Mac Security

My Metasploit Cheat Sheet

I’ve been using metasploit for a long time, but it’s not something I use daily. So I started a notes doc on it a long time ago. Here’s that doc. <3

The setup (dependencies install mostly via homebrew for Mac or use whatever other dependency/package manager for others):

  • Install homebrew if needed: ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
  • brew install libxml2,nmap,ruby21
  • brew install postresql --without-ossp-uuid
  • git clone https://github.com/rapid7/metasploit-framework.git /usr/local/share/metasploit-framework

To launch the Metasploit console:

./msfconsole

To update:

msfupdate

From within the console, use the show verb to see a list of all Encoders, NOP Generators, Exploits, and Payloads:

show

To just show payloads:

Show payloads

Set your exploit (from the list above):

set payload generic/shell_reverse)_tcp

Show the available platforms that the exploit can be run against:

show targets

Of the targetable platforms, set one of them (by ID):

set target 0

Show evasion techniques (when an exploit is set, uses that exploit to query the remediation options):

show evasion

Show all credentials in a database:

creds

The Core commands include the following:

  •  ? or help: Show the Help menu
  • version: Shows the version of msfconsole
  • banner: Shows the sweet, sweet, ascii art banner
  • cd: Same as any other tty session; changes the working directory.
  •  color: Changes the color scheme
  •  connect: Open a connection to a device
  • quit or exit: Close the console gracefully
  • get: Displays the value of a supplied contextual variable
  • set: Sets a contextual variable
  • unset: Clears a contextual variable
  • getg: Displays the contents of a global variable
  • setg: Sets a global variable
  • unsetg: Clears a global variable
  • grep: Uses grep to constrain the output of a command
  • sleep: Sleeps a session (in seconds)
  • history: Displays a history of commands run in msfconsole      
  • load: Loads a framework plugin
  • unload: Unloads a framework plugin
  • route: Routes traffic through a substantiated session
  • save: Saves the active datastores
  • sessions: Dumps information about a session and the session stream
  • spool: Pipes output into a file

Commands for Task Management

  • jobs : Shows running job processes
  • kill: Kills a running job process
  • rename_job: Renames a running job process
  • handler: Starts a job with the supplied handler (don’t forget to give the job a name)

Database Commands

  • db_status: Show the database status
  • hosts: Shows hosts in a database
  • services: Shows services in a database
  • vulns: Shows vulnerabilities in a database
  • loot: Shows loot in a database
  • db_connect: Connect to a database
  • db_disconnect: Disconnect from a database instance
  • db_export: Dump a database
  • db_import: Import a database
  • db_rebuild_cache: Rebuilds the cache and reindexes

Commands for using modules. From msf:

  • search/show: Find and get information about a module
  • info: Shows information about a module (by name)
  • use exploit/name: Sets the exploit to be run
  • advanced: Shows the advanced settings for a module
  • previous: Sets the current module to the last one
  • loadpath: Loads a module based on the URI to the module     
  • reload_all: Start over for module paths