Metasploit

Setup

Start the postgresql service:

systemctl start postgresql

Enable the postgresql service at boot:

systemctl enable postgresql

Create and initialize the MSF database:

msfdb init

Update Metasploit:

apt update && apt install metasploit-framework

Start Metasploit quietly:

msfconsole -q

Commands

• use: activate a module

  • use exploit/multi/handler

• back: go back to the main prompt

• previous: activate the previously-used module

• show: display module-related info

  • show options

  • show payloads

  • show targets

• set/unset: configure options for the currently-used module

  • set LHOST tun0

  • set LPORT 443

  • unset LHOST

  • unset LPORT

• setg/unsetg: configure options for all modules during this Metasploit session

  • setg LHOST tun0

  • setg LPORT 443

  • unsetg LHOST

  • unsetg LPORT

Database Access

Show stored findings in the current module:

msf6 > services

Check a specific finding on port 445:

msf6 > services -p 445

Run Nmap and save the findings to the database:

msf6 > db_nmap <remote_ip> -A -Pn

Display all discovered hosts:

msf6 > hosts

Add Exploits to Metasploit

If searchsploit finds a Metasploit exploit but it is not in the Metasploit framework, add it manually:

cp <exploit_path> /usr/share/metasploit-framework/modules/exploits/linux/http

In Metasploit, run reload_all.

msf6 > reload_all

Advanced Options

Metasploit modules have some advanced options for you to play with. For example, in exploit/linux/samba/is_known_pipename, we have to set SMB version to 1. This is done in one of the advanced options:

exploit/linux/samba/is_known_pipename advanced options

Set SMB:ProtocolVersion to 1:

msf6 exploit(linux/samba/is_known_pipename) > set SMB::ProtocolVersion 1