⚙️

Essential Metasploit Commands Overview

Sep 27, 2024

Metasploit Minute Lecture Notes

Introduction

  • Host: Rob Fuller (aka Lewis)
  • Sponsor: Hack5 and viewer support via HAKshop.com
  • Focus: Basic commands in Metasploit Minute Series (MSI)

Key Commands in Metasploit

Banner Command

  • Purpose: For fun, to get different banners including a cow.
  • Command: banner

MSF Console Commands

  • Command Listing: Use ? to show all available commands, similar to Cisco routers.
  • Common Commands:
    • use: Begin using available modules like exploits, payloads, etc.

Directory Structure

  • Modules Path: modules/exploits/windows/SMB/psexec
  • Command: use followed by the specific path to load a module.

Setting Options

  • Setting Parameters: Use set followed by the option name and its value (e.g., IP, username, password).
  • Example Payload Command: set payload windows/meterpreter/reverse_https
  • Change Payload Options: Use uppercase options to avoid potential issues.

Exploiting

  • Execute: exploit or exploit -j (sets as a background job).
  • Sessions: Use sessions to view active sessions.

Auxiliary Modules

  • Run Command: Use run for auxiliary modules.

Payload Modules

  • Generate Command: Use generate for creating payloads.

Ruby Interaction

  • IRB: Ruby interpreter for scripting in Metasploit context.
  • Command: irb to enter Ruby scripting mode.

File Manipulation

  • Editing: Use edit to modify target files or Metasploit modules.
  • Process: Downloads, edits, and re-uploads files.

Plugins and Extensions

  • Loading Plugins: Use load to add plugins (e.g., sound by DigiNinja).
  • Loading Extensions: In Meterpreter session, load incognito for extra capabilities.

Configuration Management

  • Save Settings: save saves current settings to a config file.
  • RC Files: make rc creates a resource script of commands executed.

Module Search

  • Search Command: search to find specific modules in Metasploit.

Sessions and Jobs

  • Session Management: Commands for interacting, terminating, or listing sessions.
  • Job Management: exploit -j sets jobs to run in the background. jobs -v lists current jobs.

Conclusion

  • Further Learning: More detailed exploration of commands in future sessions.
  • Contact: Feedback via MSF at hack5 org
  • Support: Visit HAKshop.com and use code Mubix for benefits.

Metasploit Minute: A resource for learning exploitation techniques and Metasploit commands.

Full transcript