Metasploit

  • msfconsole - CLI interfaces
  • armitage - a 3rd party GUI interface

Setup

  • must enable postgresql before starting the console
  • systemctl start postgresql - starts service
  • systemctl enable postgresql - set to auto start

usage

  • auxiliary module - post scanning, protocol enum, fuzzing, sniffing modules
  • show auxiliary - show modules
  • to use a module use module/path/argument
  • info - show module info
  • show options - configurable options
  • set OPTION value - set the option
  • setg OPTION value - sets value that is global or persists between modules
    • RHOSTS - common option for targets of module
    • RPORT - Target Port
    • LHOST - Local IP
    • LPORT - Local port
    • THREADS -
  • search - search msf plugins
  • hosts - list host in database
  • db_nmap - MSF wrapper to run nmap and load data into database
  • services - list hosts in database
  • show payloads - show shell code payloads
  • run or exploit - execute module on RHOSTS
  • sessions - used to list current active meterpreter sessions

Meterpreter

  • Multistage multipurpse exploit payload
  • Can be used to run multiple actions like file transfer, provide shells, keyloggers etc.
  • background - used to background current session, can be used to execure a module againt the session
  • sysinfo - get system info
  • getuid - get user id you are currently running as
  • search - search file system
  • shell - get shell
  • msfvenom - cli to build payloads
  • there many useful post exploitation options
    • portfwd
    • keyscan_start
    • keyscan_stop
    • screenshot
    • hashdump
    • and more

Building custom module

  • written in ruby
  • user modules in
    ~/.msf4/modules/
  • copy existing starting point
    cp /usr/share/metaploit-framework/modules/.... ~/.msf4/modules/