[Part 2]$~Metasploit for beginners
Metasploit for beginners
so, hello friends this is my 2nd post on Metasploit for beginners if you haven't checked the previous post then it is here
Quote:https://pentestwithspirit.blogspot.com/2016/11/part-1metasploit-for-beginners.htmland if you don't know about me then let me introduce myself."My name is Spirited wolf and now i'm 16 years old cool and po** lover guy. And i love to share my knowledge with everyone who really need it. The thing that you just need to understand me is Brain.exe, you can contact me here on my Facebook."
so, today we will discuss more about "Metasploit commands"
->The msfconsole has many different command options to chose from. The following are a core set of Metasploit commands with reference to their output.
here a look please
PHP Code:
back Move back from the current context
banner Display an awesome metasploit banner
cd Change the current working directory
color Toggle color
connect Communicate with a host
edit Edit the current module with $VISUAL or $EDITORexit Exit the console
get Gets the value of a context-specific variable
getg Gets the value of a global variable
go_pro Launch Metasploit web GUI
grep Grep the output of another command
help Help menu
info Displays information about one or more module
irb Drop into irb scripting mode
jobs Displays and manages jobs
kill Kill a job
load Load a framework plugin
loadpath Searches for and loads modules from a path
makerc Save commands entered since start to a file
popm Pops the latest module off the stack and makes it active
previous Sets the previously loaded module as the current module
pushm Pushes the active or list of modules onto the module stack
quit Exit the console
reload_all Reloads all modules from all defined module paths
rename_job Rename a job
resource Run the commands stored in a file
route Route traffic through a session
save Saves the active datastores
search Searches module names and descriptions
sessions Dump session listings and display information about sessions
set Sets a context-specific variable to a value
setg Sets a global variable to a value
show Displays modules of a given type, or all modules
sleep Do nothing for the specified number of seconds
spool Write console output into a file as well the screen
threads View and manipulate background threads
unload Unload a framework pluginunset Unsets one or more context-specific variables
unsetg Unsets one or more global variablesuse Selects a module by name
version Show the framework and console library version numbers
so, lets talk about some of them,
1.Banner
->Simply displays a randomly selected banner
so, for this in our msfconsole just type banner
![[Image: 7RPCxlB.jpg]](https://i.imgur.com/7RPCxlB.jpg)
and the next command is ::check
2.Info
->The info command will provide detailed information about a particular module including all options, targets, and other information. Be sure to always read the module description prior to using it as some may have un-desired effects.
The info command also provides the following information:
The author and licensing information
Vulnerability references (ie: CVE, BID, etc) ...
Example::
![[Image: FPqPxhw.png]](https://i.imgur.com/FPqPxhw.png)
3.IRB
->Running the irb command will drop you into a live Ruby interpreter shell where you can issue commands and create Metasploit scripts on the fly. This feature is also very useful for understanding the internals of the Framework.
![[Image: nRdq4ux.png]](https://i.imgur.com/nRdq4ux.png)
4.Jobs
->Jobs are modules that are running in the background. The jobs command provides the ability to list and terminate these jobs.
![[Image: Izrsf0e.png]](https://i.imgur.com/Izrsf0e.png)
5.Search
->The msfconsole includes an extensive regular-expression based search functionality. If you have a general idea of what you are looking for you can search for it via ‘search ‘ command. In the output below, a search is being made for "NETGEAR ProSafe Network Management System 300 Arbitrary File Upload". The search function will locate this string within the module names, descriptions, references, etc.
![[Image: 1GgKJrY.png]](https://i.imgur.com/1GgKJrY.png)
6.Use
->When you have decided on a particular module to make use of, issue the ‘use’ command to select it. The ‘use’ command changes your context to a specific module, exposing type-specific commands. Notice in the output below that any global variables that were previously set are already configured.
suppose you wants to use the "ms08_067_netapi" exploit then we will use 'use' command
![[Image: qdRC4c9.png]](https://i.imgur.com/qdRC4c9.png)
7.Set
->The ‘set’ command allows you to configure Framework options and parameters for the current module you are working with.
suppose you wants to set the RHOSt etc. then we can use
![[Image: DHzTzKI.png]](https://i.imgur.com/DHzTzKI.png)
8.Auxiliary
->Executing ‘show auxiliary’ will display a listing of all of the available auxiliary modules within Metasploit. As mentioned earlier, auxiliary modules include scanners, denial of service modules, fuzzers, and more.
