58
Chapter 5
point forward will occur through
msfconsole
, and you will need a solid under-
standing of
msfconsole
,
msfpayload
, and
msfencode
to get the most out of the
balance of this book.
Basic Exploitation
The Metasploit Framework contains hundreds of modules, and it’s nearly
impossible to remember them all. Running
show
from
msfconsole
will display
every module available in the Framework, but you can also narrow your search
by displaying only specific types of modules as discussed in the following
sections.
msf> show exploits
Within
msfconsole
, exploits operate against the vulnerabilities that you dis-
cover during a penetration test. New exploits are always being developed,
and the list will continue to grow. This command will display every currently
available exploit within the Framework.
msf> show auxiliary
Auxiliary modules in Metasploit can be used for a wide range of purposes.
They can operate as scanners, denial-of-service modules, fuzzers, and much
more. This command will display them and list their features.
msf> show options
Options control various settings needed for proper functionality of the
Framework modules. When you run
show options
while a module is selected,
Metasploit will display only the options that apply to that particular module.
Entering
msf> show options
when not in a module will display the available
global options—for example, you can set
LogLevel
to be more verbose as you
perform an attack. You can also issue the
back
command to go back once
inside a module.
msf >
use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) >
back
msf >
The
search
command is useful for finding a specific attack, auxiliary
module, or payload. For example, if you want to launch an attack against
SQL, you could search for SQL like this:
msf >
search mssql
[*] Searching loaded modules for pattern 'mssql'...