Ethical Hacking and Countermeasures

Certified Ethical Hacker

Metasploit Cheat Sheet

Metasploit Metasploit is an open-source project that provides the infrastructure, content, and tools to perform penetra�on tests and extensive security audi�ng. It is a tool that provides informa�on about security vulnerabili�es and aids in penetra�on
Source: tes�ng. Metasploit framework is also used for developing and execu�ng exploits which promotes in gaining remote access to a system by exploi�ng any vulnerability present in that server. Meterpreter is a payload inside the framework.
[Link] The following table lists the various Metasploit commands and their respec�ve scanning methods.

4. Using Database [Link] Time Setup (Linux command line)

Metasploit Command Description Metasploit Command Description
[Link] General Informa�on iv. Escalate Privileges service postgresql Start List all sessions cd Change directory
2. Execu�ng an Exploit / Scanner / v. Networking Commands
Module vi. Addi�onal Commands lcd Change directory (local)
3. Session Handling msfdb Init Init database
6. Session Management
4. Using Database 7. Interface / Output commands
[Link] Time Setup (Linux mkdir Make directory
8. Msfvenom Command Op�ons
command line) 9. Important Auxiliary Modules ii. Inside msfconsole
ii. Inside msfconsole Syntax rmdir Remove directory
5. Meterpreter Session Metasploit Command Description
Commands cat Show contents of a file
db_status Should display connected
[Link] Commands
ii. Process Commands
iii. File System Commands hosts Display hosts in database edit <FILE> Edit a file in default editor (vi)

services Show ports in database upload / download Upload / download a file from target machine

[Link] General Information vulns Exhibit all vulnerabili�es

Metasploit Command Description iv. Escalate Privileges

msfconsole Launch program
Metasploit Command Description
5. Meterpreter Session Commands
version Display current version use priv Load script
[Link] commands
msfupdate Pull weekly update
Metasploit Command Description getsystem Gain administra�ve-level privileges
makerc <[Link]> Saves recent commands to file sysinfo Display system name and OS type
getprivs Elevate privileges
msfconsole -r <[Link]> Loads resource file shutdown / reboot Shutdown system

exit / quit Exit Meterpreter session

2. Executing an Exploit / Scanner / Module v. Networking Commands
Metasploit Command Description Metasploit Command Description
ii. Process Commands
use <MODULE> Set the exploit to use ipconfig Show network interface informa�on
Metasploit Command Description
route Manage/view the system's rou�ng table
set payload <PAYLOAD> Set the payload ps Show running processes list
C Forward packets through TCP session
show options Show all op�ons kill <PID> Terminate process route add <Target IP/ Pivot through session by adding route in MSF
Subnet>
set <OPTION> <SETTING> Set se�ng getuid Show user ID route add <Target IP/
Delete route inside MSF
Subnet> -d
Show process ID that Meterpreter is running
exploit or run Execute exploit getpid sniffer Allow network sniffing interac�on commands
inside

migrate <PID> Start another process portfwd Port forwarding connec�ons

3. Session Handling Execute given program with the privileges of portfwd -L Local host to listen
execute
the process
Metasploit Command Description portfwd -l Local port to listen

sessions -l List all sessions portfwd -p Remote port to connect

iii. File System Commands
sessions -i <ID> Interact to session
Metasploit Command Description portfwd -r Remote host to connect
background or ^Z Detach from session
pwd / lpwd/getwd Display current working directory (local / remote)

