search
githubEdit

Metasploit Framework (MSF)

The world’s most used penetration testing framework Metasploitarrow-up-right

hashtag
Start

Start db

msfdb start

or

systemctl start postgresql

Start metasploit framework console

msfconsole

hashtag
Exploits

Select exploit

use <exploit>

Run exploit

run

or

exploit

hashtag
Options

Show options

Show advanced options

Set option

Set option (global)

hashtag
Payloads

Show payloads

Select payload

hashtag
Sessions

Show sessions

Interact with session

Send session to background

hashtag
Meterpreter

The shell command will present you with a standard shell on the target system.

Metasploit has a Meterpreter script, getsystem, that will use a number of different techniques to attempt to gain SYSTEM level privileges on the remote system.

hashtag
Encoders

Show encoders

Select encoder

hashtag
Misc

Search for exploits

Go back

Display help

Get info about current context?

hashtag
Multi/handler

Just start listener

hashtag
Jobs

Start job in background

Show jobs

hashtag
Post exploitation

This module suggests local meterpreter exploits that can be used.

This module extracts the plain-text Windows user login password in Registry.

This module will login with the specified username/password and execute the supplied command as a hidden process.

hashtag
Meterpreter session

Upgrade shell to meterpreter shell

Migrate to other (e.g. more stable) process

Get system info

Port forwarding

hashtag
Impersonation (Windows)

Look for privileges like SeImpersonatePrivilege, SeDebugPrivilege, etc.

Load incognito module and list available tokens

Impersonate e.g. BUILTIN\Administrators

Migrate to a process with the correct permission, to actually get the elevated permissions (token != permission).

hashtag
Resource Scripts

Resource scripts provide an easy way for you to automate repetitive tasks in Metasploit.

hashtag
demo.rc

PreviousMemory forensicsNextMITM

Last updated