Topsy Metasploit Series (Episode II)

in the previous section , you learned about the structure of the Metasploit. In this section we mainly introduce the theory of Msfconsole.

Msfconsole theory

In MSF, Msfconsole can be said to be the most popular interface program. Many people are afraid when they first meet Msfconsole. So many complex command statements need to be learned, but Msfconsole is really a powerful interface program. The Msfconsole provides an integrated centralized console. Through Msfconsole, you can access and use all the Metasploit plugins, payload, using modules, post modules and more. Msfconsole also has a third-party program interface, such as Nmap,sqlmap, can be used directly inside the msfconsole.

You can enter msfconsole directly in the Command Line window and then enter. This opens the Msfconsole. Msfconsole system files and user files are located in the/usr/share/metasploit-framework/msfconsole directory.

When you open msfconsole, please look at the red box. This clearly marks the Metasploit of all the use of modules, payload, post modules and so on.

Msfconsole has two options for viewing help. One is msfconsole-h, one is help.

Msfconsole–h is the option and parameter that is displayed in Msfconsole initialization. The help is a display of options that can be used after entering Msfconsole.

Msfconsole–h parameters

Interpretation and utilization of all parameters

Help parameters

Next I would like to say msfconsole the use of various parameters and some explanations.

Back parameter

The back parameter is primarily used to return. For example, if you enter the settings of a vulnerability module, but you want to re-select a vulnerability module, you need to use the back parameter.

This diagram illustrates that I started using the Ms08_067_netapi module and then returned using the back parameter.

Banner parameters

This is mainly to view Metasploit version information, the number of modules, the number of payload, and so on.

Check parameters

In fact, many of the modules do not support this parameter, but this parameter can be used to see some of the information that is more trusted by the module. It is primarily used to see if a target host can be exploited using the module.

Color parameter

This parameter mainly sets the color of some command lines. There is no real effect.

Connect parameter

This parameter is primarily used for remote connection to the host. Generally used for intranet infiltration. The more common commands are "connect 192.168.0.1 8080".

Connect is the parameter name, 192.168.0.1 is the IP address 8080 is the port number.

If you want to see more detailed connect information, you can enter connect–h directly.

Edit parameter

The function of this parameter is to edit the current module, mainly to edit $visual or $editor code information. Editing is done using the VIM editor.

Exit parameter

This is the command to exit Msfconsole. You can exit Msfconsole completely and return to the Linux terminal interface.

Info parameter

This parameter allows you to view information about your module, including options, exploit conditions, vulnerability authors, available payload, and more.

This info is used in two ways, the first of which is to enter info directly under the current inside module and enter to view the current module's information.

The second is to enter info, then enter the module's number followed by entering it, and enter to view the module information.

IRB parameters

This parameter can be entered in the IRB script mode and the command creation script is executed. Its language is ruby.

Jobs parameters

This parameter allows you to see what tasks are present on the msfconsole and optionally end some tasks that you do not need. If you want to see more detailed jobs options, you can simply enter "jobs-h" to view them.

Kill parameter

This parameter is mainly used in conjunction with the jobs parameter. If you find some unnecessary tasks after you use the jobs parameter, you can use the kill parameter to terminate some unwanted processes. It's usually the kill <jobs number >.

Load parameter

This parameter can load some plugins from the Metasploit plug library.

Unload parameters

This parameter can terminate the plugin you have started.

Resource parameters

This parameter can run some resource files, and some tools, such as the Karmetasploit wireless attack, require this parameter. In the following article I will say how to use this attack.

‍‍

Route parameters

The route parameter is primarily used as a springboard. The function of this parameter is to do proxy forwarding. In our big celestial, this parameter is very important ah, do you want to be in the next happy infiltration, next to your beloved WiFi, suddenly .....

Blog has written how to use the route to do a springboard article, you can go to see for themselves. Of course, there are netizens said, with this parameter is too slow agent. In fact, when you do the agent to the main, be sure to choose from their country the nearest server in turn to do the agent. For example, you can choose to take Japan's server as a springboard, and then continue to use the U.S. server to do the springboard. This can increase the speed of packet transmission. One more advanced method is to directly invade a VPN server, find the RADIUS database, add an account inside. You can then jump to a server and then connect to the VPN server from the server. For the route, you can use-H to view more information.

Route do agent ---Article Index point I.

Search parameters

When you use Msfconsole, you will use a variety of vulnerability modules, a variety of plugins and so on. So the search command is important. I'll explain the order in detail.

Some options for the search command are listed when you enter Search–h or help search.

Find by name

you need to use the name: command here. If I'm looking for a bug in the MySQL database, enter "Search Name:mysql".

To find by path

Sometimes we have a situation where we just remember the path of the module, but forget the name of the module. You can then use the path: command to find all the modules under that path. If I want all MySQL utilization modules under the MySQL path, then enter "Search Path:mysql".

Narrow the scope of the query

Sometimes we search for a lot of modules, so we can use the platform: command to narrow down the scope of the query. With the platform command, the query results list the higher rank modules. If I'm looking for a bug in MySQL, enter "Search Platform:mysql". We compare the above, found no, all rank for normal modules are all shielded, only a few more advanced use of the module.

To find by type

Here to use the type: command. Metasploit only three modules can be used, the first is the exploit module, that is, the use of modules. The second type is the auxiliary module. The third type is the Post module. So the type command will only be able to search for the three types of modules. If I want to search the Post module, then enter "Search Type:post":

Find by module author name

Sometimes we want to see all the modules written by an author, then we need to use the Author: command. Many people think that this is superfluous, the fact is not. Later you need to write your own vulnerability module, and with this command you can quickly find your own modules. If I want to find all the modules written by Dookie, then enter "Search Author:dookie":

Federated Lookup

You can use the parameters above to use them. If I'm looking for a vulnerability module for Mac systems written by Dookie. Then enter "Search Author:dookie Name:macos":

Sessions parameters

This parameter allows you to interactively, query, or terminate some of the current sessions. If you want to see the session options, simply type "sessions-h". It is important to note that the command is sessions, not a session. A lot of people forget the back of the S.

Set parameters

This is primarily a setup for payload or other modules. For example, setting an attack target IP is "set RHOST 192.168.0.2":

unset parameters

If you use the SET command and you find that the settings are wrong, you can choose Unset to reset.

SETG parameters

This is somewhat similar to set, but the difference is that this is a global variable setting. Set once and then save, then later, the vulnerability module you do not have to repeat the settings. But please note! If you set a global variable in a module, check the option when you use the module later. So as not to do repetitive infiltration work. Of course, if you set the error, you can also use the UNSETG command to reset.

Set and then enter save to save your global variable settings.

Show parameters

This command is used a lot. Please look carefully. If you simply enter show, then all the payload are displayed, using modules, post modules, plugins, and so on. But generally we don't use them.

If you want to display the utilization module, enter show exploits. If you want to display payload, enter show payloads. There are a total number of commands that can be used, show auxiliary;,; show exploits;,; show payloads;,; show encoders;, and; show Nops;

If I go in there. After taking advantage of the module, you can enter show payloads by looking at the loading load of the module. Everyone here is free to play.

Use parameter

This is the use of parameters. If you want to use a module, payload, and so on, you need to use the usage parameter:

Msfconsole's basic commands are here, and next I'll show you an actual combat to validate the theory above.

Topsy Metasploit Series (Episode II)