Metasploit

Setup

Start the postgresql service:

systemctl start postgresql

Enable the postgresql service at boot:

systemctl enable postgresql

Create and initialize the MSF database:

msfdb init

Update Metasploit:

apt update && apt install metasploit-framework

Start Metasploit quietly:

msfconsole -q

Commands

use: activate a module
- use exploit/multi/handler
back: go back to the main prompt
previous: activate the previously-used module
show: display module-related info
- show options
- show payloads
- show targets
set/unset: configure options for the currently-used module
- set LHOST tun0
- set LPORT 443
- unset LHOST
- unset LPORT
setg/unsetg: configure options for all modules during this Metasploit session
- setg LHOST tun0
- setg LPORT 443
- unsetg LHOST
- unsetg LPORT

Database Access

Show stored findings in the current module:

msf6 > services

Check a specific finding on port 445:

msf6 > services -p 445

Run Nmap and save the findings to the database:

msf6 > db_nmap <remote_ip> -A -Pn

Display all discovered hosts:

msf6 > hosts

Add Exploits to Metasploit

If searchsploit finds a Metasploit exploit but it is not in the Metasploit framework, add it manually:

cp <exploit_path> /usr/share/metasploit-framework/modules/exploits/linux/http

In Metasploit, run reload_all.

msf6 > reload_all

Advanced Options

Metasploit modules have some advanced options for you to play with. For example, in exploit/linux/samba/is_known_pipename, we have to set SMB version to 1. This is done in one of the advanced options:

Set SMB:ProtocolVersion to 1:

msf6 exploit(linux/samba/is_known_pipename) > set SMB::ProtocolVersion 1

PreviousMalleable C2 Profile NextPayloads

Last updated 3 years ago

hashtagSetup

hashtagCommands

hashtagDatabase Access

hashtagAdd Exploits to Metasploit

hashtagAdvanced Options

Setup

Commands

Database Access

Add Exploits to Metasploit

Advanced Options