Metasploit Basics
9
MSFconsole
Msfconsole
is by far the most popular part of the Metasploit Framework,
and for good reason. It is one of the most flexible, feature-rich, and well-
supported tools within the Framework.
Msfconsole
provides a handy all-in-one
interface to almost every option and setting available in the Framework; it’s
like a one-stop shop for all of your exploitation dreams. You can use
msfconsole
to do everything, including launching an exploit, loading auxiliary modules,
performing enumeration, creating listeners, or running mass exploitation
against an entire network.
Although the Metasploit Framework is constantly changing, a subset of
commands remain relatively constant. By mastering the basics of
msfconsole
,
you will be able to keep up with any changes. To illustrate the importance of
learning
msfconsole
, it will be used in nearly every chapter of the book.
Starting MSFconsole
To launch
msfconsole
, enter
msfconsole
at the command line:
root@bt:/#
cd /opt/framework3/msf3/
root@bt:/opt/framework/msf3#
msfconsole
< metasploit >
------------
\ ,__,
\ (oo)____
(__) )\
||--|| *
msf >
To access
msfconsole
’s help files, enter
help
followed by the command
which you are interested in. In the next example, we are looking for help
for the command
connect
, which allows us to communicate with a host. The
resulting documentation lists usage, a description of the tool, and the various
option flags.
msf >
help connect
We’ll explore MSFConsole in greater depth in the chapters that follow.
MSFcli
Msfcli
and
msfconsole
take very different approaches to providing access to the
Framework. Where
msfconsole
provides an interactive way to access all features
in a user-friendly manner,
msfcli
puts the priority on scripting and interpret-
ability with other console-based tools. Instead of providing a unique inter-
preter to the Framework,
msfcli
runs directly from the command line, which
allows you to redirect output from other tools into
msfcli
and direct
msfcli
output to other command-line tools.
Msfcli
also supports the launching of
exploits and auxiliary modules, and it can be convenient when testing mod-
ules or developing new exploits for the Framework. It is a fantastic tool for