Metasploit

  • msfconsole – CLI interfaces
  • armitage – a 3rd party GUI interface

Setup

  • must enable postgresql before starting the console
  • systemctl start postgresql – starts service
  • systemctl enable postgresql – set to auto start

usage

  • auxiliary module – post scanning, protocol enum, fuzzing, sniffing modules
  • show auxiliary – show modules
  • to use a module use module/path/argument
  • info – show module info
  • show options – configurable options
  • set OPTION value – set the option
  • setg OPTION value – sets value that is global or persists between modules
    • RHOSTS – common option for targets of module
    • RPORT – Target Port
    • LHOST – Local IP
    • LPORT – Local port
    • THREADS
  • search – search msf plugins
  • hosts – list host in database
  • db_nmap – MSF wrapper to run nmap and load data into database
  • services – list hosts in database
  • show payloads – show shell code payloads
  • run or exploit – execute module on RHOSTS
  • sessions – used to list current active meterpreter sessions

Meterpreter

  • Multistage multipurpse exploit payload
  • Can be used to run multiple actions like file transfer, provide shells, keyloggers etc.
  • background – used to background current session, can be used to execure a module againt the session
  • sysinfo – get system info
  • getuid – get user id you are currently running as
  • search – search file system
  • shell – get shell
  • msfvenom – cli to build payloads
  • there many useful post exploitation options
    • portfwd
    • keyscan_start
    • keyscan_stop
    • screenshot
    • hashdump
    • and more

Building custom module

  • written in ruby
  • user modules in
    ~/.msf4/modules/
  • copy existing starting point
    cp /usr/share/metaploit-framework/modules/.... ~/.msf4/modules/