search

Metasploit Framework Console

msfconsole

hashtag
Introduction

Metasploit framework console or msfconsole is the command-line interface (CLI) for the Metasploit Framework. It is the most commonly used interface for interacting with Metasploit.

hashtag
Msfconsole workflows

hashtag
Basic

hashtag
1. Launch the msfconsole

hashtag
2. Show the modules

Example:

hashtag
3. Use the specific module

Alternatively,

(module_number is the numbering of the specific module that you want to use which is from the result of previous show command)

Example:

OR,

hashtag
4. See the contexts in which we will work

hashtag
5. Obtain information on any module (within the context of module)

hashtag
6. Leave the context

hashtag
7. Search the module with relevant search parameter

Example:

hashtag
8. Search the modules with a specific search parameter and by specifying module type

Example:

hashtag
Working with modules

hashtag
1. Select appropriate module from the given modules

OR,

hashtag
2. See the values in the context in which we will work

(This will show the options which is to be set with values for working further, like RPORT, RHOST, LPORT, LHOST, Payload)

circle-info

  1. RPORT: the remote port on the target system

  2. RHOST: the remote host, which is the target machine IP address

  3. LPORT: the local unused port on our local machine that will be used to connect back using reverse shell

  4. LHOST: the attacking machine or the local machine IP address

  5. Payload: the payload name that will be used for further exploitation

hashtag
3. Set the values for the modules

Example:

hashtag
4. Unset the values for the modules (optional)

hashtag
5. Unset all the values for the modules (optional)

hashtag
6. Set the values for the modules globally (optional)

hashtag
7. Unset the values for the modules which has been set globally (optional)

hashtag
Using modules

hashtag
1. Run the module (after setting all of its required values)

OR,

hashtag
2. Run the module and background its session as soon as it opens (optional)

OR, use the keyboard command: CTRL + Z (when the session is created, after running the module)

hashtag
3. Check if the target system is vulnerable without exploiting it (optional, only for some modules)

hashtag
4. See the existing sessions in msf or meterpreter context

(This will show the current sessions with their session id)

hashtag
5. Interact with any one session

hashtag
Different msf prompts

hashtag
The msf console

It is the prompt in which context specific commands for setting parameters, seraching and running modules, etc. can be used. Initially, no context is set here.

hashtag
The context prompt

After choosing the module in the msfconsole using the use command, we will get this prompt. The context specific commands here are for setting the values and running the modules like: set RPORT 80

Example:

hashtag
The meterpreter prompt

After running the module, if we get the meterpreter prompt, then this specifies that meterpreter agent (payload) was loaded to the target system and connected back to us).

PreviousMetasploit - IntroNextMsfvenom

Last updated