I’ve been using metasploit for a long time, but it’s not something I use daily. So I started a notes doc on it a long time ago. Here’s that doc. <3
The setup (dependencies install mostly via homebrew for Mac or use whatever other dependency/package manager for others):
- Install homebrew if needed:
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
brew install libxml2,nmap,ruby21
brew install postresql --without-ossp-uuid
git clone https://github.com/rapid7/metasploit-framework.git /usr/local/share/metasploit-framework
To launch the Metasploit console:
./msfconsole
To update:
msfupdate
From within the console, use the show verb to see a list of all Encoders, NOP Generators, Exploits, and Payloads:
show
To just show payloads:
Show payloads
Set your exploit (from the list above):
set payload generic/shell_reverse)_tcp
Show the available platforms that the exploit can be run against:
show targets
Of the targetable platforms, set one of them (by ID):
set target 0
Show evasion techniques (when an exploit is set, uses that exploit to query the remediation options):
show evasion
Show all credentials in a database:
creds
The Core commands include the following:
?
orhelp
: Show the Help menuversion
: Shows the version of msfconsolebanner
: Shows the sweet, sweet, ascii art bannercd
: Same as any other tty session; changes the working directory.-
color
: Changes the color scheme -
connect
: Open a connection to a device quit
orexit
: Close the console gracefullyget
: Displays the value of a supplied contextual variableset
: Sets a contextual variableunset
: Clears a contextual variablegetg
: Displays the contents of a global variablesetg
: Sets a global variableunsetg
: Clears a global variablegrep
: Uses grep to constrain the output of a commandsleep
: Sleeps a session (in seconds)history
: Displays a history of commands run in msfconsoleload
: Loads a framework pluginunload
: Unloads a framework pluginroute
: Routes traffic through a substantiated sessionsave
: Saves the active datastoressessions
: Dumps information about a session and the session streamspool
: Pipes output into a file
Commands for Task Management
jobs
: Shows running job processeskill
: Kills a running job processrename_job
: Renames a running job processhandler
: Starts a job with the supplied handler (don’t forget to give the job a name)
Database Commands
db_status
: Show the database statushosts
: Shows hosts in a databaseservices
: Shows services in a databasevulns
: Shows vulnerabilities in a databaseloot
: Shows loot in a databasedb_connect
: Connect to a databasedb_disconnect
: Disconnect from a database instancedb_export
: Dump a databasedb_import
: Import a databasedb_rebuild_cache
: Rebuilds the cache and reindexes
Commands for using modules. From msf:
search
/show
: Find and get information about a moduleinfo
: Shows information about a module (by name)use
exploit
/name: Sets the exploit to be runadvanced
: Shows the advanced settings for a moduleprevious
: Sets the current module to the last oneloadpath
: Loads a module based on the URI to the modulereload_all
: Start over for module paths