Metasploit
Staged vs. Non-staged Payloads
A staged payload breaks the payload into small pieces (stages) and chains them together in the end. It is good for:
Small buffer
AV evasion
However, staged payload might not work in some scenarios. If that is the case, try its non-staged counterpart.
A staged payload looks like this:
windows/x64/meterpreter/reverse_tcp
and a non-staged payload looks like this:
windows/x64/meterpreter_reverse_tcp
Add Exploits to Metasploit
If searchsploit
finds a Metasploit exploit but it is not in the Metasploit framework, add it manually:
cp <exploit_path> /usr/share/metasploit-framework/modules/exploits/linux/http
In Metasploit, run reload_all
.
msf6 > reload_all
Advanced Options
Metasploit modules have some advanced options for you to play with. For example, in exploit/linux/samba/is_known_pipename
, we have to set SMB version to 1. This is done in one of the advanced options:

Set SMB:ProtocolVersion
to 1:
msf6 exploit(linux/samba/is_known_pipename) > set SMB::ProtocolVersion 1
Meterpreter
Last updated
Was this helpful?