[Link]/ceh Over 50% Of Professionals Received Promo�ons a�er C|EH

 Ethical Hacking and Countermeasures
8. MsfvenomMetasploit
Command Options Cheat Sheet
Certified Ethical Hacker

vi. Additional Commands

Metasploit Command Description Metasploit Command Description Metasploit Command Description
msf > use
shell Drop into a shell on the target machine set_desktop Configure desktop auxiliary/scanner/discovery/ar
p_sweep
hashdump Show all password hashes in Windows keyscan_dump Dump keylogger content msf > set RHOSTS <Target
IP-Range>
msf > set SHOSTS <Target IP> ARP Sweep module
idletime Display idle �me of the machine -p (Payload option) Show payload standard op�ons msf > set SMAC <MAC Address>
msf > set THREADS < Number of
screenshot Save the screenshot -l (list type) List module type concurrent threads>
msf > run
-f (format) Output format
clearev Clear the logs
msf > use
uictl [enable/disable] Enable or disable the mouse or keyboard of the -e(encoder) Define which encoder to use auxiliary/scanner/discovery/ipv
[keyboard/mouse] machine 6_neighbor
-a (Architecture or Define which pla�orm to use msf > set RHOSTS <Target
use Extension load platform IP-Range> IPV6 Neighbor module
msf > set SHOSTS <Target IP>
channel Display ac�ve channel -s (Space) Define maximum payload capacity msf > set SMAC <MAC Address>
msf > set THREADS < Number of
-b (characters) Define set of characters not to use concurrent threads>
reg Access machine registry
msf > run
-i (Number of times) Define number of �mes to use encoder msf > use
steal_token A�empts to steal impersona�on token from target
auxiliary/scanner/discovery/ud
-x (File name) Define a custom file to use as template p_ probe
espia Desktop spying by screenshots msf > set RHOSTS <Target
IP-Range> UDP Probe module
-o (output) Save payload
incognito Impersona�on commands msf > set THREADS < Number of
concurrent threads>
-h Help
msf > run
msf> search Search for any module
msf > use
msf > use exploit Specify and exploit to use auxiliary/scanner/discovery/ud
p_sweep
9. Important Auxiliary Modules msf > set RHOSTS <Target UDP Sweep module
IP-Range>
Metasploit Command Description msf > set THREADS < Number of
6. Session Management msf > use concurrent threads>
auxiliary/scanner/portscan/tcp msf > run
Metasploit Command Description msf > set RHOSTS <Target
IP/Subnet>
Port scanning module msf > use
msf > exploit -z Run exploit in background expec�ng one session msf > set PORTS 1-1000 auxiliary/scanner/scada/modbus
_findunitid Scan and detect Modbus Slaves
msf > run
msf > session -i msf > set RHOSTS <Target IP>
Interact with backgrounded session msf > run
[SessionID] msf > use
auxiliary/gather/dns_enum DNS Enumera�on module
msf > exploit –j
Run exploit in background expec�ng one or more
msf > set DOMAIN [Link] msf > use x86/opty2
sessions
msf > run msf nop(opty2) > generate -h
Usage: generate [options] Generates a NOP sled of a given length
msf > sessions -l List all backgrounded sessions length
msf > use auxiliary/server/ftp
msf > set FTPROOT /tmp/ftproot FTP Server module
msf > jobs –l List all current jobs msf > run
msf > jobs –k [JobID] Kills job msf > use
auxiliary/server/socks4 Proxy Server module
meterpreter > <Ctrl+Z> / msf > run
Background current interac�ve session
meterpreter > background
msf > use
auxiliary/scanner/snmp/snmp_en
um SNMP Enumera�on module
7. Interface / Output Commands msf > set RHOSTS <Target IP>
msf > exploit
Metasploit Command Description msf > use
auxiliary/scanner/sip/enumerato
enumdesktops Display all exis�ng desktops r SIP Enumera�on module
msf > set RHOSTS <Target
getdesktop Display current desktop IP/Subnet>
msf > run
keyscan_start Start keylogger in target machine
msf > use
auxiliary/scanner/ftp/ftp_versi
keyscan_stop Stop keylogger in target machine on FTP Enumera�on module
msf > set RHOSTS <Target IP>
msf > exploit

[Link]/ceh 97% Of Professionals Stated That Skills Acquired in C|EH Helped Safeguard Their Organiza�ons 02