background image

10

Chapter 2

unique exploitation when you know exactly which exploit and options you 
need. It is less forgiving than 

msfconsole

, but it offers some basic help (includ-

ing usage and a list of modes) with the command 

msfcli -h

, as shown here:

root@bt:/opt/framework3/msf3# msfcli -h
Usage: /opt/framework3/msf3/msfcli <exploit_name> <option=value> [mode]
==============================================================================

Mode

Description

   ----     

---------------

(H)elp

You're looking at it, baby!

   (S)ummary

Show information about this module

(O)ptions

Show available options for this module

(A)dvanced

Show available advanced options for this module

(I)DS Evasion

Show available ids evasion options for this module

(P)ayloads

Show available payloads for this module

(T)argets

Show available targets for this exploit module

(AC)tions

Show available actions for this auxiliary module

(C)heck

Run the check routine of the selected module

(E)xecute

Execute the selected module

root@bt:/opt/framework3/msf3#

Sample Usage

Let’s take a look at how you might use 

msfcli

. Don’t worry about the details; 

these examples are intended to give you a sense of how you might work with 
this interface.

When you are first learning Metasploit or whenever you get stuck, you 

can see the options available in a module by appending the letter 

O

 to the end 

of the string at whichever point you are stuck. For example, in the following 
listing, we use the 

O

 to see the options available for the 

ms08_067_netapi

 module:

root@bt:/# 

msfcli windows/smb/ms08_067_netapi O

[*] Please wait while we load the module tree...

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST    0.0.0.0          yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)

You can see that the module requires three options: 

RHOST

RPORT

, and 

SMPIPE

. Now, by adding a 

P

, we can check for available payloads:

root@bt:/# 

msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.155 P

[*] Please wait while we load the module tree...