Exploitation on d3vilsec https://d3vilsec.com/cheatsheets/pentesting/exploitation/ Recent content in Exploitation on d3vilsec Hugo en Metasploit Framework https://d3vilsec.com/cheatsheets/pentesting/exploitation/metasploit/ Mon, 01 Jan 0001 00:00:00 +0000 https://d3vilsec.com/cheatsheets/pentesting/exploitation/metasploit/ <h1 id="metasploit-framework-cheatsheet">Metasploit Framework Cheatsheet</h1> <p><strong>Default Ports:</strong> N/A (framework) — handlers commonly bind <code>4444/tcp</code></p> <blockquote> <p>For authorized testing, CTFs, and lab use only. Always have explicit permission.</p> </blockquote> <hr> <h2 id="starting-up">Starting Up</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>msfconsole <span style="color:#75715e"># Launch the console</span> </span></span><span style="display:flex;"><span>msfconsole -q <span style="color:#75715e"># Launch quietly (no banner)</span> </span></span><span style="display:flex;"><span>msfconsole -r script.rc <span style="color:#75715e"># Run a resource script on start</span> </span></span><span style="display:flex;"><span>msfdb init <span style="color:#75715e"># Initialise the PostgreSQL database</span> </span></span><span style="display:flex;"><span>msfdb status <span style="color:#75715e"># Check database status</span> </span></span><span style="display:flex;"><span>service postgresql start <span style="color:#75715e"># Start DB backend (if not running)</span> </span></span></code></pre></div><p>Inside the console:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>db_status <span style="color:#75715e"># Confirm DB connection</span> </span></span><span style="display:flex;"><span>version <span style="color:#75715e"># Show framework version</span> </span></span><span style="display:flex;"><span>help <span style="color:#75715e"># List commands</span> </span></span><span style="display:flex;"><span>banner <span style="color:#75715e"># Print a random banner</span> </span></span></code></pre></div><hr> <h2 id="core-console-commands">Core Console Commands</h2> <table> <thead> <tr> <th>Command</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code>search &lt;term&gt;</code></td> <td>Search modules</td> </tr> <tr> <td><code>use &lt;module&gt;</code></td> <td>Select a module</td> </tr> <tr> <td><code>info</code></td> <td>Show details of current module</td> </tr> <tr> <td><code>show options</code></td> <td>Show required/optional settings</td> </tr> <tr> <td><code>show advanced</code></td> <td>Show advanced options</td> </tr> <tr> <td><code>show payloads</code></td> <td>List compatible payloads</td> </tr> <tr> <td><code>show targets</code></td> <td>List target platforms</td> </tr> <tr> <td><code>set &lt;opt&gt; &lt;val&gt;</code></td> <td>Set an option</td> </tr> <tr> <td><code>setg &lt;opt&gt; &lt;val&gt;</code></td> <td>Set an option globally (all modules)</td> </tr> <tr> <td><code>unset &lt;opt&gt;</code></td> <td>Clear an option (<code>unset all</code> for all)</td> </tr> <tr> <td><code>run</code> / <code>exploit</code></td> <td>Execute the module</td> </tr> <tr> <td><code>back</code></td> <td>Leave the current module</td> </tr> <tr> <td><code>info -d</code></td> <td>Open module docs in browser</td> </tr> </tbody> </table> <hr> <h2 id="searching-modules">Searching Modules</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>search type:exploit platform:windows smb </span></span><span style="display:flex;"><span>search cve:2017-0144 <span style="color:#75715e"># EternalBlue</span> </span></span><span style="display:flex;"><span>search name:eternalblue </span></span><span style="display:flex;"><span>search type:auxiliary scanner ssh </span></span><span style="display:flex;"><span>search rank:excellent type:exploit struts </span></span></code></pre></div><p>Search filters: <code>type:</code> <code>platform:</code> <code>cve:</code> <code>name:</code> <code>rank:</code> <code>author:</code> <code>app:</code> <code>port:</code></p>