Open WDavid404 opened 11 months ago
msf6 > search portscan
TCP scan (scanner/portscan/tcp)
msf6 > nmap -sS 10.10.12.229
UDP scan
msf6 auxiliary(scanner/discovery/udp_sweep) > run
SMB scan
msf6 auxiliary(scanner/smb/smb_version) > run
root@attackbox:~# systemctl start postgresql
root@attackbox:~# msfdb init
You can now launch msfconsole and check the database status using the db_status command. Checking the database status
msf6 > db_status
[*] Connected to msf. Connection type: postgresql.
msf6 >
The database feature will allow you to create workspaces to isolate different projects. List available workspaces using the workspace command.
msf6 > workspace
* default
msf6 >
You can add a workspace using the -a parameter or delete a workspace using the -d parameter, respectively.
msf6 > workspace -a tryhackme
[*] Added workspace: tryhackme
[*] Workspace: tryhackme
msf5 > workspace
default
* tryhackme
msf6 >
切换workspace
msf5 > workspace default
[*] Workspace: default
msf5 > workspace
tryhackme
* default
If you run a Nmap scan using the db_nmap shown below, all results will be saved to the database.
msf6 > db_nmap -sV -p- 10.10.12.229
You can now reach information relevant to hosts and services running on target systems with the hosts
and services
commands, respectively.
Once the host information is stored in the database, you can use the hosts -R
command to add this value to the RHOSTS parameter.
If there is more than one host saved to the database, all IP addresses will be used when the hosts -R
command is used.
The services command used with the -S parameter will allow you to search for specific services in the environment.
msf6 > services -S netbios
The Lunch command
msfconsole
Modules
Auxiliary
Any supporting module, such as scanners, crawlers and fuzzers, can be found here.
Evasion
While encoders will encode the payload, they should not be considered a direct attempt to evade antivirus software.
Exploits
Exploits, neatly organized by target system.
root@ip-10-10-25-111:/opt/metasploit-framework/embedded/framework/modules# tree -L 1 exploits/
NOPs
NOPs (No OPeration) do nothing, literally. They are represented in the Intel x86 CPU family they are represented with 0x90, following which the CPU will do nothing for one cycle. They are often used as a buffer to achieve consistent payload sizes.
Payloads
Payloads are codes that will run on the target system. Four different directories under payloads: adapters, singles, stagers and stages.
Metasploit has a subtle way to help you identify single (also called “inline”) payloads and staged payloads.
Post
Post modules will be useful on the final stage of the penetration testing process listed above, post-exploitation.
root@ip-10-10-135-188:/opt/metasploit-framework/embedded/framework/modules# tree -L 1 post/
search
msf6 > search smtp_version
msf6 > search type:auxiliary telnet
info
msf6 > info ssh_login
unset
clear any parameter value using the unset command or clear all set parameters with the unset all command.
unset payload
Msfvenom
Msfvenom, which replaced Msfpayload and Msfencode, allows you to generate payloads.