📑
Security Notes
  • Readme
  • Resources
    • Useful sites
    • Metasploit
      • Searchsploit
      • Msfvenom
      • Meterpreter
    • Shells
    • Linux
      • Cron
      • Connection
      • Compilers
    • Windows
      • Kernel exploits table
    • Bruteforce
      • Checklist
      • John the Ripper
      • Hashcat
    • BOF
      • Assembly
    • Gaining access checklist
  • Cloud - AWS
    • Enumeration
    • References
    • Bucket S3
      • Public Bucket
      • AMI Files
      • File upload to RCE
    • EC2
      • cloud-init Exploits
      • SSRF To AWS Role compromise
      • Unencrypted EBS
    • IAM
      • Account Disclosure by resource policy
    • Lambda Function
      • Code Injection
      • Attacking APIs
    • VPC
      • Expose Resources
  • Networking
    • Nmap
      • Scan types
    • TCPDump
    • Port forwarding
    • Ports
      • 21 - FTP
      • 22 - SSH
      • 25 465 587 - SMTP
      • 53 - DNS
      • 110 995 - POP3
      • 111 - NFS
      • 113 - Ident
      • 123 - NTP
      • 135 137 139 - RPC
      • 143 993 - IMAP
      • 161 - SNMP
      • 389 - LDAP
      • 139 445 - SMB
      • 873 - Rsync
      • 6379 - Redis
      • 6667 - IRC
  • Linux PrivEsc
    • Checklist
    • Enumeration
      • Important files
      • Memory Dump
    • Privileges Exploitation
    • Wildcard Exploits
    • Sudo Exploits
    • Docker Container
    • Docker Groups
    • Common Exploits
  • Windows PrivEsc
    • Checklist
    • Enumeration
      • Important Files
    • Antivirus evasion tools
    • Unquoted paths
    • Always install elevated
    • Vulnerable services
    • Client side
    • Exploitable privileges
      • Juicy Potato
    • UAC bypass
    • Common Exploits
  • Active Directory
    • Introduction
    • Checklist
    • Enumeration
    • Enable RDP
    • Kerberos
    • Rubeus
    • Credentials harvesting
      • Domain Controller specific
    • Connection
    • Pass The Hash
    • Kerberoast
    • ASREProast
    • Tickets
  • Web Attacks
    • Checklist
    • Enumeration
      • URL bruteforcing
    • APIs and Fields
    • Authentication
    • Filter Evasion
      • Fuzzying and encoding
    • File Vulnerabilities
      • LFI List
      • PHP shells
    • RCE
    • Code Injection
    • Dependency Injection
    • Joomla
    • Wordpress
    • WebDAV
    • HTTP
    • XSS
      • DOM Based
      • Reflected
      • Filter Evasion
    • SSI
    • SSTI
    • RCE
    • CSRF
    • SQL injection
      • sqlmap
      • PostgreSQL
      • Oracle
      • MSSQL
      • MySQL
      • Login
    • XPath injection
    • XXE
    • CORS
  • MOBILE PENTESTING
    • Static Code Analysis
    • Dynamic Code Analysis
    • Network Traffic Analysis
Powered by GitBook
On this page
  • Upgrade
  • Msfconsole
  • Exploit selection
  • Exploit configuration
  • Execution and sessions
  • Handlers
  1. Resources

Metasploit

cheatsheet for metasploit console and modules

Upgrade

apt update; apt install metasploit-framework

Msfconsole

msfconsole -q

Exploit selection

Search

search platform:<windows/linux/macos> type:exploit name:<keyword>

Keywords:

  app       :  <client/server>
  author    :  <author>
  bid       :  <bugtrack ID>
  cve       :  <CVE code>
  edb       :  <exploit-db code>
  name      :  <keyword>
  platform  :  <windows/linux/macos/...>
  ref       :  Modules with a matching ref
  type      :  <exploit/auxiliary/post>

Show

show            #show all modules
show auxiliary  #recon        
show exploits   #exploit modules
show payloads   #payloads to be deployed by the exploit
show post       #post-exploitation modules

Exploit configuration

Show details

info <exploit full path or number>
use <exploit>
show options    #show options of exploit in use
show payloads   #show a list of compatible payloads
show targets    #show a list of compatible OS versions and configurations
show advanced   #show exploit's advanced options
show evasion    #show evasion settings
show all        #show options and description of exploit in use

Set options

set <option> <value>     #set an option for current payload/exploit
setg <option> <value>    #set a global option valid for all payloads/exploits
unset <option>
unsetg <option>
unset all
unsetg all

Generally it is required to select a payload by running set payload <payload>. To see a list of compatible payloads run show payloads. Some exploits require to specify a target, in order to do so run set target <target>, a list of targets is provided by running show targets. By default the exploit may try to pick the most suitable target by guessing from other user-set options or during exploitation phase.

Execution and sessions

Payload execution

exploit    #run selected exploit
exploit -j #run exploit in background
run        #execute select auxiliary payload
check      #if available check if the target is vulnerable to the current exploit

Sessions

jobs                #list all running processes
jobs -K             #kill all jobs
jobs -k <name>      #kill the given job
sessions -l         #list open connections with remote hosts
sessions -i <id>    #switch to selected remote shell

Handlers

Listens for a connection from a remote host to the specified port. Useful when running exploits not generated by msf or waiting for a backdoor to come online.

use exploit/multi/handler
set PAYLOAD <payload>
set LHOST <local ip>
set LPORT <port>
exploit -j
PreviousUseful sitesNextSearchsploit

Last updated 4 years ago