Welcome back, my dear greenhorn hackers!
Recently, I started the Metasploit series, and my goal is to teach hacking enthusiasts the basics of this powerful platform, dedicated to hacking, while I easily move on to presenting the most advanced features.
In the first tutorial, we showed you some ways we can use Metasploit, from msfcli to msfconsole and Armitage. In addition, we briefly presented different modules: exploits, payloads, or encoders. In the end, we looked at some search skills built into Metasploit, to help us find different exploits, scanners, encoders, and more.
In the second tutorial, we will look at some basic commands that we can use in Metasploit. While Metasploit may seem daunting to beginners, I want to point out that it is very easy to use. If we learn a few keywords and techniques, we can use Metasploit to penetrate almost any system.
Keywords for Metasploit
Understanding and using a few keywords in Metasploit can help us navigate and operate this powerful piece of software. We will look at some basic and necessary commands for each Metasploit user. Don’t think that there is an endless and tiring list of Metasploit keywords and commands, but a few basic commands that will help us use the software until we gain more experience.
Show is one of the basic Metasploit commands. It is used to show exploits, scanners s.a.m.d. However, it can also be used to show options for the chosen exploit.
The show command is context-sensitive when choosing an exploit. So when we type “show payloads” before selecting an exploit, it will show ALL payloads. When we type “show payloads” after selecting an exploit, it will only show us the payloads that will work with that exploit.
For example, if we want to see all the options we need when installing a backdoor through a PDF file, we use the “show options” command, as below:
The help command will give us a limited list of commands, which we can use in msfconsole.
“Info” is another basic command in Metasploit that allows us to see all the basic information about an exploit. After selecting an exploit, we can type “info”, and this command will show us all the options and descriptions of the exploit. I prefer to use the “info” command on any exploit I use to remind me of all its features and requirements.
For example, below is a screenshot in which I used the “info” command when I used the ftp auxiliary module.
“Set” is a basic command, but at the same time a critical keyword in Metasploit. We use this command to set the parameters and variables needed to run the exploit. These variables can include payloads, RHOST, LHOST, URIPATH, etc.
Knowing how to set RHOST, LHOST, SMBUser, and SMBPass correctly, we can break any system without leaving a trace.
When we have finished working with a certain module, or if we have chosen the wrong module, we can use the “back” command to return to the msfconsole menu.
For example, if we chose an exploit, then we realized that we chose the wrong exploit, we can simply type “back” and then we will use the command “use” (you will see it in the next section) to select a new module.
When we have decided what exploit to use against the system we have targeted, we will use the “use” command to load the exploit into memory and prepare it to send to the targeted system.
After we choose the exploit, we set the variables, and we choose the payload, the last thing we have to do is the command “exploit.” It launches the exploit to the targeted system with the payload and the variables we set.
The “sessions” command is used to list or set a session. When used with the -l changer (see Linux tutorials), it will list all open sessions. When we use it with a number (“sessions -1″), it tells Metasploit to activate the first session.
Metasploit allows us to run multiple sessions on the same system or multiple sessions on multiple systems. Using the “sessions” command, we can find those open sessions to change or activate.
When we want to leave msfconsole, we simply type “exit”:
This article should give you the necessary knowledge about the basic commands, which should help you to run any hack in Metasploit. In the following tutorials, we will look at the types of payloads, advanced commands, the use of global variables, advanced Meterpreter techniques, and last but not least, the development of our exploit.
Don’t forget to come back for the most interesting tutorials!