Metasploit Commands For Beginners
The Metasploit Project is an open-source, computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine.
Metasploit helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments.Download it from here.
For Windows
For Linux
Minimum System Requirements:
Supported Operating Systems:
Required Browser Versions
Basics Terms of Metasploit
Vulnerability: Vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system. Vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities.
Exploit: “Exploit” refers to a well-known bug/hole that hackers can use to gain entry into the system.To take advantage of vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system.
Payload: A payload is the piece of software that lets you control a computer system after it’s been exploited. The payload is typically attached to and delivered by the exploit.
Metasploit Basic Command Tutorial
Msfconsole
Help: it will show you the basic commands of Metasploit.
Show payloads
Show payloads: it will show you all the available payloads on Metasploit
Show exploits
Show exploits: it will show you all exploits in Metasploit.
| msf> use | to use a exploit or payload |
| msf exploit (name)> set payload name | To add specified payload |
| msf exploit (name)> set rhost | To add victim ip address to specified exploit |
| msf exploit (name)>set lhost | To add attacker ip address to specified exploit |
| msf exploit (name)> unset rhost | To remove rhost value |
| msf exploit (name)> unset lhost | To remove lhost value |
| msf exploit (name)> setg rhost | To add victim ip address globally |
| msf exploit (name)> setg lhost | To add localhost(attacker) ip address globally |
| msf exploit (name)> sessions -l -v | To see list of sessions |
Meterpreter Basic Commands
Help
The ‘help’ command, as may be expected, displays the Meterpreter help menu.
PS
The ‘ps’ command displays a list of running processes on the target.
LS
As in Linux, the ‘ls’ command will list the files in the current remote directory.
Ipconfig
The ‘ipconfig’ command displays the network interfaces and addresses on the remote machine.
Getuid
Running ‘getuid’ will display the user that the Meterpreter server is running as on the host.
Download
The ‘download’ command downloads a file from the remote machine. Note the use of the double-slashes when giving the Windows path.
Help
The ‘help’ command, as may be expected, displays the Meterpreter help menu.
PS
The ‘ps’ command displays a list of running processes on the target.
LS
As in Linux, the ‘ls’ command will list the files in the current remote directory.
Ipconfig
The ‘ipconfig’ command displays the network interfaces and addresses on the remote machine.
Getuid
Running ‘getuid’ will display the user that the Meterpreter server is running as on the host.
Download
The ‘download’ command downloads a file from the remote machine. Note the use of the double-slashes when giving the Windows path.
Upload
As with the download Command, you need to use double-slashes with the ‘upload’ command.
Shell
The ‘shell’ command will present you with a standard shell on the target system.
As with the download Command, you need to use double-slashes with the ‘upload’ command.
Shell
The ‘shell’ command will present you with a standard shell on the target system.
Comments
Post a Comment