USING THE METASPLOIT FRAMEWORK

MSFconsole Commands

Show all exploits within the Framework.

show exploits

Show all payloads within the Framework.

show payloads

Show all auxiliary modules within the Framework.

show auxiliary

Search for exploits or modules within the Framework.

search <name>

Load information about a specific exploit or module.

info

Load an exploit or module (example: use windows/smb/psexec).

use <name>

Load an exploit by using the index number displayed after the search command.

use <number>

Your local host’s IP address reachable by the target, often the public IP address when not on a local network. Typically used for reverse shells.

LHOST

The remote host or the target. set function Set a specific value (for example, LHOST or RHOST).

RHOST

Set a specific value (for example, LHOST or RHOST).

set <function>

Set a specific value globally (for example, LHOST or RHOST).

setg <function>

Show the options available for a module or exploit.

show options

Show the platforms supported by the exploit.

show targets

Specify a specific target index if you know the OS and service pack.

set target <number>

Specify the payload to use.

set payload <payload>

Specify the payload index number to use after the show payloads command.

set payload <number>

Show advanced options.

show advanced

Automatically migrate to a separate process upon exploit completion.

set autorunscript migrate -f

Determine whether a target is vulnerable to an attack.

check

Execute the module or exploit and attack the target.

exploit

Run the exploit under the context of the job. (This will run the exploit in the background.)

exploit -j

Do not interact with the session after successful exploitation.

exploit -z

Specify the payload encoder to use (example: exploit –e shikata_ga_nai).

exploit -e <encoder>

Display help for the exploit command.

exploit -h

List available sessions (used when handling multiple shells).

sessions -l

List all available sessions and show verbose fields, such as which vulnerability was used when exploiting the system.

sessions -l -v

Run a specific Meterpreter script on all Meterpreter live sessions.

sessions -s <script>

Kill all live sessions.

sessions -K

Execute a command on all live Meterpreter sessions.

sessions -c <cmd>

Upgrade a normal Win32 shell to a Meterpreter console.

sessions -u <sessionID>

Create a database to use with database-driven attacks (example: db_create autopwn).

db_create <name>

Create and connect to a database for driven attacks (example: db_connect autopwn).

db_connect <name>

Use Nmap and place results in a database. (Normal Nmap syntax is supported, such as –sT –v –P0.)

db_nma

Delete the current database.

db_destroy

Delete database using advanced options.

db_destroy <user:password@host:port/database>

Meterpreter Commands

Command

Description

help

Open Meterpreter usage help.

run <scriptname>

Run Meterpreter-based scripts; for a full list check the scripts/meterpreter directory.

sysinfo

Show the system information on the compromised target.

ls

List the files and folders on the target.

use priv

Load the privilege extension for extended Meterpreter libraries.

ps

Show all running processes and which accounts are associated with each process.

migrate <proc. id>

Migrate to the specific process ID (PID is the target process ID gained from the ps command).

use incognito

Load incognito functions. (Used for token stealing and impersonation on a target machine.)

list_tokens -u

List available tokens on the target by user.

list_tokens -g

List available tokens on the target by group.

impersonate_token <DOMAIN_NAME\USERNAME>

Impersonate a token available on the target.

steal_token <proc. id>

Steal the tokens available for a given process and impersonate that token.

drop_token

Stop impersonating the current token.

getsystem

Attempt to elevate permissions to SYSTEM-level access through multiple attack vectors.

shell

Drop into an interactive shell with all available tokens.

execute -f <cmd.exe> -i

Execute cmd.exe and interact with it.

execute -f <cmd.exe> -i -t

Execute cmd.exe with all available tokens.

execute -f <cmd.exe> -i -H -t

Execute cmd.exe with all available tokens and make it a hidden process.

rev2self

Revert back to the original user you used to compromise the target.

reg <command>

Interact, create, delete, query, set, and much more in the target’s registry.

setdesktop <number>

Switch to a different screen based on who is logged in.

screenshot

Take a screenshot of the target’s screen.

upload <filename>

Upload a file to the target.

download <filename>

Download a file from the target.

keyscan_start

Start sniffing keystrokes on the remote target.

keyscan_dump

Dump the remote keys captured on the target.

keyscan_stop

Stop sniffing keystrokes on the remote target.

getprivs

Get as many privileges as possible on the target.

uictl enable <keyboard/mouse>

Take control of the keyboard and/or mouse.

background

Run your current Meterpreter shell in the background.

hashdump

Dump all hashes on the target.

use sniffer

Load the sniffer module.

sniffer_interfaces

List the available interfaces on the target.

sniffer_dump <interfaceID> pcapname

Start sniffing on the remote target.

sniffer_start <interfaceID> packet-buffer

Start sniffing with a specific range for a packet buffer.

sniffer_stats <interfaceID>

Grab statistical information from the interface you are sniffing.

sniffer_stop <interfaceID>

Stop the sniffer.

add_user <username> <password> -h <ip>

Add a user on the remote target.

add_group_user <"Domain Admins"> <username> -h <ip>

Add a username to the Domain Administrators group on the remote target.

clearev

Clear the event log on the target machine.

timestomp

Change file attributes, such as creation date (antiforensics measure).

reboot

Reboot the target machine.

