MSF brief introduction

Metasploit It's a free 、 Downloadable framework , It makes it easy to obtain 、 Develop and attack computer software vulnerabilities . It itself With hundreds of Professional vulnerability attack tools with known software vulnerabilities . When H.D. Moore stay 2003 Released in Metasploit when , Computer security has also been permanently changed . As if overnight , Anyone can be a hacker , Everyone can use the attack tools to attack the vulnerabilities that have not been patched or that have just been patched . Software vendors can no longer delay the release of patches for published vulnerabilities , This is because Metasplit The team has been trying to develop all kinds of attack tools , And contribute them to

stay kali There are installed tools
Through the command msfconsole open

modular

exploits modular

List of vulnerability attack modules , Intrusive
Naming rules
modular / System / service / name

payloads modular
Vulnerability load module and exploits The module is used together for post intrusion operation

auxiliary modular
Auxiliary modules , It is usually used for vulnerability attacks without attack load .
encoders modular
Encoder module , be used for msfvenom -e or
msf When executing, you can also use operations commonly used to generate Trojans, etc .
nops（ No operation generator module ）post（ Development module ） These two modules are not commonly used

Introduction to common commands

help msf Use the help
？+ command Help for this command
back Go back to the previous level
show + xxx List all
for example
show exploits List msf All in exploits Attack module

seach name lookup MSF All penetration attacks and other modules in

info + modular Display information about the specified penetration attack or module
for example
info indows/x64/shell/reverse_tcp

use + modular Select a module
show options Check the preparations needed before the attack

set RHOST
set RPORT Set the target host's ip Address and port
set LHOST
set LPORT The local ip And port
After setting up show payloads You can view the currently available payloads Module then according to the penetration purpose you want to achieve （ Get CMD？ Just execute a command ？ leave oneself a way out ?..） Select corresponding payloads
Then order run perhaps exploit perform
show targets Check out the supported platforms