Metasploit

cheatsheet for metasploit console and modules

Upgrade

apt update; apt install metasploit-framework

Msfconsole

msfconsole -q

Exploit selection

Search

search platform:<windows/linux/macos> type:exploit name:<keyword>

Keywords:

  app       :  <client/server>
  author    :  <author>
  bid       :  <bugtrack ID>
  cve       :  <CVE code>
  edb       :  <exploit-db code>
  name      :  <keyword>
  platform  :  <windows/linux/macos/...>
  ref       :  Modules with a matching ref
  type      :  <exploit/auxiliary/post>

Show

show            #show all modules
show auxiliary  #recon        
show exploits   #exploit modules
show payloads   #payloads to be deployed by the exploit
show post       #post-exploitation modules

Exploit configuration

Show details

info <exploit full path or number>
use <exploit>
show options    #show options of exploit in use
show payloads   #show a list of compatible payloads
show targets    #show a list of compatible OS versions and configurations
show advanced   #show exploit's advanced options
show evasion    #show evasion settings
show all        #show options and description of exploit in use

Set options

set <option> <value>     #set an option for current payload/exploit
setg <option> <value>    #set a global option valid for all payloads/exploits
unset <option>
unsetg <option>
unset all
unsetg all

Generally it is required to select a payload by running set payload <payload>. To see a list of compatible payloads run show payloads. Some exploits require to specify a target, in order to do so run set target <target>, a list of targets is provided by running show targets. By default the exploit may try to pick the most suitable target by guessing from other user-set options or during exploitation phase.

Execution and sessions

Payload execution

exploit    #run selected exploit
exploit -j #run exploit in background
run        #execute select auxiliary payload
check      #if available check if the target is vulnerable to the current exploit

Sessions

jobs                #list all running processes
jobs -K             #kill all jobs
jobs -k <name>      #kill the given job
sessions -l         #list open connections with remote hosts
sessions -i <id>    #switch to selected remote shell

Handlers

Listens for a connection from a remote host to the specified port. Useful when running exploits not generated by msf or waiting for a backdoor to come online.

use exploit/multi/handler
set PAYLOAD <payload>
set LHOST <local ip>
set LPORT <port>
exploit -j
PreviousUseful sitesNextSearchsploit

Last updated