Spirited wolf's


[Part 2]$~Metasploit for beginners

Leave a Comment

Metasploit for beginners

so, hello friends this is my 2nd post on Metasploit for beginners if you haven't checked the previous post then it is here
and if you don't know about me then let me introduce myself."My name is Spirited wolf and now i'm 16 years old cool and po** lover guy. And i love to share my knowledge with everyone who really need it. The thing  that you just need to understand me is Brain.exe, you can contact me here on my Facebook."

so, today we will discuss more about "Metasploit commands"

->The msfconsole has many different command options to chose from. The following are a core set of Metasploit commands with reference to their output.

here a look please 
PHP Code:
back          Move back from the current context
banner        Display an awesome metasploit banner
cd            Change the current working directory
color         Toggle color
connect       Communicate with a host
edit          Edit the current module with $VISUAL 
or $EDITORexit          Exit the console
get           Gets the value of a context
-specific variable
getg          Gets the value of a 
global variable
go_pro        Launch Metasploit web GUI
grep          Grep the output of another command
help          Help menu
info          Displays information about one 
or more module
irb           Drop into irb scripting mode
jobs          Displays 
and manages jobs
kill          Kill a job
load          Load a framework plugin
loadpath      Searches 
for and loads modules from a path
makerc        Save commands entered since start to a file
popm          Pops the latest module off the stack 
and makes it active
previous      Sets the previously loaded module 
as the current module
pushm         Pushes the active 
or list of modules onto the module stack
Exit the console
reload_all    Reloads all modules from all defined module paths
rename_job    Rename a job
resource      Run the commands stored in a file
route         Route traffic through a session
save          Saves the active datastores
search        Searches module names 
and descriptions
sessions      Dump session listings 
and display information about sessions
set           Sets a context
-specific variable to a value
setg          Sets a 
global variable to a value
show          Displays modules of a given type
, or all modules
Do nothing for the specified number of seconds
spool         Write console output into a file 
as well the screen
threads       View 
and manipulate background threads
unload        Unload a framework plugin
unset         Unsets one or more context-specific variables
unsetg        Unsets one 
or more global variablesuse           Selects a module by name
version       Show the framework 
and console library version numbers 

so, lets talk about some of them, 
->Simply displays a randomly selected banner
so, for this in our msfconsole just type banner
[Image: 7RPCxlB.jpg]

and the next command is ::check

->The info command will provide detailed information about a particular module including all options, targets, and other information. Be sure to always read the module description prior to using it as some may have un-desired effects.

The info command also provides the following information:

The author and licensing information
Vulnerability references (ie: CVE, BID, etc) ...

PHP Code:
msf >  use exploit/windows/smb/ms08_067_netapi
msf exploit
(ms08_067_netapi) > info 
[Image: FPqPxhw.png]

->Running the irb command will drop you into a live Ruby interpreter shell where you can issue commands and create Metasploit scripts on the fly. This feature is also very useful for understanding the internals of the Framework.

[Image: nRdq4ux.png]

->Jobs are modules that are running in the background. The jobs command provides the ability to list and terminate these jobs.

[Image: Izrsf0e.png]

->The msfconsole includes an extensive regular-expression based search functionality. If you have a general idea of what you are looking for you can search for it via ‘search ‘ command. In the output below, a search is being made for "NETGEAR ProSafe Network Management System 300 Arbitrary File Upload". The search function will locate this string within the module names, descriptions, references, etc.
[Image: 1GgKJrY.png]

->When you have decided on a particular module to make use of, issue the ‘use’ command to select it. The ‘use’ command changes your context to a specific module, exposing type-specific commands. Notice in the output below that any global variables that were previously set are already configured.

suppose you wants to use the "ms08_067_netapi" exploit then we will use 'use' command
PHP Code:
msf >  use exploit/windows/smb/ms08_067_netapi 
[Image: qdRC4c9.png]

->The ‘set’ command allows you to configure Framework options and parameters for the current module you are working with.

suppose you wants to set the RHOSt etc. then we can use
PHP Code:
msf exploit(ms08_067_netapi) > set RHOSt
[Image: DHzTzKI.png]

->Executing ‘show auxiliary’ will display a listing of all of the available auxiliary modules within Metasploit. As mentioned earlier, auxiliary modules include scanners, denial of service modules, fuzzers, and more.

[Image: dOjusIK.png]

->Naturally, ‘show exploits’ will be the command you are most interested in running since at its core, Metasploit is all about exploitation. Run ‘show exploits’ to get a listing of all exploits contained in the framework.

[Image: 71Cnc8L.png]

->As you can see, there are a lot of payloads available. Fortunately, when you are in the context of a particular exploit, running ‘show payloads’ will only display the payloads that are compatible with that particular exploit. For instance, if it is a Windows exploit, you will not be shown the Linux payloads.

[Image: EVQu8RU.png]

Due to characters limit i'm stopping this tutorial here sorry i apologize

see you in my next tutorial.

and if you wants to check some of metasploit tutorials then you can check them on my channel

====>Metasploit youtube playlist<====

Special thanks to:- CodeN/inja, 
Kishan,offensive security,
rootxploiter,Daniel,Rahul raz,Rahul mani and zayed sir.
Thanks ✌
Next PostNewer Post Previous PostOlder Post Home


Post a Comment

Please tell us if we have done anything wrong :) and please share our website if you like.