Header Ads

MSFconsole Commands Cheat Sheet

Here is a list with the most often used commands of Metasploit Framework console.

Metasploit Framework Console Commands List
show exploits
Show all exploits of the Metasploit Framework
show payloads
Show all payloads
show auxiliary
Show all auxiliary modules of the Metasploit Framework
search name
Search for exploits or modules
Load information about a specific exploit or module
use name
Load an exploit or module
Your local IP address if you are on the same network with the target or  the public IP address when you are not
The IP address of the target
set function
Set a specific value (for example RHOST or LHOST)
setg function
Set a specific value globally (for example RHOST or LHOST)
show options
Shows the options that are available for module or exploit
show targets
shows which platforms can be attacked by the exploit
set target num
specify a target index if you know the OS and the service pack
set payload payload
Specify the payload that it will be used
show advanced
Show advanced options
set autorunscript migrate -f
Automatically migrate a separate process upon exploit completion
Determine if the target is vulnerable to an attack
Execute the module or exploit and attack the target
exploit -j
Run the exploit under the context of the job
exploit -z
Do not interact with the session after successful exploitation
exploit -e encoder
specify the payload encoder to use (example:exploit -e shikata_ga_nai)
exploit -h
Display help for the exploit command
sessions -i
List available sessions
sessions -i -v
List all available sessions and show verbose fields,such as which vulnerability was used when exploiting the system
sessions -s script
Run a specific Meterpreter script on all Meterpreter live sessions
sessions -K
Kill all live sessions
sessions -c cmd
Execute a command on all live Meterpreter sessions
sessions -u sessionID
Upgrade a normal Win32 shell to a Meterpreter console
db_create name
Create a database to use with database-driven attacks (example:db_create autopwn)
db_connect name
Create and connect to a database for driven attacks (example:db_connect autopwn)
Use nmap and place results in database
db_autopwn -h
Display help for using db_autopwn
db_autopwn -p -r -e
Run db_autopwn against all ports found,use a reverse shell and exploit all systems
Delete the current database
Powered by Blogger.