Metasploit#

Metasploit is the world’s most-used penetration testing framework. The operator drives modules from msfconsole, manages sessions via Meterpreter, and pivots through compromised hosts.

General info#

$ msfconsole                      # launch
$ version                         # current version
$ msfupdate                       # weekly update
$ makerc <FILE.rc>                # save recent commands
$ msfconsole -r <FILE.rc>         # load a resource file

Exploit#

msf > use <MODULE>
msf > set payload <PAYLOAD>
msf > show options
msf > set <OPTION> <SETTING>
msf > exploit
msf > run

Session handling#

msf > sessions -l                 # list sessions
msf > sessions -i <ID>            # interact / attach
msf > background                  # or Ctrl+Z to detach

Database#

$ service postgresql start
msf > msfdb init
msf > db_status                   # connected?
msf > hosts                       # show hosts
msf > services                    # show ports
msf > vulns                       # show vulns

Meterpreter session#

meterpreter > sysinfo
meterpreter > ps
meterpreter > kill <PID>
meterpreter > getuid
meterpreter > upload <file>
meterpreter > download <file>
meterpreter > pwd / lpwd
meterpreter > cd / lcd
meterpreter > cat
meterpreter > edit <FILE>
meterpreter > shell
meterpreter > migrate <PID>
meterpreter > hashdump            # Windows only
meterpreter > idletime
meterpreter > screenshot
meterpreter > clearev             # clear logs

Privilege escalation#

meterpreter > use priv
meterpreter > getsystem
meterpreter > getprivs

Token stealing#

meterpreter > use incognito
meterpreter > list_tokens -u
meterpreter > impersonate_token DOMAIN\\USER
meterpreter > drop_token

Network pivoting#

meterpreter > portfwd [ADD|DELETE] -L <LHOST> -l 3388 -r <RHOST> -p 3389

msf > route add <SUBNET> <MASK>
msf > route add 192.168.0.0/24
msf > route add 192.168.0.0/24 -d            # delete a route

References#