
       Name: TFTP Fetch
     Module: payload/cmd/linux/tftp/x64/meterpreter_reverse_https
   Platform: Linux
       Arch: cmd
Needs Admin: No
 Total size: 102
       Rank: Normal

Provided by:
  
Evasion options for payload/cmd/linux/tftp/x64/meterpreter_reverse_https:
=========================

  timwr

Basic options:
Name            Current Setting  Required  Description
----            ---------------  --------  -----------
FETCH_COMMAND   CURL             yes       Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET)
FETCH_DELETE    false            yes       Attempt to delete the binary after execution
FETCH_FILELESS  none             yes       Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+)
FETCH_SRVHOST                    no        Local IP to use for serving payload
FETCH_SRVONCE   true             yes       Stop serving the payload after it is retrieved
FETCH_SRVPORT   8080             yes       Local port to use for serving payload
FETCH_URIPATH                    no        Local URI to use for serving payload
LHOST                            yes       The local listener hostname
LPORT           8443             yes       The local listener port
LURI                             no        The HTTP Path


When FETCH_COMMAND is one of CURL,WGET:

Name        Current Setting  Required  Description
----        ---------------  --------  -----------
FETCH_PIPE  false            yes       Host both the binary payload and the command so it can be piped directly to the shell.


When FETCH_FILELESS is none:

Name                Current Setting  Required  Description
----                ---------------  --------  -----------
FETCH_FILENAME      NfyFMMWn         no        Name to use on remote system when storing payload; cannot contain spaces or slashes
FETCH_WRITABLE_DIR  ./               yes       Remote writable dir to store payload; cannot contain spaces

Description:
    Fetch and execute an x64 payload from a TFTP server.


    Name                         Current Setting                                                                                                        Required  Description
    ----                         ---------------                                                                                                        --------  -----------
    AutoLoadStdapi               true                                                                                                                   yes       Automatically load the Stdapi extension
    AutoRunScript                                                                                                                                       no        A script to run automatically on session creation.
    AutoSystemInfo               true                                                                                                                   yes       Automatically capture system information on initialization.
    AutoUnhookProcess            false                                                                                                                  yes       Automatically load the unhook extension and unhook the process
    AutoVerifySessionTimeout     30                                                                                                                     no        Timeout period to wait for session validation to occur, in seconds
    EXE::Custom                                                                                                                                         no        Use custom exe instead of automatically generating a payload exe
    EXE::EICAR                   false                                                                                                                  no        Generate an EICAR file instead of regular payload exe
    EXE::FallBack                false                                                                                                                  no        Use the default template in case the specified one is missing
    EXE::Inject                  false                                                                                                                  no        Set to preserve the original EXE function
    EXE::OldMethod               false                                                                                                                  no        Set to use the substitution EXE generation method.
    EXE::Path                                                                                                                                           no        The directory in which to look for the executable template
    EXE::Template                                                                                                                                       no        The executable template file name.
    EnableUnicodeEncoding        false                                                                                                                  yes       Automatically encode UTF-8 strings as hexadecimal
    FetchHandlerDisable          false                                                                                                                  yes       Disable fetch handler
    FetchListenerBindAddress                                                                                                                            no        The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
    FetchListenerBindPort                                                                                                                               no        The port to bind to if different from FETCH_SRVPORT
    HandlerSSLCert                                                                                                                                      no        Path to a SSL certificate in unified PEM format, ignored for HTTP transports
    HttpServerName               Apache                                                                                                                 no        The server header that the handler will send in response to requests
    HttpUnknownRequestResponse   <html><body><h1>It works!</h1></body></html>                                                                           no        The returned HTML response body when the handler receives a request that is not from a payload
    HttpUserAgent                Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36  no        The user-agent that the payload should use for communication Max parameter length: 255 characters
    IgnoreUnknownPayloads        false                                                                                                                  no        Whether to drop connections from payloads using unknown UUIDs
    InitialAutoRunScript                                                                                                                                no        An initial script to run on session creation (before AutoRunScript)
    MSI::Custom                                                                                                                                         no        Use custom msi instead of automatically generating a payload msi
    MSI::EICAR                   false                                                                                                                  no        Generate an EICAR file instead of regular payload msi
    MSI::Path                                                                                                                                           no        The directory in which to look for the msi template
    MSI::Template                                                                                                                                       no        The msi template file name
    MSI::UAC                     false                                                                                                                  no        Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
    MeterpreterDebugBuild        false                                                                                                                  no        Use a debug version of Meterpreter
    MeterpreterDebugLogging                                                                                                                             no        The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
    MeterpreterTryToFork         false                                                                                                                  no        Fork a new process if the functionality is available
    OverrideLHOST                                                                                                                                       no        When OverrideRequestHost is set, use this value as the host name for secondary requests
    OverrideLPORT                                                                                                                                       no        When OverrideRequestHost is set, use this value as the port number for secondary requests
    OverrideRequestHost          false                                                                                                                  no        Forces a specific host and port instead of using what the client requests, defaults to LHOST:LPORT
    OverrideScheme                                                                                                                                      no        When OverrideRequestHost is set, use this value as the scheme for secondary requests, e.g http or https
    PayloadProcessCommandLine                                                                                                                           no        The displayed command line that will be used by the payload
    PayloadUUIDName                                                                                                                                     no        A human-friendly name to reference this unique payload (requires tracking)
    PayloadUUIDRaw                                                                                                                                      no        A hex string representing the raw 8-byte PUID value for the UUID
    PayloadUUIDSeed                                                                                                                                     no        A string to use when generating the payload UUID (deterministic)
    PayloadUUIDTracking          false                                                                                                                  yes       Whether or not to automatically register generated UUIDs
    PingbackRetries              0                                                                                                                      yes       How many additional successful pingbacks
    PingbackSleep                30                                                                                                                     yes       Time (in seconds) to sleep between pingbacks
    ReverseAllowProxy            false                                                                                                                  yes       Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
    ReverseListenerBindAddress                                                                                                                          no        The specific IP address to bind to on the local system
    ReverseListenerBindPort                                                                                                                             no        The port to bind to on the local system if different from LPORT
    ReverseListenerComm                                                                                                                                 no        The specific communication channel to use for this listener
    SSLVersion                   Auto                                                                                                                   yes       Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
    SessionCommunicationTimeout  300                                                                                                                    no        The number of seconds of no activity before this session should be killed
    SessionExpirationTimeout     604800                                                                                                                 no        The number of seconds before this session should be forcibly shut down
    SessionRetryTotal            3600                                                                                                                   no        Number of seconds try reconnecting for on network failure
    SessionRetryWait             10                                                                                                                     no        Number of seconds to wait between reconnect attempts
    StagerVerifySSLCert          false                                                                                                                  no        Whether to verify the SSL certificate in Meterpreter
    VERBOSE                      false                                                                                                                  no        Enable detailed status messages
    WORKSPACE                                                                                                                                           no        Specify the workspace for this module

