Metasploit Cheat Sheet

superior_hosting_service

Metasploit-Cheat-Sheet

Metasploit Cheat Sheet

by Tim Keary

Widely reputed as the most used penetration testing framework, Metasploit helps security teams identify and verify vulnerabilities, improve security awareness and manage gnarly security situations. We’ve scoured through the docs and have put together the essential list of commands in a easy to reference Metasploit cheat sheet.

What’s included in the cheat sheet

The following categories and items have been included in the cheat sheet:

Framework Components

Framework Components
Metasploit MeterpreterRun as a DLL injection payload on a target PC providing control over the target system
Metasploit msfvenomHelp create standalone payloads as executable, Ruby script, or shellcode

Meterpreter commands

Meterpreter commands
Basic and file handling commands
sysinfoDisplay system information
psList and display running processes
kill (PID)Terminate a running process
getuidDisplay user ID
upload or downloadUpload / download a file
pwd or lpwdPrint working directory (local / remote)
cd or lcdChange directory (local or remote)
catDisplay file content
bglistShow background running scripts
bgrunMake a script run in background
BgkillTerminate a background process
backgroundMove active session to background
editEdit a file in vi editor
shellAccess shell on the target machine
migrateSwitch to another process
idletimeDisplay idle time of user
screenshotTake a screenshot
clearevClear the system logs
? or HelpShoes all the commands
exit / quit:Exit the Meterpreter session
shutdown / rebootRestart system
useExtension load
channelShow active channels

Process handling commands

Process handling commands
CommandDescription
getpid:Display the process ID
getuid:Display the user ID
ps:Display running processes
kill:Stop and terminate a process
getprivsShows multiple privileges as possible
regAccess target machine registry
ShellAccess target machine shell
execute:Run a specified
migrate:Move to a given destination process ID

Networking commands

Networking commands
ipconfig:Show network interface configuration
portfwd:Forward packets
route:View / edit network routing table

Interface / output commands

Interface / output commands
enumdesktopsShow all available desktops
getdesktopDisplay current desktop
keyscan_startStart keylogger in target machine
keyscan_stopStop keylogger in target machine
set_desktopConfigure desktop
keyscan_dumpDump keylogger content

Password management commands

Password management commands
hashdumpAccess content of password file – Hash file

Msfvenom command options

Msfvenom command options
SwitchSyntaxDescription
-p-p (Payload option)Display payload standard options
-l-l( list type)List module type i.e payloads, encoders
-f-f (format)Output format
-e-e(encoder)Define which encoder to use
-a-a (Architecture or platformDefine which platform to use
-s-s (Space)Define maximum payload capacity
-b-b (characters)Define set of characters not to use
-i-i (Number of times)Define number of times to use encoder
-x-x (File name )Define a custom file to use as template
-o-o (output)Save a payload
-h-hHelp

You can download the