killchain-compendium/metasploit.md

Metasploit

Modules

• Auxiliary scanners, crawlers and fuzzers
• Encoders encode payloads
• Evasion prepare payloads to circumvent signature based malware detection
• NOPs various architectures
• Payloads to run on target systems
  • Singles, inline payloads, for example generic/shell_reverse_tcp
  • Stagers, downloads the stages payloads
  • Stages, for example windows/x64/shell/reverse_tcp
• Post postexploitation

Notes

• Search via scope

search type:auxiliary <stuff>

• Send exploit to background

run -z

• check if target is vulnerable
• setg sets variables globally
• unset payload
• Flush via unset all

Sessions

• background or ctrl+z
• Foreground via sessions -i <number>

Scanning

• Portscan

search portscan

• UDP Sweep via scanner/discovery/udp_sweep
• SMB Scan via scanner/smb/smb_version and smb_enumshares
• SMB login dictionary attack scanner/smb/smb_login
• NetBios via scanner/netbios/nbname
• HTTP version scanner/http/http_version

Database

• Start postgres
• msfdb init
• db_status
• Separate workspace -a <projectname>
• Safe scans via db_nmap
• Show hosts
• Show services
• Set RHOST values via hosts -R