# Metasploit

## Staged vs. Non-staged Payloads

{% hint style="info" %}
Try staged payloads first, but don't forget to try non-staged payloads if staged payloads don't work.
{% endhint %}

A staged payload breaks the payload into small pieces (stages) and chains them together in the end. It is good for:

1. **Small buffer**
2. **AV evasion**

However, staged payload might not work in some scenarios. If that is the case, try its non-staged counterpart.

A **staged** payload looks like this:

```
windows/x64/meterpreter/reverse_tcp
```

and a **non-staged** payload looks like this:

```
windows/x64/meterpreter_reverse_tcp
```

## Add Exploits to Metasploit

If `searchsploit` finds a Metasploit exploit but it is not in the Metasploit framework, add it manually:

```bash
cp <exploit_path> /usr/share/metasploit-framework/modules/exploits/linux/http
```

In Metasploit, run `reload_all`.

```bash
msf6 > reload_all
```

## Advanced Options

Metasploit modules have some **advanced options** for you to play with. For example, in `exploit/linux/samba/is_known_pipename`, we have to set SMB version to 1. This is done in one of the advanced options:

![exploit/linux/samba/is\_known\_pipename advanced options](https://3988450783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWVjG_njKgBtvmnKaJh%2Fuploads%2FoGbYkVKHogsmY2hAPIhi%2Fimage.png?alt=media\&token=3a7b0e4f-79ca-4a71-b3cd-c77a86758121)

Set `SMB:ProtocolVersion` to 1:

```bash
msf6 exploit(linux/samba/is_known_pipename) > set SMB::ProtocolVersion 1
```

## Meterpreter