![[Image: dOjusIK.png]](https://i.imgur.com/dOjusIK.png)
9.Exploits
->Naturally, ‘show exploits’ will be the command you are most interested in running since at its core, Metasploit is all about exploitation. Run ‘show exploits’ to get a listing of all exploits contained in the framework.
![[Image: 71Cnc8L.png]](https://i.imgur.com/71Cnc8L.png)
10.Payloads
->As you can see, there are a lot of payloads available. Fortunately, when you are in the context of a particular exploit, running ‘show payloads’ will only display the payloads that are compatible with that particular exploit. For instance, if it is a Windows exploit, you will not be shown the Linux payloads.
![[Image: EVQu8RU.png]](https://i.imgur.com/EVQu8RU.png)
Due to characters limit i'm stopping this tutorial here sorry i apologize
see you in my next tutorial.
and if you wants to check some of metasploit tutorials then you can check them on my channel
====>Metasploit youtube playlist<====
Special thanks to:- CodeN/inja,
->Simply displays a randomly selected banner
so, for this in our msfconsole just type banner
and the next command is ::check
2.Info
->The info command will provide detailed information about a particular module including all options, targets, and other information. Be sure to always read the module description prior to using it as some may have un-desired effects.
The info command also provides the following information:
The author and licensing information
Vulnerability references (ie: CVE, BID, etc) ...
Example::
PHP Code:
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > info 3.IRB
->Running the irb command will drop you into a live Ruby interpreter shell where you can issue commands and create Metasploit scripts on the fly. This feature is also very useful for understanding the internals of the Framework.
4.Jobs
->Jobs are modules that are running in the background. The jobs command provides the ability to list and terminate these jobs.
5.Search
->The msfconsole includes an extensive regular-expression based search functionality. If you have a general idea of what you are looking for you can search for it via ‘search ‘ command. In the output below, a search is being made for "NETGEAR ProSafe Network Management System 300 Arbitrary File Upload". The search function will locate this string within the module names, descriptions, references, etc.
6.Use
->When you have decided on a particular module to make use of, issue the ‘use’ command to select it. The ‘use’ command changes your context to a specific module, exposing type-specific commands. Notice in the output below that any global variables that were previously set are already configured.
suppose you wants to use the "ms08_067_netapi" exploit then we will use 'use' command
PHP Code:
msf > use exploit/windows/smb/ms08_067_netapi 7.Set
->The ‘set’ command allows you to configure Framework options and parameters for the current module you are working with.
suppose you wants to set the RHOSt etc. then we can use
PHP Code:
msf exploit(ms08_067_netapi) > set RHOSt 192.168.0.1
RHOSt => 192.168.0.1 8.Auxiliary
->Executing ‘show auxiliary’ will display a listing of all of the available auxiliary modules within Metasploit. As mentioned earlier, auxiliary modules include scanners, denial of service modules, fuzzers, and more.
9.Exploits
->Naturally, ‘show exploits’ will be the command you are most interested in running since at its core, Metasploit is all about exploitation. Run ‘show exploits’ to get a listing of all exploits contained in the framework.
10.Payloads
->As you can see, there are a lot of payloads available. Fortunately, when you are in the context of a particular exploit, running ‘show payloads’ will only display the payloads that are compatible with that particular exploit. For instance, if it is a Windows exploit, you will not be shown the Linux payloads.
Due to characters limit i'm stopping this tutorial here sorry i apologize
see you in my next tutorial.
and if you wants to check some of metasploit tutorials then you can check them on my channel
====>Metasploit youtube playlist<====
Special thanks to:- CodeN/inja,
Th3_uNique,Bd_InjeCtor,Zen,Alteras,Repetence,IndiGear,msfanurag,msfsri,
Kishan,offensive security,
rootxploiter,Daniel,Rahul raz,Rahul mani and zayed sir.
Thanks ✌
Post a Comment:
Please tell us if we have done anything wrong :) and please share our website if you like.