# Metasploit Framework
![[Using the Metasploit Framework - Introduction to Metasploit#^yt5kew]]
![[Using the Metasploit Framework - Introduction to Metasploit#^pdvp7d]]
## Modules
![[Using the Metasploit Framework - Introduction to Metasploit#^facxsi]]
![[Using the Metasploit Framework - Modules#^z0tkbd]]
![[Using the Metasploit Framework - Modules#^3rvvo0]]
Here's a table of all the possible module types:
![[Using the Metasploit Framework - Modules#^p12aos]]
To show all loaded modules you can use `show <TYPE>` e.g. `show exploits`.
Modules can be configured using `options`. Options are set using `set` or `setg` (which will persist options across modules). Not all options are listed in `options`, some are generic like `payload`.
`info` will provide information about a module.
A module can be selected using `use`.
We can keep track of interesting modules using the module stack with is controlled using `popm`, `pushm`, `listm`, and `clearm`.
Modules can be compatible with one or more *targets*.
![[Using the Metasploit Framework - Targets#^pnw4ow]]
Modules can be started in the background as *jobs* using `-j`. View current jobs using the `jobs` command.
After an exploit is completed, a *session* is created. Post exploit modules usually depend on an already established session. View current sessions using the `sessions` command.
Find more about jobs and sessions in [[Using the Metasploit Framework - Sessions]].
### Searching for Modules
We can search for modules using the `search` command. The command accepts tags, so for instance to look for exploits only call `search type:exploit <search term>`.
![[Using the Metasploit Framework - Modules#^3mbyx5]]
## Importing New Modules
One popular way of finding new modules is using ExploitDB.
![[Using the Metasploit Framework - Writing and Importing Modules#^aryf65]]
![[Using the Metasploit Framework - Writing and Importing Modules#^8rmma5]]
![[Using the Metasploit Framework - Writing and Importing Modules#^78tz7i]]
After placing modules in the appropriate path you need to call `loadpath` with the path, or `reload_all` before the module can be used.
### Noteworthy Modules
- `post/multi/recon/local_exploit_suggester` will use a current session to suggest further exploits.
- `exploit/multi/handler` handler for payloads deployed outside of Metasploit. You'll need to set a payload (defaults to reverse TCP shell). To use with Meterpreter set payload to `<OS>/meterpreter/reverse_tcp`.
- `post/multi/manage/shell_to_meterpreter`
- `auxiliary/scanner/http/tomcat_mgr_login` will use a wordlist against Tomcat manager app login (see [[Jerry Write-up]])
- `exploit/multi/http/tomcat_mgr_upload` will get a shell given Tomcat manager app login
## Payloads
![[Using the Metasploit Framework - Payloads#^kx0uoq]]
More information about payloads along with classifications into singles, stagers, and stages can be found here: [[Using the Metasploit Framework - Payloads]].
![[Using the Metasploit Framework - Payloads#^m1ubpu]]
![[Using the Metasploit Framework - Payloads#^rq8t5t]]
## Database
![[Using the Metasploit Framework - Databases#^xnlla4]]
To check the status of the database run:
```sh
sudo msfdb status
```
Metasploit uses a [[PostgreSQL]] database so it needs to be up and running:
```sh
sudo systemctl start postgresql
```
A database needs to be initialized before first use:
```sh
sudo msfdb init
```
Finally call
```sh
sudo msfdb run
```
which will start Metasploit with database enabled.
When running with a database the following concepts and commands are of interest:
- `workspace` (add `-a`, delete `-d`) will add or delete a workspace, which is like a Metasploit project.
- `db_import` will import a [[Nmap]] scan into Metasploit (xml file preferred).
- `db_nmap` will run [[Nmap]] directly.
- `hosts`, `services`, `creds`, `loot`, will display captured data.
- `db_export` will export it.
## MSFVenom
MSFVenom can be used to make payloads. For more see [[Using the Metasploit Framework - Introduction to MSFVenom]].
## Hack The Box Machines
- [[Jerry Write-up|Jerry]]