Metasploit

Staged vs. Non-staged Payloads

Try staged payloads first, but don't forget to try non-staged payloads if staged payloads don't work.

A staged payload breaks the payload into small pieces (stages) and chains them together in the end. It is good for:

1. Small buffer

2. AV evasion

However, staged payload might not work in some scenarios. If that is the case, try its non-staged counterpart.

A staged payload looks like this:

windows/x64/meterpreter/reverse_tcp

and a non-staged payload looks like this:

windows/x64/meterpreter_reverse_tcp

Add Exploits to Metasploit

If searchsploit finds a Metasploit exploit but it is not in the Metasploit framework, add it manually:

cp <exploit_path> /usr/share/metasploit-framework/modules/exploits/linux/http

In Metasploit, run reload_all.

msf6 > reload_all

Advanced Options

Metasploit modules have some advanced options for you to play with. For example, in exploit/linux/samba/is_known_pipename, we have to set SMB version to 1. This is done in one of the advanced options:

exploit/linux/samba/is_known_pipename advanced options

Set SMB:ProtocolVersion to 1:

msf6 exploit(linux/samba/is_known_pipename) > set SMB::ProtocolVersion 1

Meterpreter