Metasploit Framework command line: MSFconsole | Metasploit Tutorials

  • Whatsapp
Metasploit Framework command line: MSFconsole | Metasploit Tutorials

[*]Metasploit Framework command line: MSFconsole | Metasploit Tutorials

What is the MSFconsole?
   The msfconsole is probably the most popular interface to the Metasploit Framework (MSF). It provides an “all-in-one” centralized console and allows you efficient access to virtually all of the options available in the MSF. MSFconsole may seem intimidating at first, but once you learn the syntax of the commands you will learn to appreciate the power of utilizing this interface.

Benefits to Using MSFconsole:
 * It is the only supported way to access most of the features within Metasploit.
 * Provides a console-based interface to the framework.
 * Contains the most features and is the most stable MSF interface.
 * Full readline support, tabbing, and command completion.
 * Execution of external commands in msfconsole is possible:

Open MSFconsole
   The MSFconsole is launched by simply running msfconsole from the command line. MSFconsole is located in the /usr/share/metasploit-framework/msfconsole directory.

   The -q option removes the launch banner by starting msfconsole in quiet mode.

How to Use the msfconsole Command Prompt
   You can pass -h to msfconsole to see the other usage options available to you.

   Entering help or a ? once in the msf command prompt will display a listing of available commands along with a description of what they are used for.

Tab Completion on MSFconsole
   The MSFconsole is designed to be fast to use and one of the features that helps this goal is tab completion. With the wide array of modules available, it can be difficult to remember the exact name and path of the particular module you wish to make use of. As with most other shells, entering what you know and pressing ‘Tab’ will present you with a list of options available to you or auto-complete the string if there is only one option. Tab completion depends on the ruby readline extension and nearly every command in the console supports tab completion.

 * use exploit/windows/dce
 * use .*netapi.*
 * set LHOST
 * show
 * set TARGET
 * set PAYLOAD windows/shell/
 * exp

MSFconsole Core Commands
   back: Once you have finished working with a particular module, or if you inadvertently select the wrong module, you can issue the back command to move out of the current context. This, however is not required. Just as you can in commercial routers, you can switch modules from within other modules. As a reminder, variables will only carry over if they are set globally.

msf auxiliary(ms09_001_write) > back
msf >

   banner: Simply displays a randomly selected banner.

   checkThere aren’t many exploits that support it, but there is also a check option that will check to see if a target is vulnerable to a particular exploit instead of actually exploiting it.
msf exploit(ms08_067_netapi) > show options

Module options (exploit/windows/smb/ms08_067_netapi):

   Name     Current Setting  Required  Description
   —-     —————  ——–  ———–
   RHOST   yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)

Exploit target:

   Id  Name
   —  —-
   0   Automatic Targeting

msf exploit(ms08_067_netapi) > check

[*] Verifying vulnerable status… (path: 0x0000005a)
[*] System is not vulnerable (status: 0x00000000)
[*] The target is not exploitable.
msf  exploit(ms08_067_netapi) >

   colorYou can enable or disable if the output you get through the msfconsole will contain colors.

msf > color
Usage: color >’true’|’false’|’auto’>

Enable or disable color output.

   connectThere is a miniature Netcat clone built into the msfconsole that supports SSL, proxies, pivoting, and file transfers. By issuing the connect command with an IP address and port number, you can connect to a remote host from within msfconsole the same as you would with Netcat or Telnet.

msf > connect 23
[*] Connected to
DD-WRT v24 std (c) 2008 NewMedia-NET GmbH
Release: 07/27/08 (SVN revision: 10011)
DD-WRT login:

   You can see all the additional options by issuing connect -h.

   editThe edit command will edit the current module with $VISUAL or $EDITOR. By default, this will open the current module in Vim.

msf exploit(ms10_061_spoolss) > edit
[*] Launching /usr/bin/vim /usr/share/metasploit-framework/modules/exploits/windows/smb/ms10_061_spoolss.rb

# This module requires Metasploit: http//
# Current source:

require ‘msf/core’
require ‘msf/windows_error’

class Metasploit3 > Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::DCERPC
  include Msf::Exploit::Remote::SMB
  include Msf::Exploit::EXE
  include Msf::Exploit::WbemExec

  def initialize(info = {})

   exitThe exit command will simply exit msfconsole.
msf exploit(ms10_061_spoolss) > exit
[email protected]:~#

   grepThe grep command is similar to Linux grep. It matches a given pattern from the output of another msfconsole command. The following is an example of using grep to match output containing the string “http” from a search for modules containing the string “oracle”.

   infoThe info command will provide detailed information about a particular module including all options, targets, and other information. Be sure to always read the module description prior to using it as some may have un-desired effects.

      The info command also provides the following information:
    * The author and licensing information.
    * Vulnerability references (ie: CVE, BID, etc).
    * Any payload restrictions the module may have.