Metasploit

Setup

Start the postgresql service:

systemctl start postgresql

Enable the postgresql service at boot:

systemctl enable postgresql

Create and initialize the MSF database:

msfdb init

Update Metasploit:

apt update && apt install metasploit-framework

Start Metasploit quietly:

msfconsole -q

Commands

  • use: activate a module

    • use exploit/multi/handler

  • back: go back to the main prompt

  • previous: activate the previously-used module

  • show: display module-related info

    • show options

    • show payloads

    • show targets

  • set/unset: configure options for the currently-used module

    • set LHOST tun0

    • set LPORT 443

    • unset LHOST

    • unset LPORT

  • setg/unsetg: configure options for all modules during this Metasploit session

    • setg LHOST tun0

    • setg LPORT 443

    • unsetg LHOST

    • unsetg LPORT

Database Access

Show stored findings in the current module:

msf6 > services

Check a specific finding on port 445:

msf6 > services -p 445

Run Nmap and save the findings to the database:

msf6 > db_nmap <remote_ip> -A -Pn

Display all discovered hosts:

msf6 > hosts

Add Exploits to Metasploit

If searchsploit finds a Metasploit exploit but it is not in the Metasploit framework, add it manually:

cp <exploit_path> /usr/share/metasploit-framework/modules/exploits/linux/http

In Metasploit, run reload_all.

msf6 > reload_all

Advanced Options

Metasploit modules have some advanced options for you to play with. For example, in exploit/linux/samba/is_known_pipename, we have to set SMB version to 1. This is done in one of the advanced options:

exploit/linux/samba/is_known_pipename advanced options

Set SMB:ProtocolVersion to 1:

msf6 exploit(linux/samba/is_known_pipename) > set SMB::ProtocolVersion 1
PreviousMalleable C2 ProfileNextPayloads

Last updated

Was this helpful?