Welcome back, my rookie hackers!
I recently began a series on using Metasploit, and my goal with it is to teach you the very basics the incredibly powerful hacking tool has to offer while progressively moving on to the more advanced features.
In my first Metasploit installment, I showed you the various ways you can use Metasploit, from the msfcli to the msfconsole to the GUI-based Armitage. In addition, I gave an overview of the various modules, including exploits, payloads, and encoders. Finally, we looked at some of the basic searching capabilities built right into Metasploit to help you find specific exploits, payloads, post-exploitation modules, scanners, encoders, etc.
In this second tutorial, we will look at some of the basic commands we can use in Metasploit. Although the Metasploit framework can appear daunting to the uninitiated, it is actually a very simply framework for system exploitation. If you can learn a few keywords and techniques, you can use Metasploit to hack just about any system.
Undersatnding and using a few keywords in Metasploit can help you navigate and operate this powerful piece of software. Let's look a few of the most basic and necessary Metasploit commands. This is far from an exhaustive list of Metasploit keywords and commands, but it covers the basic commands you need to function in Metasploit until you gain more experience.
If you already have a little experience in Metasploit and want commands for the meterpreter, check out my meterpreter commands cheat sheet.
"Show" is one of the most basic commands in Metasploit. It can be used to show modules, such as show payloads, show exploits, etc. But, it also can be used to show options once we have an exploit chosen.
The "show" command becomes context sensitive when we choose an exploit, so that if we type "show payloads" before selecting an exploit, it will show us ALL the payloads. If we type "show payloads" after selecting an exploit, it will only show us the payloads that will work with that exploit.
For instance, when we want see all the options that we need to set when installing a backdoor with an innocent-looking PDF, we use the "show options" command as below.
The "help" command will give you a limited list of commands you can use in msfconsole. If you lose this guide, simply type "help" to get some basic commands.
"Info" is another basic command in Metasploit that enables us to see all the basic information about an exploit. After selecting an exploit, we can then type "info" and it will display all of the options, targets, and a description for the exploit. I prefer to type "info" on any exploit I am using to find or remind myself of its features and requirements.
For instance, here is screenshot from the output from the "info" command when using the ftp auxiliary module.
"Set" is a basic and critical command/keyword in Metasploit. We can use it to set parameters and variables necessary to run the exploit. These variables can include the payload, the RHOST, the LHOST, the target, URIPATH, etc.
In the screenshot below from my tutorial on using psexec to hack a system, we set RHOST, LHOST, SMBUser, and the SMBPass to hack the system without leaving a trace.
When we are done working with a particular module or we chose the wrong module, we can use the "back" command to return to the msfconsole prompt.
For instance, if we chose an exploit and then realized we chose the wrong one, we can simply type "back" and then use the "use" command (see next section) to select another module.
When we have decided which exploit we want to use against our target system, we use the "use" command to load that exploit into memory and ready it to send to the target system. An example can be found in my tutorial on using the Heartbleed vulnerability to grab information in memory from systems running OpenSSL.
After choosing our exploit, setting all of our variables, and choosing our payload, the last thing we do is to type the "exploit" command. This launches the exploit against the target machine with the payload and any variables we might have set.
An example of this can be found in my guide on creating an exploit in an innocent-looking Word doc and sending it to your girlfriend to see whether or not she is cheating.
The "sessions" command is used to list or set a session. When used with the -l (list) switch, it will list all open sessions. When used with a number ("sessions -1"), it tells Metasploit to activate the first session.
Metasploit allows us to run multiple sessions on the same system or multiple sessions on multiple systems. Using the "sessions" command, we can find these open sessions and switch to or activate them.
You can find an example of this in my guide on creating an auto-reconnecting persistent backdoor on the target system, as seen below.
When we want to leave the msfconsole, we can simply type "exit" to return to our Linux shell.
This should provide you with a basic command set that will enable you to run just about any hack in Metasploit. In future tutorials, we will look at the types of payloads, advanced commands, using global variables, advanced Meterpreter techniques, and ultimately, developing our own exploit.
Keep coming back, my rookie hackers!
Want to help support Null Byte and start making your own money as a white hat hacker? Jump start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.