PreviousPasswords Attacks NextShells & Payloads

Last updated 1 year ago

USING THE METASPLOIT FRAMEWORK

MSFconsole Commands

Show all exploits within the Framework.

show exploits

Show all payloads within the Framework.

show payloads

Show all auxiliary modules within the Framework.

show auxiliary

Search for exploits or modules within the Framework.

search <name>

Load information about a specific exploit or module.

info

Load an exploit or module (example: use windows/smb/psexec).

use <name>

Load an exploit by using the index number displayed after the search command.

use <number>

Your local host’s IP address reachable by the target, often the public IP address when not on a local network. Typically used for reverse shells.

LHOST

The remote host or the target. set function Set a specific value (for example, LHOST or RHOST).

RHOST

Set a specific value (for example, LHOST or RHOST).

set <function>

Set a specific value globally (for example, LHOST or RHOST).

setg <function>

Show the options available for a module or exploit.

show options

Show the platforms supported by the exploit.

show targets

Specify a specific target index if you know the OS and service pack.

set target <number>

Specify the payload to use.

set payload <payload>

Specify the payload index number to use after the show payloads command.

set payload <number>

Show advanced options.

show advanced

Automatically migrate to a separate process upon exploit completion.

set autorunscript migrate -f

Determine whether a target is vulnerable to an attack.

check

Execute the module or exploit and attack the target.

exploit

Run the exploit under the context of the job. (This will run the exploit in the background.)

exploit -j

Do not interact with the session after successful exploitation.

exploit -z

Specify the payload encoder to use (example: exploit –e shikata_ga_nai).

exploit -e <encoder>

Display help for the exploit command.

exploit -h

List available sessions (used when handling multiple shells).

sessions -l

List all available sessions and show verbose fields, such as which vulnerability was used when exploiting the system.

sessions -l -v

Run a specific Meterpreter script on all Meterpreter live sessions.

sessions -s <script>

Kill all live sessions.

sessions -K

Execute a command on all live Meterpreter sessions.

sessions -c <cmd>

Upgrade a normal Win32 shell to a Meterpreter console.

sessions -u <sessionID>

Create a database to use with database-driven attacks (example: db_create autopwn).

db_create <name>

Create and connect to a database for driven attacks (example: db_connect autopwn).

db_connect <name>

Use Nmap and place results in a database. (Normal Nmap syntax is supported, such as –sT –v –P0.)

db_nma

Delete the current database.

db_destroy

Delete database using advanced options.

db_destroy <user:password@host:port/database>

Meterpreter Commands

Command

Description

help

Open Meterpreter usage help.

run <scriptname>

Run Meterpreter-based scripts; for a full list check the scripts/meterpreter directory.

sysinfo

Show the system information on the compromised target.

ls

List the files and folders on the target.

use priv

Load the privilege extension for extended Meterpreter libraries.

ps

Show all running processes and which accounts are associated with each process.

migrate <proc. id>

Migrate to the specific process ID (PID is the target process ID gained from the ps command).

use incognito

Load incognito functions. (Used for token stealing and impersonation on a target machine.)

list_tokens -u

List available tokens on the target by user.

list_tokens -g

List available tokens on the target by group.

impersonate_token <DOMAIN_NAME\USERNAME>

Impersonate a token available on the target.

steal_token <proc. id>

Steal the tokens available for a given process and impersonate that token.

drop_token

Stop impersonating the current token.

getsystem

Attempt to elevate permissions to SYSTEM-level access through multiple attack vectors.

shell

Drop into an interactive shell with all available tokens.

execute -f <cmd.exe> -i

Execute cmd.exe and interact with it.

execute -f <cmd.exe> -i -t

Execute cmd.exe with all available tokens.

execute -f <cmd.exe> -i -H -t

Execute cmd.exe with all available tokens and make it a hidden process.

rev2self

Revert back to the original user you used to compromise the target.

reg <command>

Interact, create, delete, query, set, and much more in the target’s registry.

setdesktop <number>

Switch to a different screen based on who is logged in.

screenshot

Take a screenshot of the target’s screen.

upload <filename>

Upload a file to the target.

download <filename>

Download a file from the target.

keyscan_start

Start sniffing keystrokes on the remote target.

keyscan_dump

Dump the remote keys captured on the target.

keyscan_stop

Stop sniffing keystrokes on the remote target.

getprivs

Get as many privileges as possible on the target.

uictl enable <keyboard/mouse>

Take control of the keyboard and/or mouse.

background

Run your current Meterpreter shell in the background.

hashdump

Dump all hashes on the target.

use sniffer

Load the sniffer module.

sniffer_interfaces

List the available interfaces on the target.

sniffer_dump <interfaceID> pcapname

Start sniffing on the remote target.

sniffer_start <interfaceID> packet-buffer

Start sniffing with a specific range for a packet buffer.

sniffer_stats <interfaceID>

Grab statistical information from the interface you are sniffing.

sniffer_stop <interfaceID>

Stop the sniffer.

add_user <username> <password> -h <ip>

Add a user on the remote target.

add_group_user <"Domain Admins"> <username> -h <ip>

Add a username to the Domain Administrators group on the remote target.

clearev

Clear the event log on the target machine.

timestomp

Change file attributes, such as creation date (antiforensics measure).

reboot

Reboot the target machine.

PreviousPasswords Attacks NextShells & Payloads

Last updated 1 year ago