diff --git a/metasploit.md b/metasploit.md new file mode 100644 index 0000000..5ee0844 --- /dev/null +++ b/metasploit.md @@ -0,0 +1,51 @@ +# Metasploit + +## Modules +* __Auxiliary__ scanners, crawlers and fuzzers +* __Encoders__ encode payloads +* __Evasion__ prepare payloads to circumvent signature based malware detection +* __NOPs__ various architectures +* __Payloads__ to run on target systems + * Singles, inline payloads, for example generic/shell_reverse_tcp + * Stagers, downloads the stages payloads + * Stages, for example windows/x64/shell/reverse_tcp +* __Post__ postexploitation + +## Notes +* Search via scope +```sh +search type:auxiliary +``` +* Send exploit to background +``` +run -z +``` +* `check` if target is vulnerable +* `setg` sets variables globally +* `unset payload` +* Flush via `unset all` + +## Sessions +* `background` or `ctrl+z` +* Foreground via `sessions -i ` + +## Scanning +* Portscan +```sh +search portscan +``` +* UDP Sweep via `scanner/discovery/udp_sweep` +* SMB Scan via `scanner/smb/smb_version` and `smb_enumshares` +* SMB login dictionary attack `scanner/smb/smb_login` +* NetBios via `scanner/netbios/nbname` +* HTTP version `scanner/http/http_version` + +## Database +* Start postgres +* `msfdb init` +* `db_status` +* Separate `workspace -a ` +* Safe scans via `db_nmap` +* Show `hosts` +* Show `services` +* Set RHOST values via `hosts -R`