Name: HTTPS Fetch, Linux x64 Command Shell, Reverse TCP Inline (IPv6) Module: payload/cmd/linux/https/x64/shell_reverse_ipv6_tcp Platform: Linux Arch: cmd Needs Admin: No Total size: 110 Rank: Normal Provided by: Brendan Watters epi Basic options: Name Current Setting Required Description ---- --------------- -------- ----------- FETCH_CHECK_CERT false yes Check SSL certificate FETCH_COMMAND CURL yes Command to fetch payload (Accepted: CURL, FTP, TFTP, TNFTP, WGET) FETCH_DELETE false yes Attempt to delete the binary after execution FETCH_FILELESS none yes Attempt to run payload without touching disk by using anonymous handles, requires Linux ≥3.17 (for Python variant also Python ≥3.8 (Accepted: none, bash, python3.8+) FETCH_SRVHOST no Local IP to use for serving payload FETCH_SRVPORT 8080 yes Local port to use for serving payload FETCH_URIPATH no Local URI to use for serving payload LHOST yes The listen address (an interface may be specified) LPORT 4444 yes The listen port SCOPEID 0 no IPv6 scope ID, for link-local addresses When FETCH_COMMAND is one of CURL,WGET: Name Current Setting Required Description ---- --------------- -------- ----------- FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell. When FETCH_FILELESS is none: Name Current Setting Required Description ---- --------------- -------- ----------- FETCH_FILENAME ORLscikuqX no Name to use on remote system when storing payload; cannot contain spaces or slashes FETCH_WRITABLE_DIR ./ yes Remote writable dir to store payload; cannot contain spaces Description: Fetch and execute an x64 payload from an HTTPS server. Connect back to attacker and spawn a command shell over IPv6 Name Current Setting Required Description ---- --------------- -------- ----------- AutoRunScript no A script to run automatically on session creation. AutoVerifySession true yes Automatically verify and drop invalid sessions CommandShellCleanupCommand no A command to run before the session is closed EXE::Custom no Use custom exe instead of automatically generating a payload exe EXE::EICAR false no Generate an EICAR file instead of regular payload exe EXE::FallBack false no Use the default template in case the specified one is missing EXE::Inject false no Set to preserve the original EXE function EXE::OldMethod false no Set to use the substitution EXE generation method. EXE::Path no The directory in which to look for the executable template EXE::Template no The executable template file name. FetchHandlerDisable false yes Disable fetch handler FetchHttpServerName Apache yes Fetch HTTP server name FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT FetchSSLCert no Path to a custom SSL certificate (default is randomly generated) FetchSSLCipher no String for SSL cipher spec - "DHE-RSA-AES256-SHA" or "ADH" FetchSSLCompression false no Enable SSL/TLS-level compression FetchSSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2) InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript) MSI::Custom no Use custom msi instead of automatically generating a payload msi MSI::EICAR false no Generate an EICAR file instead of regular payload msi MSI::Path no The directory in which to look for the msi template MSI::Template no The msi template file name MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted) PrependFork false no Prepend a stub that starts the payload in its own process via fork PrependSetresuid false no Prepend a stub that executes the setresuid(0, 0, 0) system call PrependSetreuid false no Prepend a stub that executes the setreuid(0, 0) system call PrependSetuid false no Prepend a stub that executes the setuid(0) system call ReverseAllowProxy false yes Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST ReverseListenerBindAddress no The specific IP address to bind to on the local system ReverseListenerBindPort no The port to bind to on the local system if different from LPORT ReverseListenerComm no The specific communication channel to use for this listener ReverseListenerThreaded false yes Handle every connection in a new thread (experimental) StagerRetryCount 10 no The number of times the stager should retry if the first connect fails StagerRetryWait 5 no Number of seconds to wait for the stager between reconnect attempts VERBOSE false no Enable detailed status messages WORKSPACE no Specify the workspace for this module