akde/infosec

Information security is ultimately about managing risk

metasploit

, ,

The usu­al stuff:

workspace -a host42 // To create a new workspace
workspace host42 // To open an existing workspace
db_nmap ...
hosts
services
...
search smb type:auxiliary
...
vulns // Shows all found vulnerabilities
creds // Shows all found credentials

General usage

  • back — delete the cur­rent context
  • check — per­forms a check if the tar­get is vul­ner­a­ble (not sup­port­ed from all modules)
  • con­nect — Telnet
  • edit — Opens VI(m)
  • info <mod­ule> — shows usage
  • irb — irb 🙂
  • route — rere­out­ed all traf­fic from a network/host through a metas­ploit session
  • search — search­es for any­thing, options can be combined: 
    • search name:mysql
    • search platform:linux
    • search type:post
    • can be com­bined: search name:mysql platform:linux
      • grep can be used: grep pat­tern cmd
  • ses­sions — man­ag­ing con­cur­rent run­ning sessions
  • set — sets frame­work options and para­me­ters like set RHOST 127.0.0.1
  • unset — unsets frame­work options and parameters
  • setg — sets glob­al vari­able to be used in the con­sole lat­er. Exam­ple: setg LHOST 10.1.1.1
  • show — shows many things: 
    • show aux­il­iary
    • show exploits
    • show pay­loads
    • show options
    • show tar­gets
    • show advanced
    • show encoders
    • show nops
  • use <mod­ule> — acti­vates a module
  • creds — man­age found credentials 
    • Add man­u­al­ly: creds ‑a 172.16.194.134 ‑p 445 ‑u Admin­is­tra­tor ‑P test
  • hosts — shows retrieved host information
  • db_nmap per­forms nmap and stores the infor­ma­tion to the DB. Then, infor­ma­tions can be looked up direct­ly, e.g. via ser­vices ‑p 443.

Payloads

  • Staged pay­load with /: payload/linux/x86/shell/reverse_tcp
  • Non-Staged pay­load with­out /: payload/linux/x86/shell_reverse_tcp

Working with sessions

  • Sin­gles sin­gle pay­load which can be inte­grat­ed in an attack
  • Stagers Pay­load is loaded direct­ly from the attack­er’s sys­tem after an attack.
  • Stages Pay­loads is loaded via the net­work from any­where after an attack.

Using the database

A data­base can be used to store infor­ma­tions, pay­loads, etc. To cre­ate a ini­tial db, use msfdb init before open­ing msfconsole.

  • work­space — shows all workspaces
  • work­sapace ‑a <name> — cre­ates a workspace
  • work­space <name> — switch­es to a workspace
  • work­space ‑d <name> — deletes a workspace

With db_export ‑f xml /root/e.xml, a work­space can be exported.

Local Modules

Leave a Reply

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';