[Part 2]$~Metasploit for Beginners

April 3, 2017 | Views: 7855

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here


Metasploit for beginners

So, hello friends. This is my 2nd post on Metasploit for beginners if you haven’t checked the previous post then it is here.

https://www.cybrary.it/0p3n/part-1metasploit-beginners/

So, today we will discuss “Metasploit commands” in depth.

The MSFconsole has many different command options to chose from. The following are a core set of Metasploit commands with reference to their output. Take a look:

back          Move back from the current context
banner        Display an awesome metasploit banner
cd            Change the current working directory
color         Toggle color
connect       Communicate with a host
edit          Edit the current module with $VISUAL 
or $EDITORexit          Exit the console
get           Gets the value of a context
-specific variable
getg          Gets the value of a 
global variable
go_pro        Launch Metasploit web GUI
grep          Grep the output of another command
help          Help menu
info          Displays information about one 
or more module
irb           Drop into irb scripting mode
jobs          Displays 
and manages jobs
kill          Kill a job
load          Load a framework plugin
loadpath      Searches 
for and loads modules from a path
makerc        Save commands entered since start to a file
popm          Pops the latest module off the stack 
and makes it active
previous      Sets the previously loaded module 
as the current module
pushm         Pushes the active 
or list of modules onto the module stack
quit          
Exit the console
reload_all    Reloads all modules from all defined module paths
rename_job    Rename a job
resource      Run the commands stored in a file
route         Route traffic through a session
save          Saves the active datastores
search        Searches module names 
and descriptions
sessions      Dump session listings 
and display information about sessions
set           Sets a context
-specific variable to a value
setg          Sets a 
global variable to a value
show          Displays modules of a given type
, or all modules
sleep         
Do nothing for the specified number of seconds
spool         Write console output into a file 
as well the screen
threads       View 
and manipulate background threads
unload        Unload a framework plugin
unset         Unsets one or more context-specific variables
unsetg        Unsets one 
or more global variablesuse           Selects a module by name
version       Show the framework 
and console library version numbers 

 

1.Banner

Simply displays a randomly selected banner so, for this, in our MSFconsole just type “banner”.

[Image: 7RPCxlB.jpg]

2.Info

The info command will provide detailed information about a particular module including all options, targets, and other information. Be sure to always read the module description prior to using it as some may have undesired effects. The info command also provides the following information: The author and licensing information, vulnerability references (ie: CVE, BID, etc) …

Example::

msf >  use exploit/windows/smb/ms08_067_netapi

msf exploit(ms08_067_netapi) > info 

[Image: FPqPxhw.png]

3.IRB

Running the IRB command will drop you into a live Ruby interpreter shell where you can issue commands and create Metasploit scripts on the fly. This feature is also very useful for understanding the internals of the Framework.

[Image: nRdq4ux.png]

4.Jobs

Jobs are modules that are running in the background. The jobs command provides the ability to list and terminate these jobs.

[Image: Izrsf0e.png]

5.Search

The msfconsole includes an extensive regular expression based search functionality. If you have a general idea of what you are looking for you can search for it via ‘search ‘ command. In the output below, a search is being made for “NETGEAR ProSafe Network Management System 300 Arbitrary File Upload”. The search function will locate this string within the module names, descriptions, references, etc.

[Image: 1GgKJrY.png]

6.Use

When you have decided on a particular module to make use of, issue the ‘use’ command to select it. The ‘use’ command changes your context to a specific module, exposing type-specific commands. Notice in the output below that any global variables that were previously set are already configured.

Suppose you want to use the “ms08_067_netapi” exploit then we will use ‘use’ command

PHP Code:

msf >  use exploit/windows/smb/ms08_067_netapi 

[Image: qdRC4c9.png]

7.Set

The ‘set’ command allows you to configure Framework options and parameters for the current module you are working with.

Suppose you want to set the RHOSt etc. then we can use

PHP Code:

msf exploit(ms08_067_netapi) > set RHOSt 192.168.0.1
RHOSt 
=> 192.168.0.1 

[Image: DHzTzKI.png]

8.Auxiliary

Executing ‘show auxiliary’ will display a listing of all of the available auxiliary modules within Metasploit. As mentioned earlier, auxiliary modules include scanners, denial of service modules, fuzzers, and more.

[Image: dOjusIK.png]

9.Exploits

Naturally, ‘show exploits’ will be the command you are most interested in running since at its core, Metasploit is all about exploitation. Run ‘show exploits’ to get a listing of all exploits contained in the framework.

[Image: 71Cnc8L.png]

10.Payloads

As you can see, there are a lot of payloads available. Fortunately, when you are in the context of a particular exploit, running ‘show payloads’ will only display the payloads that are compatible with that particular exploit. For instance, if it is a Windows exploit, you will not be shown the Linux payloads.

[Image: EVQu8RU.png]

If you want to check some of my Metasploit tutorials then you can check them out on my channel.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel