sickwell
commented
4 years ago For msf does not matter and it’s a not default port. Each time time you need to choose this parameter like a LPORT=
Closed ION28 closed 2 years ago
sickwell
commented
4 years ago For msf does not matter and it’s a not default port. Each time time you need to choose this parameter like a LPORT=
ION28
commented
4 years ago @sickwell in Metasploit, if you do not specifically set your listener/payload to a different LPORT, it will use 4444. This can be seen through most documentation/examples such as this one and reading through the Metasploit source code such as: here, here, and here. Additionally, you'll see a number of pieces of malware that utilize this port here
Finally, while I agree this is a very brittle rule, if @SwiftOnSecurity is going to have a rule about alerting for Metasploit in the first place, it might as well use the correct default port which is why I created the PR originally.
SwiftOnSecurity
commented
2 years ago Thank you
Metasploit's default port is 4444 as noted in numerous blogs such as this one: https://blog.rapid7.com/2012/06/01/metasploit-exploit-failed-how-to-test-if-metasploit-is-working/