Metasploit Console

  • always start Metasploit with:

msfdb run

this will start the db first and then start Metasploit

Metasploit Listener

use exploit/multi/handler

  • set the params and then run

    • payload, LHOST, and LPORT

    • LPORT must be the same as the LPORT that you set when you created the payload in msfvenom

    • payload should be same as the payload that you created in msfvenom

*** There is a bug where the set LHOST tun0 doesn't set the first time

  • up arrow and enter to submit it twice

Exploit suggester

use post/multi/recon/local_exploit_suggester

info

displays information about the currently selected module

db_nmap

scan hosts with Nmap and have the scan output inserted into the MSF database

  • we can use 'setg' instead of 'set' to make the setting of a variable global

    • e.g. setg RHOSTS 10.11.1.1-254

    • will apply this settings to all modules with the RHOSTS variable

search <technology>

info <module name>

use <module name>

options

set <parameter>=<value>

exploit (or run)

Getting a meterpreter shell

sessions -i 1

shell

PreviousMsfvenomNextMeterpreter Shell

Last updated