Metasploit Framework Ascendancy Line: Msfconsole | Metasploit Tutorials

What is the MSFconsole?
   The msfconsole is likely the most pop interface to the Metasploit Framework (MSF). It provides an “all-in-one” centralized console together with allows you lot efficient access to virtually all of the options available inwards the MSF. MSFconsole may seem intimidating at first, but ane time you lot larn the syntax of the commands you lot volition larn to appreciate the mightiness of utilizing this interface.

Benefits to Using MSFconsole:
 * It is the solely supported agency to access most of the features inside Metasploit.
 * Provides a console-based interface to the framework.
 * Contains the most features together with is the most stable MSF interface.
 * Full readline support, tabbing, together with dominance completion.
 * Execution of external commands inwards msfconsole is possible:

Open MSFconsole
   The MSFconsole is launched yesteryear exactly running msfconsole from the dominance line. MSFconsole is located inwards the /usr/share/metasploit-framework/msfconsole directory.

   The -q selection removes the launch banner yesteryear starting msfconsole in placidity mode.

How to Use the msfconsole Command Prompt
   You tin overstep -h to msfconsole to encounter the other usage options available to you.

   Entering help or a ? ane time inwards the msf dominance prompt volition display a listing of available commands along alongside a description of what they are used for.

Tab Completion on MSFconsole
   The MSFconsole is designed to hold out fast to work together with ane of the features that helps this goal is tab completion. With the broad array of modules available, it tin hold out hard to recollect the exact yell together with path of the especial module you lot wishing to brand work of. As alongside most other shells, entering what you lot know together with pressing ‘Tab’ volition acquaint you lot alongside a listing of options available to you lot or auto-complete the string if at that spot is solely ane option. Tab completion depends on the ruby readline extension together with nearly every dominance inwards the console supports tab completion.

 * use exploit/windows/dce
 * use .*netapi.*
 * set LHOST
 * show
 * set TARGET
 * set PAYLOAD windows/shell/
 * exp

MSFconsole Core Commands
   back: Once you lot convey finished working alongside a especial module, or if you lot inadvertently pick out the incorrect module, you lot tin number the back command to motion out of the electrical current context. This, nonetheless is non required. Just equally you lot tin inwards commercial routers, you lot tin switch modules from inside other modules. As a reminder, variables volition solely bear over if they are laid upwardly globally.

msf auxiliary(ms09_001_write) > back
msf >

   banner: Simply displays a randomly selected banner.
   check: There aren’t many exploits that back upwardly it, but at that spot is also a check selection that volition banking concern check to encounter if a target is vulnerable to a especial exploit instead of truly exploiting it.
msf exploit(ms08_067_netapi) > demo options

Module options (exploit/windows/smb/ms08_067_netapi):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST    172.16.194.134   yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The piping yell to work (BROWSER, SRVSVC)

Exploit target:

   Id  Name
   --  ----
   0   Automatic Targeting

msf exploit(ms08_067_netapi) > check

[*] Verifying vulnerable status... (path: 0x0000005a)
[*] System is non vulnerable (status: 0x00000000)
[*] The target is non exploitable.
msf  exploit(ms08_067_netapi) >

   color: You tin enable or disable if the output you lot acquire through the msfconsole volition incorporate colors.

msf > color
Usage: color >'true'|'false'|'auto'>

Enable or disable color output.

   connect: There is a miniature Netcat clone built into the msfconsole that supports SSL, proxies, pivoting, together with file transfers. By issuing the connect dominance alongside an IP address together with port number, you lot tin connect to a remote host from inside msfconsole the same equally you lot would alongside Netcat or Telnet.

msf > connect 192.168.1.1 23
[*] Connected to 192.168.1.1:23
DD-WRT v24 std (c) 2008 NewMedia-NET GmbH
Release: 07/27/08 (SVN revision: 10011)
DD-WRT login:

   You tin encounter all the additional options yesteryear issuing connect -h.

   edit: The edit dominance volition edit the electrical current module alongside $VISUAL or $EDITOR. By default, this volition opened upwardly the electrical current module inwards Vim.

msf exploit(ms10_061_spoolss) > edit
[*] Launching /usr/bin/vim /usr/share/metasploit-framework/modules/exploits/windows/smb/ms10_061_spoolss.rb

##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'
require 'msf/windows_error'

class Metasploit3 > Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::DCERPC
  include Msf::Exploit::Remote::SMB
  include Msf::Exploit::EXE
  include Msf::Exploit::WbemExec

  def initialize(info = {})

   exit: The exit dominance volition exactly leave of absence msfconsole.
msf exploit(ms10_061_spoolss) > exit
root@kali: #

   grep: The grep dominance is similar to Linux grep. It matches a given pattern from the output of unopen to other msfconsole command. The next is an illustration of using grep to gibe output containing the string “http” from a search for modules containing the string “oracle”.


   info: The info dominance volition render detailed information almost a especial module including all options, targets, together with other information. Be for sure to ever read the module description prior to using it equally unopen to may convey un-desired effects.

