Metasploit Framework
Introduction
The Metasploit Framework is a Ruby-based penetration testing platform that writing, testing, and executing exploit code. Metasploit contains a suite of tools to test security vulnerabilities, enumerate networks, execute attacks, and evade detection.
MSFconsole Commands
Meterpreter Commands
Common Meterpreter Payloads for Windows
Importing External Exploits into MSFConsole
The default directory where all the modules, scripts, plugins, and
msfconsole
proprietary files are stored is/usr/share/metasploit-framework
Alternatively, you can use the folder/home/username/.msf4
To import a module, you just need to copy it in one of the previous folders and use thereload_all
command. Alternatively, you can load a module at runtime by usingloadpath /usr/share/metasploit-framework/modules/
Meterpreter Pivoting
Msfconsole & Msfvenom
Utilities - Exploit Suggester & HashDump
local_exploit_suggester
: useful module for priveschashdump
orcomando lsa_dump_secrets
orlsa_dump_sam
: commands to dump all passwords \Disclaimer: before using
hashdump
you need to ensure to haveroot
ornt authority system
privilegesTo do that, use
ps
to check the permissions of the current process you are on, then usemigrate PID
on a root process, if you aren't root already
Last updated