Metasploit

• msfconsole – CLI interfaces
• armitage – a 3rd party GUI interface

Setup

• must enable postgresql before starting the console
• systemctl start postgresql – starts service
• systemctl enable postgresql – set to auto start

usage

• auxiliary module – post scanning, protocol enum, fuzzing, sniffing modules
• show auxiliary – show modules
• to use a module use module/path/argument
• info – show module info
• show options – configurable options
• set OPTION value – set the option
• setg OPTION value – sets value that is global or persists between modules
  • RHOSTS – common option for targets of module
  • RPORT – Target Port
  • LHOST – Local IP
  • LPORT – Local port
  • THREADS –
• search – search msf plugins
• hosts – list host in database
• db_nmap – MSF wrapper to run nmap and load data into database
• services – list hosts in database
• show payloads – show shell code payloads
• run or exploit – execute module on RHOSTS
• sessions – used to list current active meterpreter sessions

Meterpreter

• Multistage multipurpse exploit payload
• Can be used to run multiple actions like file transfer, provide shells, keyloggers etc.
• background – used to background current session, can be used to execure a module againt the session
• sysinfo – get system info
• getuid – get user id you are currently running as
• search – search file system
• shell – get shell
• msfvenom – cli to build payloads
• there many useful post exploitation options
  • portfwd
  • keyscan_start
  • keyscan_stop
  • screenshot
  • hashdump
  • and more

Building custom module

• written in ruby
• user modules in
  ~/.msf4/modules/
• copy existing starting point
  cp /usr/share/metaploit-framework/modules/.... ~/.msf4/modules/