concept msfconsole in category security

appears as: msfconsole, msfconsole, n msfconsole, The msfconsole
The Art of Network Penetration Testing MEAP V09

This is an excerpt from Manning's book The Art of Network Penetration Testing MEAP V09.

To use the Metasploit module you will of course have to fire up the msfconsole from inside your pentest VM.  Type use auxiliary/scanner/smb/smb_ms17_010 in the console prompt to select the module.  Set the rhosts variable to point to your windows.txt like this set rhosts file:/path/to/your/windows.txt. Now run the module by issuing the run command at the prompt. The following listing shows what it looks like to run this module.

Save the file, navigate with a cd command back into the Metasploit-framework directory, and start up the msfconsole by running ./msfconsole. After it loads you should be inside the Metasploit prompt. You can verify the connection to your postgres database by issuing the db_status command. Your output should say “Connected to msfdb. Connection type: postgresql.”

Figure A.2 Output of the db_status command from inside msfconsole

The msfconsole also displays some helpful information about what each parameter is and whether or not its required to run the module in the description column when you run the show options command. In keeping with the intuitive msfconsole commands, if you want to set the value of a particular parameter, you can do so using the set command. For example, type the following command to set the value for the RHOSTS parameter:

set RHOSTS 127.0.0.1

Then press Enter. Run the show options command again. You’ll notice that the value you specified for the RHOSTS parameter is now displayed in the Current Setting column. The award for easiest commands to remember definitely goes to Metasploit. If you want to run this module, type the run command at the prompt. To exit the msfconsole and return to your Bash prompt, you don’t have to think too hard about what the command might be. You guessed it: it’s exit.

  • The msfconsole is sort of like a shell within a shell with its own set of intuitively named commands used to navigate around the Metasploit Framework.
  • sitemap

    Unable to load book!

    The book could not be loaded.

    (try again in a couple of minutes)

    manning.com homepage
    test yourself with a liveTest