LabEx
Log InJoin Free

Use Global Variables for Efficiency in Metasploit

Kali LinuxBeginner
Practice Now

Introduction

When working with the Metasploit Framework, you often need to set various options for different modules, such as LHOST (the local host to listen on) and LPORT (the local port). Setting these options repeatedly for each module can be time-consuming. Metasploit provides a feature called global variables to address this. By setting a variable globally, it will be automatically applied to any module that uses that option, significantly improving your workflow efficiency.

In this lab, you will learn how to set, use, and unset global variables within the Metasploit console.

Use the setg command to set a global LHOST

In this step, you will start the Metasploit console and set a global variable for LHOST. The setg command is used to set a variable that will persist across different modules within the same msfconsole session.

First, let's find the IP address of your lab environment. This IP will be used as the value for LHOST.

hostname -I | awk '{print $1}'

You will see an output similar to this (your IP address will be different):

192.168.3.123

Remember this IP address. Now, start the Metasploit Framework console. The -q flag is used for "quiet" mode, which suppresses the startup banner.

msfconsole -q

Your prompt will change to msf6 >. Now, let's set the LHOST variable globally. Use the setg command followed by the variable name and the IP address you just found.

Note: Please replace YOUR_IP_ADDRESS with the actual IP address from the hostname -I command.

setg LHOST YOUR_IP_ADDRESS

You should see a confirmation message:

LHOST => YOUR_IP_ADDRESS

This command has now stored your IP address as a global LHOST value for this session. To verify this, you can use the show command with the -g flag, which displays all globally set variables.

show -g

The output will list all global variables:

Global
=======

  Name   Value
  ----   -----
  LHOST  YOUR_IP_ADDRESS

Select a new exploit module

In this step, you will select an exploit module to see how the global variable is automatically applied. We will use the generic payload handler, exploit/multi/handler, as our first example. This module is commonly used to listen for incoming connections.

Within the msfconsole prompt, use the use command to select the module:

use exploit/multi/handler

After executing the command, your prompt will change to reflect the currently selected module:

msf6 exploit(multi/handler) >

This indicates that you are now in the context of the exploit/multi/handler module. Any options you set or show will be specific to this module, but it will also inherit any relevant global variables.

Observe that the LHOST value is already populated

Now that you have a module loaded, let's check its options to see if our global LHOST variable was applied.

In this step, you will use the show options command to display the configuration for the current module.

From the msf6 exploit(multi/handler) > prompt, run the following command:

show options

You will see a table of options for this module. Look for the LHOST variable. You'll notice that its value is already set to the IP address you configured globally in the first step.

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (generic/shell_reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  YOUR_IP_ADDRESS  yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target

As you can see, you didn't need to use the set LHOST command for this module because the global value was automatically inherited. This is the power of using global variables.

Use the unsetg command to remove a global variable

In this step, you will learn how to remove a global variable. If you no longer need a variable to be applied globally, you can use the unsetg command. This is useful when you want to revert to setting options on a per-module basis or want to clean up your session's configuration.

From the Metasploit prompt, run the unsetg command followed by the name of the variable you want to remove.

unsetg LHOST

This command will remove the LHOST variable from the global scope. You will see a confirmation message:

Unsetting LHOST...

Now, if you run show options again for the same module, you will see that the LHOST value is now empty.

show options

The output will now show that LHOST has no value set.

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (generic/shell_reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST                   yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target

You would now need to set LHOST locally for this module using the set command if you wanted to use it.

Discuss when to use global versus local options

In this final step, we'll discuss the practical differences between setting local and global variables and when to use each. Understanding this will help you work more effectively in Metasploit.

Local Variables (using set)

  • Scope: A variable set with the set command (e.g., set RHOSTS 10.10.10.1) is local to the currently loaded module.
  • Behavior: When you switch to a new module using the use command, this local variable is discarded. The new module will have its own default or empty value for that option.
  • When to use: Use set for options that are specific to a single target or module. The most common example is RHOSTS (the remote host/target IP), which almost always changes for each exploit you use. Other examples include TARGETURI or a specific USERNAME.

Global Variables (using setg)

  • Scope: A variable set with the setg command (e.g., setg LHOST 192.168.3.123) is global for the entire msfconsole session.
  • Behavior: The variable and its value will be automatically inherited by any module that uses that option name. It persists even when you switch modules.
  • When to use: Use setg for options that are likely to remain the same throughout your session. LHOST is the perfect example, as your attacking machine's IP address usually doesn't change. LPORT can also be a good candidate for a global variable if you consistently use the same listening port.

Summary of Commands:

  • set <VARIABLE> <VALUE>: Sets a variable for the current module only.
  • setg <VARIABLE> <VALUE>: Sets a variable globally for all modules in the session.
  • unset <VARIABLE>: Clears a local variable in the current module.
  • unsetg <VARIABLE>: Clears a global variable.

By strategically using set for target-specific options and setg for session-wide options, you can minimize repetitive configuration and focus more on the exploitation process.

You can now exit the Metasploit console.

exit

Summary

In this lab, you learned how to effectively use global variables in the Metasploit Framework to streamline your workflow. You practiced using the setg command to define a global LHOST, observed how it automatically populated across different modules, and used the unsetg command to remove it. You also learned the key differences between local (set) and global (setg) variables, enabling you to make more efficient configuration choices during a penetration test. Mastering this simple concept can save a significant amount of time and reduce errors in complex scenarios.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux