93 lines
7.2 KiB
Plaintext
93 lines
7.2 KiB
Plaintext
|
|
Name: HTTP Fetch, Windows Meterpreter Shell, Bind Named Pipe Inline (x64)
|
|
Module: payload/cmd/windows/http/x64/meterpreter_bind_named_pipe
|
|
Platform: Windows
|
|
Arch: cmd
|
|
Needs Admin: No
|
|
Total size: 131
|
|
Rank: Normal
|
|
|
|
Provided by:
|
|
Brendan Watters
|
|
UserExistsError
|
|
sf <stephen_fewer@harmonysecurity.com>
|
|
OJ Reeves
|
|
|
|
Basic options:
|
|
Name Current Setting Required Description
|
|
---- --------------- -------- -----------
|
|
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
|
|
EXTENSIONS no Comma-separate list of extensions to load
|
|
EXTINIT no Initialization strings for extensions
|
|
FETCH_COMMAND CERTUTIL yes Command to fetch payload (Accepted: CURL, TFTP, CERTUTIL)
|
|
FETCH_DELETE false yes Attempt to delete the binary after execution
|
|
FETCH_FILENAME pwnOSTTpRsVU no Name to use on remote system when storing payload; cannot contain spaces or slashes
|
|
FETCH_SRVHOST yes Local IP to use for serving payload
|
|
FETCH_SRVPORT 8080 yes Local port to use for serving payload
|
|
FETCH_URIPATH no Local URI to use for serving payload
|
|
FETCH_WRITABLE_DIR %TEMP% yes Remote writable dir to store payload; cannot contain spaces.
|
|
LPORT 445 yes SMB port
|
|
PIPENAME msf-pipe yes Name of the pipe to connect to
|
|
RHOST no Host of the pipe to connect to
|
|
SMBDomain . no The Windows domain to use for authentication
|
|
SMBPass no The password for the specified username
|
|
SMBUser no The username to authenticate as
|
|
|
|
|
|
When FETCH_COMMAND is one of CURL:
|
|
|
|
Name Current Setting Required Description
|
|
---- --------------- -------- -----------
|
|
FETCH_PIPE false yes Host both the binary payload and the command so it can be piped directly to the shell.
|
|
|
|
Description:
|
|
Fetch and execute an x64 payload from an HTTP server.
|
|
Connect to victim and spawn a Meterpreter shell. Requires Windows XP SP2 or newer.
|
|
|
|
|
|
Name Current Setting Required Description
|
|
---- --------------- -------- -----------
|
|
AutoLoadStdapi true yes Automatically load the Stdapi extension
|
|
AutoRunScript no A script to run automatically on session creation.
|
|
AutoSystemInfo true yes Automatically capture system information on initialization.
|
|
AutoUnhookProcess false yes Automatically load the unhook extension and unhook the process
|
|
AutoVerifySessionTimeout 30 no Timeout period to wait for session validation to occur, in seconds
|
|
EXE::Custom no Use custom exe instead of automatically generating a payload exe
|
|
EXE::EICAR false no Generate an EICAR file instead of regular payload exe
|
|
EXE::FallBack false no Use the default template in case the specified one is missing
|
|
EXE::Inject false no Set to preserve the original EXE function
|
|
EXE::OldMethod false no Set to use the substitution EXE generation method.
|
|
EXE::Path no The directory in which to look for the executable template
|
|
EXE::Template no The executable template file name.
|
|
EnableUnicodeEncoding false yes Automatically encode UTF-8 strings as hexadecimal
|
|
FetchHandlerDisable false yes Disable fetch handler
|
|
FetchHttpServerName Apache yes Fetch HTTP server name
|
|
FetchListenerBindAddress no The specific IP address to bind to to serve the payload if different from FETCH_SRVHOST
|
|
FetchListenerBindPort no The port to bind to if different from FETCH_SRVPORT
|
|
HandlerSSLCert no Path to a SSL certificate in unified PEM format, ignored for HTTP transports
|
|
InitialAutoRunScript no An initial script to run on session creation (before AutoRunScript)
|
|
MSI::Custom no Use custom msi instead of automatically generating a payload msi
|
|
MSI::EICAR false no Generate an EICAR file instead of regular payload msi
|
|
MSI::Path no The directory in which to look for the msi template
|
|
MSI::Template no The msi template file name
|
|
MSI::UAC false no Create an MSI with a UAC prompt (elevation to SYSTEM if accepted)
|
|
MeterpreterDebugBuild false no Use a debug version of Meterpreter
|
|
MeterpreterDebugLogging no The Meterpreter debug logging configuration, see https://docs.metasploit.com/docs/using-metasploit/advanced/meterpreter/meterpreter-debugging-meterpreter-sessions.html
|
|
PayloadProcessCommandLine no The displayed command line that will be used by the payload
|
|
PayloadUUIDName no A human-friendly name to reference this unique payload (requires tracking)
|
|
PayloadUUIDRaw no A hex string representing the raw 8-byte PUID value for the UUID
|
|
PayloadUUIDSeed no A string to use when generating the payload UUID (deterministic)
|
|
PayloadUUIDTracking false yes Whether or not to automatically register generated UUIDs
|
|
PingbackRetries 0 yes How many additional successful pingbacks
|
|
PingbackSleep 30 yes Time (in seconds) to sleep between pingbacks
|
|
PrependMigrate false yes Spawns and runs shellcode in new process
|
|
PrependMigrateProc no Process to spawn and run shellcode in
|
|
SMBDirect true yes The target port is a raw SMB service (not NetBIOS)
|
|
SessionCommunicationTimeout 300 no The number of seconds of no activity before this session should be killed
|
|
SessionExpirationTimeout 604800 no The number of seconds before this session should be forcibly shut down
|
|
SessionRetryTotal 3600 no Number of seconds try reconnecting for on network failure
|
|
SessionRetryWait 10 no Number of seconds to wait between reconnect attempts
|
|
VERBOSE false no Enable detailed status messages
|
|
WORKSPACE no Specify the workspace for this module
|
|
|