# Metasploit

## Setup

Start the postgresql service:

```bash
systemctl start postgresql
```

Enable the postgresql service at boot:

```shell
systemctl enable postgresql
```

Create and initialize the MSF database:

```bash
msfdb init
```

Update Metasploit:

```bash
apt update && apt install metasploit-framework
```

Start Metasploit quietly:

```bash
msfconsole -q
```

## Commands

* **use:** activate a module
  * `use exploit/multi/handler`
* **back:** go back to the main prompt
* **previous:** activate the previously-used module
* **show:** display module-related info
  * `show options`
  * `show payloads`
  * `show targets`
* **set/unset:** configure options for the currently-used module
  * `set LHOST tun0`
  * `set LPORT 443`
  * `unset LHOST`
  * `unset LPORT`
* **setg/unsetg:** configure options for all modules during this Metasploit session
  * `setg LHOST tun0`
  * `setg LPORT 443`
  * `unsetg LHOST`
  * `unsetg LPORT`

## Database Access

Show stored findings in the current module:

```bash
msf6 > services
```

Check a specific finding on port 445:

```bash
msf6 > services -p 445
```

Run Nmap and save the findings to the database:

```bash
msf6 > db_nmap <remote_ip> -A -Pn
```

Display all discovered hosts:

```bash
msf6 > hosts
```

## Add Exploits to Metasploit

If `searchsploit` finds a Metasploit exploit but it is not in the Metasploit framework, add it manually:

```bash
cp <exploit_path> /usr/share/metasploit-framework/modules/exploits/linux/http
```

In Metasploit, run `reload_all`.

```bash
msf6 > reload_all
```

## Advanced Options

Metasploit modules have some **advanced options** for you to play with. For example, in `exploit/linux/samba/is_known_pipename`, we have to set SMB version to 1. This is done in one of the advanced options:

![exploit/linux/samba/is\_known\_pipename advanced options](https://3988450783-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MWVjG_njKgBtvmnKaJh%2Fuploads%2FoGbYkVKHogsmY2hAPIhi%2Fimage.png?alt=media\&token=3a7b0e4f-79ca-4a71-b3cd-c77a86758121)

Set `SMB:ProtocolVersion` to 1:

```bash
msf6 exploit(linux/samba/is_known_pipename) > set SMB::ProtocolVersion 1
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/metasploit.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.