Metasploit Tutorial 1:Msf Console Download Here This will tutorial will cover all the information needed to find your way around the MSF console. Part 1: Command List
? - Shows Help Menu back - Move back from the current context banner - display the metasploit banner cd - change the directory color - toggle color connect - communicate with a host exit - exit the console help - help menu info - displays information about one or more modules irb - enter irb scripting mode jobs - displays and manages jobs kill - kill a job load - load a framework plugin loadpath - Searches and loads modules from a path quit - exit the console resource - run the commands stored in a file route - route traffic through a session save - saves the active datascores search - searches the module names and descriptions sessions - dump session listings and displays info on them set - Sets a variable to a value setg - sets a global variable to a value show - displays modules of a given type, or if not specified , all of them sleep - do nothing for the specified number of seconds unload - unload a framework plugin unset - unsets one or more variables unsetg - unsets one or more global variables use - selects a module by name version - shows the framework version db_connect - connect to an existing database db_create - create a new database db_destroy - delete an existing database db_disconnect - disconnect from the database db_driver - specify the database driver
Part 2: Choosing Your Exploit
To do this we will be using the "show" command. So enter in to the console, show exploits
This will return a full list of all the exploits in the database. For example..
Once you have found which exploit you want, we will use the "use" command to set it as the exploit. We do this by typing use (exploit name) for example: msf >use hpux/lpd/cleanup_exec msf exploit(cleanup_exec) >
Part 3:Configuring Your Exploit
We now need to configure the exploit to work in the current scenario. So we will do this by using the "show options" command, for example msf exploit(cleanup_exec) >show options Module options:
Name Current Setting Required Description ---- --------------- -------- ----------- RHOST yes The target address RPORT 515 yes The target port
Exploit target:
Id Name -- ---- 0 Automatic Target
msf exploit(cleanup_exec) >
We now need to set the options by using the "set" command, so we will type: set RHOST 192.168.2.2
We may also other options to our exploit such as payloads. These are chosen in the same way as before. We can view the payloads by typing: show payloads and then once you have found the correct payload type, set payload bla,bla,bla
Part 4:Exploiting the System
Once you have configured your exploit correctly you simply, type: exploit or run
This will now run your exploit, it may return an error if it is not configured correctly or if the system is not vulnerable, if not congratulations!
Part 5:Finishing Up
Once you have finished with your exploit in the current module, you can simply type back and it will return to the original metasploit console.
Part 6: Scripting Mode
You can drop into scripting mode by typing, irb Now you can type and execute commands and create scripts!