Metasploit cheatsheet

Database and Report Management: The commands involving xsltproc, hosts, services, and db_connect are used for managing databases and reports in Metasploit. These commands help in converting scan reports, filtering data, displaying specific service details, and connecting to databases.

• Payload Generation: Commands like msfvenom are used to create payloads for different platforms (Windows, Linux) which can be used for reverse shell purposes. This enables penetration testers to maintain connections with compromised machines.

• Exploitation and Handlers: Commands such as use exploit and set PAYLOAD are used for loading specific exploits and setting up payload handlers. These handlers listen for incoming connections from the target, allowing the tester to control the affected machine.

• Auxiliary and Modules Loading: Commands like use auxiliary/scanner and reloading exploits highlight the ability to perform tasks like port scanning and exploiting vulnerabilities by loading and reloading necessary modules in Metasploit.

Metasploit database

To create a database in Metasploit:

sudo service postgresql start 
sudo msfdb init 
sudo msfconsole  
Db_status 
msfconsole 
workspace -h 
workspace -a 

Useful database commands in Metasploit

Db_export -f xml database.xml
Db_import PATH/NMAP.xml 
Db_connect 
Db_import 
Db_status 
Db_nmap 
Db_stats 
//displays the hosts db column options
hosts -h 
//filter on hosts column and show only selected fields
hosts -c address, os_flavor 

Display mentioned columns and filter on Linux

Nmap inside Metasploit database

Copy a new rubby exploit to Metasploit

Post exploitation Metasploit commands

XSLT Processing for Nmap Reports: Convert XML scan results to HTML to enhance readability using browsers.

Metasploit Database Management: Utilize useful database commands for handling Metasploit databases. Customize your queries by selecting specific columns and applying filters.

Port Scanning and Service Enumeration: Use the auxiliary scanner to perform TCP port scans and filter out relevant services, such as HTTP.

Payload Generation with msfvenom: Create payloads for Windows, including reverse shells and meterpreter shells.

Launching Exploits and Handlers: Quickly set up and execute handlers and exploits in Metasploit using concise commands.

Start handler to receive a reverse shell:

Create bad elf file that connects back to us:

Database Connection in Metasploit: Connect to a specific Metasploit database using configuration files or direct connection strings.

Troubleshooting Database Issues: Resolve common database connection problems in Metasploit by ensuring necessary drivers are installed and reconfiguring as needed.