20 6f 66 | 20 74 68 65 20 61 64 76 | some of| the adv|
|00005dd0| 61 6e 63 65 64 20 66 65 | 61 74 75 72 65 73 20 74 |anced fe|atures t|
|00005de0| 68 61 74 20 63 61 6e 20 | 62 65 20 66 6f 75 6e 64 |hat can |be found|
|00005df0| 20 69 6e 20 74 68 69 73 | 0a 72 65 6c 65 61 73 65 | in this|.release|
|00005e00| 2e 20 54 68 65 73 65 20 | 66 65 61 74 75 72 65 73 |. These |features|
|00005e10| 20 63 61 6e 20 62 65 20 | 75 73 65 64 20 69 6e 20 | can be |used in |
|00005e20| 61 6e 79 20 63 6f 6d 70 | 61 74 69 62 6c 65 20 65 |any comp|atible e|
|00005e30| 78 70 6c 6f 69 74 20 61 | 6e 64 20 68 69 67 68 6c |xploit a|nd highl|
|00005e40| 69 67 68 74 20 74 68 65 | 0a 73 74 72 65 6e 67 74 |ight the|.strengt|
|00005e50| 68 20 6f 66 20 64 65 76 | 65 6c 6f 70 69 6e 67 20 |h of dev|eloping |
|00005e60| 61 74 74 61 63 6b 20 63 | 6f 64 65 20 75 73 69 6e |attack c|ode usin|
|00005e70| 67 20 61 6e 20 65 78 70 | 6c 6f 69 74 20 66 72 61 |g an exp|loit fra|
|00005e80| 6d 65 77 6f 72 6b 2e 20 | 0a 0a 5c 73 65 63 74 69 |mework. |..\secti|
|00005e90| 6f 6e 7b 54 68 65 20 4d | 65 74 65 72 70 72 65 74 |on{The M|eterpret|
|00005ea0| 65 72 7d 0a 5c 70 61 72 | 0a 54 68 65 20 4d 65 74 |er}.\par|.The Met|
|00005eb0| 65 72 70 72 65 74 65 72 | 20 69 73 20 61 6e 20 61 |erpreter| is an a|
|00005ec0| 64 76 61 6e 63 65 64 20 | 6d 75 6c 74 69 2d 66 75 |dvanced |multi-fu|
|00005ed0| 6e 63 74 69 6f 6e 20 70 | 61 79 6c 6f 61 64 20 74 |nction p|ayload t|
|00005ee0| 68 61 74 20 63 61 6e 20 | 62 65 20 64 79 6e 61 6d |hat can |be dynam|
|00005ef0| 69 63 61 6c 6c 79 0a 65 | 78 74 65 6e 64 65 64 20 |ically.e|xtended |
|00005f00| 61 74 20 72 75 6e 2d 74 | 69 6d 65 2e 20 49 6e 20 |at run-t|ime. In |
|00005f10| 6e 6f 72 6d 61 6c 20 74 | 65 72 6d 73 2c 20 74 68 |normal t|erms, th|
|00005f20| 69 73 20 6d 65 61 6e 73 | 20 74 68 61 74 20 69 74 |is means| that it|
|00005f30| 20 70 72 6f 76 69 64 65 | 73 20 79 6f 75 20 77 69 | provide|s you wi|
|00005f40| 74 68 20 61 0a 62 61 73 | 69 63 20 73 68 65 6c 6c |th a.bas|ic shell|
|00005f50| 20 61 6e 64 20 61 6c 6c | 6f 77 73 20 79 6f 75 20 | and all|ows you |
|00005f60| 74 6f 20 61 64 64 20 6e | 65 77 20 66 65 61 74 75 |to add n|ew featu|
|00005f70| 72 65 73 20 74 6f 20 69 | 74 20 61 73 20 6e 65 65 |res to i|t as nee|
|00005f80| 64 65 64 2e 20 50 6c 65 | 61 73 65 20 72 65 66 65 |ded. Ple|ase refe|
|00005f90| 72 20 74 6f 0a 74 68 65 | 20 4d 65 74 65 72 70 72 |r to.the| Meterpr|
|00005fa0| 65 74 65 72 20 64 6f 63 | 75 6d 65 6e 74 61 74 69 |eter doc|umentati|
|00005fb0| 6f 6e 20 66 6f 72 20 61 | 6e 20 69 6e 2d 64 65 70 |on for a|n in-dep|
|00005fc0| 74 68 20 64 65 73 63 72 | 69 70 74 69 6f 6e 20 6f |th descr|iption o|
|00005fd0| 66 20 68 6f 77 20 69 74 | 20 77 6f 72 6b 73 20 61 |f how it| works a|
