Metasploit

• msfconsole - CLI interfaces
• armitage - a 3rd party GUI interface

Setup

• must enable postgresql before starting the console
• systemctl start postgresql - starts service
• systemctl enable postgresql - set to auto start

usage

• auxiliary module - post scanning, protocol enum, fuzzing, sniffing modules
• show auxiliary - show modules
• to use a module use module/path/argument
• info - show module info
• show options - configurable options
• set OPTION value - set the option
• setg OPTION value - sets value that is global or persists between modules
  • RHOSTS - common option for targets of module
  • RPORT - Target Port
  • LHOST - Local IP
  • LPORT - Local port
  • THREADS -
• search - search msf plugins
• hosts - list host in database
• db_nmap - MSF wrapper to run nmap and load data into database
• services - list hosts in database
• show payloads - show shell code payloads
• run or exploit - execute module on RHOSTS
• sessions - used to list current active meterpreter sessions

Meterpreter

• Multistage multipurpse exploit payload
• Can be used to run multiple actions like file transfer, provide shells, keyloggers etc.
• background - used to background current session, can be used to execure a module againt the session
• sysinfo - get system info
• getuid - get user id you are currently running as
• search - search file system
• shell - get shell
• msfvenom - cli to build payloads
• there many useful post exploitation options
  • portfwd
  • keyscan_start
  • keyscan_stop
  • screenshot
  • hashdump
  • and more

Building custom module

• written in ruby
• user modules in
  ~/.msf4/modules/
• copy existing starting point
  cp /usr/share/metaploit-framework/modules/.... ~/.msf4/modules/