MSFConsole Cheatsheet
| Command | Description |
|---|---|
show exploits | Show all exploits within the Framework. |
show payloads | Show all payloads within the Framework. |
show auxiliary | Show all auxiliary modules within the Framework. |
search <name> | Search for exploits or modules within the Framework. |
info | Load information about a specific exploit or module. |
use <name> | Load an exploit or module (example: use windows/smb/psexec). |
use <number> | Load an exploit by using the index number displayed after the search |
LHOST | Your local host’s IP address reachable by the target, often the public IP address when not on a local network. Typically used for reverse shells. |
RHOST | The remote host or the target. set function Set a specific value (for example, LHOST or RHOST). |
setg <function> | Set a specific value globally (for example, LHOST or RHOST). |
show options | Show the options available for a module or exploit. |
show targets | Show the platforms supported by the exploit. |
set target <number> | Specify a specific target index if you know the OS and service pack. |
set payload <payload> | Specify the payload to use. |
set payload <number> | Specify the payload index number to use after the show payloads command. |
show advanced | Show advanced options. |
set autorunscript migrate -f | Automatically migrate to a separate process upon exploit completion. |
check | Determine whether a target is vulnerable to an attack. |
exploit | Execute the module or exploit and attack the target. |
exploit -j | Run the exploit under the context of the job. (This will run the exploit in the background.) |
exploit -z | Do not interact with the session after successful exploitation. |
exploit -e <encoder> | Specify the payload encoder to use (example: exploit –e shikata_ga_nai). |
exploit -h | Display help for the exploit command. |
sessions -l | List available sessions (used when handling multiple shells). |
sessions -l -v | List all available sessions and show verbose fields, such as which vulnerability was used when exploiting the system. |
sessions -s <script> | Run a specific Meterpreter script on all Meterpreter live sessions. |
sessions -K | Kill all live sessions. |
sessions -c <cmd> | Execute a command on all live Meterpreter sessions. |
sessions -u <sessionID> | Upgrade a normal Win32 shell to a Meterpreter console. |
db_create <name> | Create a database to use with database-driven attacks (example: db_create autopwn). |
db_connect <name> | Create and connect to a database for driven attacks (example: db_connect autopwn). |
db_nmap | Use Nmap and place results in a database. (Normal Nmap syntax is supported, such as –sT –v –P0.) |
db_destroy | Delete the current database. |
db_destroy <user:password@host:port/database> | Delete database using advanced options. |
Failure
Error: There is another generation process
plugin:obsidian-textgenerator-plugin:56949 TextGenerator.eval plugin:obsidian-textgenerator-plugin:56949:31
Generator.next
plugin:obsidian-textgenerator-plugin:78 eval plugin:obsidian-textgenerator-plugin:78:61
new Promise
plugin:obsidian-textgenerator-plugin:62 __async plugin:obsidian-textgenerator-plugin:62:10
plugin:obsidian-textgenerator-plugin:56935 TextGenerator.generate plugin:obsidian-textgenerator-plugin:56935:12
plugin:obsidian-textgenerator-plugin:58440 AutoSuggest.eval plugin:obsidian-textgenerator-plugin:58440:52
Generator.next
plugin:obsidian-textgenerator-plugin:78 eval plugin:obsidian-textgenerator-plugin:78:61
new Promise