|00005fe0| 6e 64 0a 77 68 61 74 20 | 79 6f 75 20 63 61 6e 20 |nd.what |you can |
|00005ff0| 64 6f 20 77 69 74 68 20 | 69 74 2e 20 54 68 65 20 |do with |it. The |
|00006000| 4d 65 74 65 72 70 72 65 | 74 65 72 20 6d 61 6e 75 |Meterpre|ter manu|
|00006010| 61 6c 20 63 61 6e 20 62 | 65 20 66 6f 75 6e 64 20 |al can b|e found |
|00006020| 69 6e 20 74 68 65 20 22 | 64 6f 63 73 22 0a 73 75 |in the "|docs".su|
|00006030| 62 64 69 72 65 63 74 6f | 72 79 20 6f 66 20 74 68 |bdirecto|ry of th|
|00006040| 65 20 46 72 61 6d 65 77 | 6f 72 6b 20 61 73 20 77 |e Framew|ork as w|
|00006050| 65 6c 6c 20 61 73 20 6f | 6e 6c 69 6e 65 20 61 74 |ell as o|nline at|
|00006060| 3a 0a 0a 5c 75 72 6c 7b | 68 74 74 70 3a 2f 2f 6d |:..\url{|http://m|
|00006070| 65 74 61 73 70 6c 6f 69 | 74 2e 63 6f 6d 2f 70 72 |etasploi|t.com/pr|
|00006080| 6f 6a 65 63 74 73 2f 46 | 72 61 6d 65 77 6f 72 6b |ojects/F|ramework|
|00006090| 2f 64 6f 63 73 2f 6d 65 | 74 65 72 70 72 65 74 65 |/docs/me|terprete|
|000060a0| 72 2e 70 64 66 7d 0a 0a | 5c 73 65 63 74 69 6f 6e |r.pdf}..|\section|
|000060b0| 7b 50 61 73 73 69 76 65 | 58 20 50 61 79 6c 6f 61 |{Passive|X Payloa|
|000060c0| 64 73 7d 0a 5c 70 61 72 | 0a 53 74 61 72 74 69 6e |ds}.\par|.Startin|
|000060d0| 67 20 77 69 74 68 20 74 | 68 65 20 32 2e 34 20 72 |g with t|he 2.4 r|
|000060e0| 65 6c 65 61 73 65 2c 20 | 74 68 65 20 4d 65 74 61 |elease, |the Meta|
|000060f0| 73 70 6c 6f 69 74 20 46 | 72 61 6d 65 77 6f 72 6b |sploit F|ramework|
|00006100| 20 63 61 6e 20 62 65 20 | 75 73 65 64 20 74 6f 20 | can be |used to |
|00006110| 6c 6f 61 64 0a 61 72 62 | 69 74 72 61 72 79 20 41 |load.arb|itrary A|
|00006120| 63 74 69 76 65 58 20 63 | 6f 6e 74 72 6f 6c 73 20 |ctiveX c|ontrols |
|00006130| 69 6e 74 6f 20 61 20 74 | 61 72 67 65 74 20 70 72 |into a t|arget pr|
|00006140| 6f 63 65 73 73 2e 20 54 | 68 69 73 20 66 65 61 74 |ocess. T|his feat|
|00006150| 75 72 65 20 77 6f 72 6b | 73 20 62 79 20 70 61 74 |ure work|s by pat|
|00006160| 63 68 69 6e 67 0a 74 68 | 65 20 72 65 67 69 73 74 |ching.th|e regist|
|00006170| 72 79 20 6f 66 20 74 68 | 65 20 74 61 72 67 65 74 |ry of th|e target|
|00006180| 20 73 79 73 74 65 6d 20 | 61 6e 64 20 63 61 75 73 | system |and caus|
|00006190| 69 6e 67 20 74 68 65 20 | 65 78 70 6c 6f 69 74 65 |ing the |exploite|
|000061a0| 64 20 70 72 6f 63 65 73 | 73 20 74 6f 20 6c 61 75 |d proces|s to lau|
|000061b0| 6e 63 68 0a 69 6e 74 65 | 72 6e 65 74 20 65 78 70 |nch.inte|rnet exp|
|000061c0| 6c 6f 72 65 72 20 77 69 | 74 68 20 61 20 55 52 4c |lorer wi|th a URL|
|000061d0| 20 70 6f 69 6e 74 69 6e | 67 20 62 61 63 6b 20 74 | pointin|g back t|
|000061e0| 6f 20 74 68 65 20 46 72 | 61 6d 65 77 6f 72 6b 2e |o the Fr|amework.|
|000061f0| 20 54 68 65 20 46 72 61 | 6d 65 77 6f 72 6b 0a 73 | The Fra|mework.s|