      The info dominance also provides the next information:
    * The writer together with licensing information.
    * Vulnerability references (ie: CVE, BID, etc).
    * Any payload restrictions the module may have.

   irb: Running the irb dominance volition drib you lot into a alive Ruby interpreter musical rhythm out where you lot tin number commands together with create Metasploit scripts on the fly. This characteristic is also really useful for agreement the internals of the Framework.

msf > irb
[*] Starting IRB shell...

>> puts "Hello, metasploit!"
Hello, metasploit!
=> nil
>> Framework::Version
=> "4.8.2-2014022601"

   jobs: Jobs are modules that are running inwards the background. The jobs dominance provides the mightiness to listing together with sack these jobs.

   kill: The kill dominance volition kill whatsoever running jobs when supplied alongside the chore id.

msf exploit(ms10_002_aurora) > kill 0
Stopping job: 0...

[*] Server stopped.

   load: The load dominance loads a plugin from Metasploit’s plugin directory. Arguments are passed equally key=val on the shell.

msf > load
Usage: load  [var=val var=val ...]

Loads a plugin from the supplied path.  If path is non absolute, get-go looks
in the user's plugin directory (/root/.msf4/plugins) then
in the framework root plugin directory (/usr/share/metasploit-framework/plugins).
The optional var=val options are custom parameters that tin hold out passed to plugins.

msf > charge pcap_log
[*] PcapLog plugin loaded.
[*] Successfully loaded plugin: pcap_log

   loadpath: The loadpath dominance volition charge a third-part module tree for the path thence you lot tin indicate Metasploit at your 0-day exploits, encoders, payloads, etc.
msf > loadpath /home/secret/modules

Loaded 0 modules.

   unload: Conversely, the unload dominance unloads a previously loaded plugin together with removes whatsoever extended commands.
msf > unload pcap_log
Unloading plugin pcap_log...unloaded.

   resource: The resource dominance runs resources (batch) files that tin hold out loaded through msfconsole.

msf > resource
Usage: resources path1 [path2 ...]

Run the commands stored inwards the supplied files.  Resource files may also contain
ruby code between  tags.

See also: makerc

   Some attacks, such equally Karmetasploit, work resources files to run a laid upwardly of commands inwards a karma.rc file to create an attack. Later, nosotros volition verbalise over how, exterior of Karmetasploit, that tin hold out really useful.

msf > resources karma.rc
[*] Processing karma.rc for ERB directives.
resource (karma.rc_.txt)> db_connect postgres:toor@127.0.0.1/msfbook
resource (karma.rc_.txt)> work auxiliary/server/browser_autopwn
...snip...

Batch files tin greatly speed upwardly testing together with evolution times equally good equally allow the user to automate many tasks. Besides loading a batch file from inside msfconsole, they tin also hold out passed at startup using the -r flag. The uncomplicated illustration below creates a batch file to display the Metasploit version number at startup.

root@kali: # echo version > version.rc
root@kali: # msfconsole -r version.rc

Frustrated alongside proxy pivoting? Upgrade to layer-2 VPN pivoting with
Metasploit Pro -- type 'go_pro' to launch it now.

       =[ metasploit v4.8.2-2014021901 [core:4.8 api:1.0] ]
+ -- --=[ 1265 exploits - 695 auxiliary - 202 postal service ]
+ -- --=[ 330 payloads - 32 encoders - 8 nops      ]

[*] Processing version.rc for ERB directives.
resource (version.rc)> version
Framework: 4.8.2-2014022601
Console  : 4.8.2-2014022601.15168
msf >

   route: The route dominance inwards Metasploit allows you lot to road sockets through a session or ‘comm’, providing basic pivoting capabilities. To add together a route, you lot overstep the target subnet together with network mask followed yesteryear the session (comm) number.

   search: The msfconsole includes an extensive regular-expression based search functionality. If you lot convey a full general persuasion of what you lot are looking for, you lot tin search for it via search. In the output below, a search is beingness made for EternalBlue. The search business office volition locate this string inside the module names, descriptions, references, etc. Note the naming convention for Metasploit modules uses underscores versus hyphens.

   help: You tin farther refine your searches yesteryear using the built-in keyword system.