GENERAL INFORMATION
Metasploit is a free tool that has built in exploits which aids in gaining remote access to a system by exploiting a vulnerability in that server.msfconsole Launch program
version Display current version
msfupdate Pull the weekly update
makerc<FILE.rc> Saves recent commands to file
msfconsole -r <FILE.rc> Loads a resource file
EXECUTING AN EXPLOIT
use <MODULE> Set the exploit to useset payload <PAYLOAD> Set the payload
show options Show all options
set <OPTION> <SETTING> Set a setting
exploit or run Execute the exploit
SESSION HANDLING
sessions -l List all sessionssessions -i <ID> Interact/attach to session
background or ^Z Detach from session
USING THE DB
The DB saves data found during exploitation. Auxiliary scan results, hashdumps, and credentials show up in the DB.FIRST TIME SETUP
Run from linux command line.service postgresq1 start Start DB
msfdb init Init the DB
db_status Should say connected
hosts Show host in DB
services Show ports in DB
vulns Show all vulns found
FINDING AN EXPLOIT TO USE
Do information gathering with db_nmap and auxiliary modules. Aux mods have numerous scanners, gatherers, fuzzers, and tools that you to scan a CIDR block or single IP and will save the results in DB.db_nmap -sS -A 192.168.1.100 Do port scan and OS fingerprint then add to DB.
show auxiliary Show all auxiliary modules.
use auxiliary/scanner/smb/smb_version Detect the smb version in use
use auxiliary/scanner/ftp/anonymous Scan for anonymous FTP server
Once information gathering is on the host, look at what services or OS the host is running and do a search for that term.
search <TERM> Search all exploits, payloads and auxiliary modules.
show exploits Show all exploits.
show payloads Show all payloads.
WORKSPACES
Each workspace is like its own database. Create a new one to have a fresh DB.workspace -h Help
workspace List
workspace -a Add
workspace -d Delete
workspace -r Rename
METERPRETER COMMANDS
sysinfo Show system infops Show running process
kill <PID> Terminate a process
getuid Show your user ID
upload/download Upload/download a file
pwd/lpwd Print working directory
cd/lcd Change Directory
cat Show contents of a file
edit <FILE> Edit a file
shell Drop into a shell
migrate <PID> Switch to another process
hashdumps Show all pw hashes
idletime Display idle time of user
screenshot Take a screenshot
ESCALATE PRIVILEGES
use priv Load the scriptgetsystem Elevate your privs
getprivs Elevate your privs
TOKEN STEALING
use incognito Load the scriptlist_tokens -u Show all tokens
impersonate_token DOMAIN\\USER Use token
drop_token Stop using token
ENABLE PORT FORWARDING
This opens port 3388 locally which forward all traffic to 3389 on remote host:meterpreter> portfwd [ADD|DELETE] -L <LHOST> -l 3388 -r <RHOST> -p 3389
Pivot through a session by adding a route within msf it all you to exploit or scan adjacent hosts.
No comments:
Post a Comment