|00006200| 74 61 72 74 73 20 75 70 | 20 61 20 73 69 6d 70 6c |tarts up| a simpl|
|00006210| 65 20 77 65 62 20 73 65 | 72 76 65 72 20 74 68 61 |e web se|rver tha|
|00006220| 74 20 61 63 63 65 70 74 | 73 20 74 68 65 20 72 65 |t accept|s the re|
|00006230| 71 75 65 73 74 20 61 6e | 64 20 73 65 6e 64 73 20 |quest an|d sends |
|00006240| 62 61 63 6b 20 61 20 77 | 65 62 20 70 61 67 65 0a |back a w|eb page.|
|00006250| 69 6e 73 74 72 75 63 74 | 69 6e 67 20 69 74 20 74 |instruct|ing it t|
|00006260| 6f 20 6c 6f 61 64 20 61 | 6e 20 41 63 74 69 76 65 |o load a|n Active|
|00006270| 58 20 63 6f 6d 70 6f 6e | 65 6e 74 2e 20 54 68 65 |X compon|ent. The|
|00006280| 20 65 78 70 6c 6f 69 74 | 65 64 20 73 79 73 74 65 | exploit|ed syste|
|00006290| 6d 20 74 68 65 6e 20 64 | 6f 77 6e 6c 6f 61 64 73 |m then d|ownloads|
|000062a0| 2c 0a 72 65 67 69 73 74 | 65 72 73 2c 20 61 6e 64 |,.regist|ers, and|
|000062b0| 20 65 78 65 63 75 74 65 | 73 20 74 68 65 20 41 63 | execute|s the Ac|
|000062c0| 74 69 76 65 58 2e 20 0a | 0a 5c 70 61 72 0a 54 68 |tiveX. .|.\par.Th|
|000062d0| 65 20 62 61 73 69 63 20 | 50 61 73 73 69 76 65 58 |e basic |PassiveX|
|000062e0| 20 70 61 79 6c 6f 61 64 | 2c 20 5c 74 65 78 74 74 | payload|, \textt|
|000062f0| 74 7b 77 69 6e 33 32 5c | 5f 70 61 73 73 69 76 65 |t{win32\|_passive|
|00006300| 78 7d 2c 20 73 75 70 70 | 6f 72 74 73 20 61 6e 79 |x}, supp|orts any|
|00006310| 20 63 75 73 74 6f 6d 0a | 41 63 74 69 76 65 58 20 | custom.|ActiveX |
|00006320| 74 68 61 74 20 79 6f 75 | 20 64 65 76 65 6c 6f 70 |that you| develop|
|00006330| 2e 20 49 6e 20 61 64 64 | 69 74 69 6f 6e 20 74 6f |. In add|ition to|
|00006340| 20 74 68 65 20 62 61 73 | 65 20 70 61 79 6c 6f 61 | the bas|e payloa|
|00006350| 64 2c 20 74 68 72 65 65 | 20 6f 74 68 65 72 20 50 |d, three| other P|
|00006360| 61 73 73 69 76 65 58 0a | 6d 6f 64 75 6c 65 73 20 |assiveX.|modules |
|00006370| 61 72 65 20 69 6e 63 6c | 75 64 65 64 20 69 6e 20 |are incl|uded in |
|00006380| 74 68 65 20 46 72 61 6d | 65 77 6f 72 6b 2e 20 54 |the Fram|ework. T|
|00006390| 68 65 73 65 20 63 61 6e | 20 62 65 20 75 73 65 64 |hese can| be used|
|000063a0| 20 74 6f 20 65 78 65 63 | 75 74 65 20 61 20 63 6f | to exec|ute a co|
|000063b0| 6d 6d 61 6e 64 0a 73 68 | 65 6c 6c 2c 20 6c 6f 61 |mmand.sh|ell, loa|
|000063c0| 64 20 74 68 65 20 4d 65 | 74 65 72 70 72 65 74 65 |d the Me|terprete|
|000063d0| 72 2c 20 6f 72 20 69 6e | 6a 65 63 74 20 61 20 56 |r, or in|ject a V|
|000063e0| 4e 43 20 73 65 72 76 69 | 63 65 2e 20 57 68 65 6e |NC servi|ce. When|
|000063f0| 20 61 6e 79 20 6f 66 20 | 74 68 65 73 65 20 74 68 | any of |these th|
+--------+-------------------------+-------------------------+--------+--------+
Only 25.0 KB of data is shown above.