Metasploit Framework

Introduction

The Metasploit Framework is a Ruby-based penetration testing platform that writing, testing, and executing exploit code. Metasploit contains a suite of tools to test security vulnerabilities, enumerate networks, execute attacks, and evade detection.


MSFconsole Commands


Meterpreter Commands


Common Meterpreter Payloads for Windows


Importing External Exploits into MSFConsole

The default directory where all the modules, scripts, plugins, and msfconsole proprietary files are stored is /usr/share/metasploit-framework Alternatively, you can use the folder /home/username/.msf4 To import a module, you just need to copy it in one of the previous folders and use the reload_all command. Alternatively, you can load a module at runtime by using loadpath /usr/share/metasploit-framework/modules/


Meterpreter Pivoting


Msfconsole & Msfvenom


Utilities - Exploit Suggester & HashDump

  • local_exploit_suggester: useful module for privesc

  • hashdump or comando lsa_dump_secrets or lsa_dump_sam: commands to dump all passwords \

    • Disclaimer: before using hashdump you need to ensure to have root or nt authority system privileges

    • To do that, use ps to check the permissions of the current process you are on, then use migrate PID on a root process, if you aren't root already

Last updated