background image

58

Chapter 5

point forward will occur through 

msfconsole

, and you will need a solid under-

standing of 

msfconsole

msfpayload

, and 

msfencode

 to get the most out of the 

balance of this book.

Basic Exploitation

The Metasploit Framework contains hundreds of modules, and it’s nearly 
impossible to remember them all. Running 

show

 from 

msfconsole

 will display 

every module available in the Framework, but you can also narrow your search 
by displaying only specific types of modules as discussed in the following 
sections.

msf> show exploits

Within 

msfconsole

, exploits operate against the vulnerabilities that you dis-

cover during a penetration test. New exploits are always being developed, 
and the list will continue to grow. This command will display every currently 
available exploit within the Framework.

msf> show auxiliary

Auxiliary modules in Metasploit can be used for a wide range of purposes. 
They can operate as scanners, denial-of-service modules, fuzzers, and much 
more. This command will display them and list their features.

msf> show options

Options control various settings needed for proper functionality of the 
Framework modules. When you run 

show options

 while a module is selected, 

Metasploit will display only the options that apply to that particular module. 
Entering 

msf> show options

 when not in a module will display the available 

global options—for example, you can set 

LogLevel

 to be more verbose as you 

perform an attack. You can also issue the 

back

 command to go back once 

inside a module.

msf > 

use windows/smb/ms08_067_netapi

msf exploit(ms08_067_netapi) > 

back

msf >

The 

search

 command is useful for finding a specific attack, auxiliary 

module, or payload. For example, if you want to launch an attack against 
SQL, you could search for SQL like this:

msf > 

search mssql

[*] Searching loaded modules for pattern 'mssql'...