MSFconsole Commands
show exploits
Show
all exploits within the Framework.
show payloads
Show
all payloads within the Framework.
show auxiliary
Show
all auxiliary modules within the Framework.
search name
Search
for exploits or modules within the Framework.
info
Load
information about a specific exploit or module.
use name
Load
an exploit or module (example: use
windows/smb/psexec).
LHOST
Your
local host’s IP address reachable by the target, often the public IP
address
when not on a local network. Typically used for reverse shells.
RHOST
The
remote host or the target.
set function
Set
a specific value (for example, LHOST
or RHOST).
setg function
Set
a specific value globally (for example, LHOST
or RHOST).
show options
Show
the options available for a module or exploit.
show targets
Show
the platforms supported by the exploit.
set target num
Specify
a specific target index if you know the OS and service pack.
set payload payload
Specify
the payload to use.
show advanced
Show
advanced options.
set autorunscript migrate -f
Automatically
migrate to a separate process upon exploit completion.
check
Determine
whether a target is vulnerable to an attack.
exploit
Execute
the module or exploit and attack the target.
exploit -j
Run
the exploit under the context of the job. (This will run the exploit
in
the background.)
exploit -z
Do
not interact with the session after successful exploitation.
exploit -e encoder
Specify
the payload encoder to use (example: exploit
–e shikata_ga_nai).
exploit -h
Display
help for the exploit command.
sessions -l
List
available sessions (used when handling multiple shells).
sessions -l -v
List
all available sessions and show verbose fields, such as which vulnerability
was
used when exploiting the system.
sessions -s script
Run
a specific Meterpreter script on all Meterpreter live sessions.
sessions -K
Kill
all live sessions.
sessions -c cmd
Execute
a command on all live Meterpreter sessions.
sessions -u sessionID
Upgrade
a normal Win32 shell to a Meterpreter console.
db_create name
Create
a database to use with database-driven attacks (example: db_create
autopwn).
db_connect name
Create
and connect to a database for driven attacks (example: db_connect
autopwn).
db_nmap
Use
nmap and place results in database. (Normal nmap syntax
is supported,
such
as –sT –v –P0.)
db_autopwn -h
Display
help for using db_autopwn.
db_autopwn -p -r -e
Run
db_autopwn against all ports found, use a reverse shell, and exploit
all
systems.
db_destroy
Delete
the current database.
db_destroy user:password@host:port/database
Delete
database using advanced options.
No comments:
Post a Comment