# Metasploit Framework ![[Using the Metasploit Framework - Introduction to Metasploit#^yt5kew]] ![[Using the Metasploit Framework - Introduction to Metasploit#^pdvp7d]] ## Modules ![[Using the Metasploit Framework - Introduction to Metasploit#^facxsi]] ![[Using the Metasploit Framework - Modules#^z0tkbd]] ![[Using the Metasploit Framework - Modules#^3rvvo0]] Here's a table of all the possible module types: ![[Using the Metasploit Framework - Modules#^p12aos]] To show all loaded modules you can use `show <TYPE>` e.g. `show exploits`. Modules can be configured using `options`. Options are set using `set` or `setg` (which will persist options across modules). Not all options are listed in `options`, some are generic like `payload`. `info` will provide information about a module. A module can be selected using `use`. We can keep track of interesting modules using the module stack with is controlled using `popm`, `pushm`, `listm`, and `clearm`. Modules can be compatible with one or more *targets*. ![[Using the Metasploit Framework - Targets#^pnw4ow]] Modules can be started in the background as *jobs* using `-j`. View current jobs using the `jobs` command. After an exploit is completed, a *session* is created. Post exploit modules usually depend on an already established session. View current sessions using the `sessions` command. Find more about jobs and sessions in [[Using the Metasploit Framework - Sessions]]. ### Searching for Modules We can search for modules using the `search` command. The command accepts tags, so for instance to look for exploits only call `search type:exploit <search term>`. ![[Using the Metasploit Framework - Modules#^3mbyx5]] ## Importing New Modules One popular way of finding new modules is using ExploitDB. ![[Using the Metasploit Framework - Writing and Importing Modules#^aryf65]] ![[Using the Metasploit Framework - Writing and Importing Modules#^8rmma5]] ![[Using the Metasploit Framework - Writing and Importing Modules#^78tz7i]] After placing modules in the appropriate path you need to call `loadpath` with the path, or `reload_all` before the module can be used. ### Noteworthy Modules - `post/multi/recon/local_exploit_suggester` will use a current session to suggest further exploits. - `exploit/multi/handler` handler for payloads deployed outside of Metasploit. You'll need to set a payload (defaults to reverse TCP shell). To use with Meterpreter set payload to `<OS>/meterpreter/reverse_tcp`. - `post/multi/manage/shell_to_meterpreter` - `auxiliary/scanner/http/tomcat_mgr_login` will use a wordlist against Tomcat manager app login (see [[Jerry Write-up]]) - `exploit/multi/http/tomcat_mgr_upload` will get a shell given Tomcat manager app login ## Payloads ![[Using the Metasploit Framework - Payloads#^kx0uoq]] More information about payloads along with classifications into singles, stagers, and stages can be found here: [[Using the Metasploit Framework - Payloads]]. ![[Using the Metasploit Framework - Payloads#^m1ubpu]] ![[Using the Metasploit Framework - Payloads#^rq8t5t]] ## Database ![[Using the Metasploit Framework - Databases#^xnlla4]] To check the status of the database run: ```sh sudo msfdb status ``` Metasploit uses a [[PostgreSQL]] database so it needs to be up and running: ```sh sudo systemctl start postgresql ``` A database needs to be initialized before first use: ```sh sudo msfdb init ``` Finally call ```sh sudo msfdb run ``` which will start Metasploit with database enabled. When running with a database the following concepts and commands are of interest: - `workspace` (add `-a`, delete `-d`) will add or delete a workspace, which is like a Metasploit project. - `db_import` will import a [[Nmap]] scan into Metasploit (xml file preferred). - `db_nmap` will run [[Nmap]] directly. - `hosts`, `services`, `creds`, `loot`, will display captured data. - `db_export` will export it. ## MSFVenom MSFVenom can be used to make payloads. For more see [[Using the Metasploit Framework - Introduction to MSFVenom]]. ## Hack The Box Machines - [[Jerry Write-up|Jerry]]