msfconsole是msf的命令行交互界面。在msfconsole中,可以实现对msf的完美操作,是一个msf的一体化操作接口,可以完全地利用msf中的各种功能,使用msfconsole特定的命令进行操作,个人认为,相对于armitage来说,更加便捷,也更有利于我们深入理解msf的各个模块的功能。
msfconsole为了更好的为渗透测试便利,加入了外部命令的使用功能,我们可以直接在msfconsole中使用系统的命令,比如说最常用的ping命令、ifconfig命令、nmap扫描工具等。
msf5 > ifconfig
[*] exec: ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.116.0.177 netmask 255.255.0.0 broadcast 10.116.255.255
inet6 fe80::5038:6dd9:a954:7f2e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4c:15:5c txqueuelen 1000 (Ethernet)
RX packets 75 bytes 9950 (9.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 556 bytes 51358 (50.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 28 bytes 1596 (1.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 28 bytes 1596 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
msf5 >
msfconsole打开的时候会显示一些奇怪的形状之类的:
root@kali:~# msfconsole
[-] ***rting the Metasploit Framework console...\
[-] * WARNING: No database support: could not connect to server: Connection refused
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 5432?
could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?
[-] ***
____________
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $a, |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $S`?a, |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%__%%%%%%%%%%| `?a, |%%%%%%%%__%%%%%%%%%__%%__ %%%%]
[% .--------..-----.| |_ .---.-.| .,a$%|.-----.| |.-----.|__|| |_ %%]
[% | || -__|| _|| _ || ,,aS$""` || _ || || _ || || _|%%]
[% |__|__|__||_____||____||___._||%$P"` || __||__||_____||__||____|%%]
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| `"a, ||__|%%%%%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%|____`"a,$$__|%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% `"$ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
[%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
=[ metasploit v5.0.35-dev- ]
+ -- --=[ 1903 exploits - 1072 auxiliary - 329 post ]
+ -- --=[ 545 payloads - 44 encoders - 10 nops ]
+ -- --=[ 2 evasion ]
msf5 >
可以使用参数-q启动来去掉这些形状:
root@kali:~# msfconsole -q
[-] ***
[-] * WARNING: No database support: could not connect to server: Connection refused
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 5432?
could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?
[-] ***
msf5 >
其实在命令行的学习中,使用help是很重要的,help在很多情况下才是我们真正的帮手。
root@kali:~# msfconsole -h
Usage: msfconsole [options]
Common options:
-E, --environment ENVIRONMENT Set Rails environment, defaults to RAIL_ENV environment variable or 'production'
Database options:
-M, --migration-path DIRECTORY Specify a directory containing additional DB migrations
-n, --no-database Disable database support
-y, --yaml PATH Specify a YAML file containing database settings
Framework options:
-c FILE Load the specified configuration file
-v, -V, --version Show version
Module options:
--defer-module-loads Defer module loading unless explicitly asked.
-m, --module-path DIRECTORY Load an additional module path
Console options:
-a, --ask Ask before exiting Metasploit or accept 'exit -y'
-H, --history-file FILE Save command history to the specified file
-L, --real-readline Use the system Readline library instead of RbReadline
-o, --output FILE Output to the specified file
-p, --plugin PLUGIN Load a plugin on startup
-q, --quiet Do not print the banner on startup
-r, --resource FILE Execute the specified resource file (- for stdin)
-x, --execute-command COMMAND Execute the specified console commands (use ; for multiples)
-h, --help Show this message
在msfconsole中使用命令help或?都可以查看到帮助界面。
msf5 > help
Core Commands
=============
Command Description
------- -----------
? Help menu
banner Display an awesome metasploit banner
cd Change the current working directory
color Toggle color
connect Communicate with a host
exit Exit the console
get Gets the value of a context-specific variable
getg Gets the value of a global variable
grep Grep the output of another command
help Help menu
history Show command history
load Load a framework plugin
quit Exit the console
repeat Repeat a list of commands
route Route traffic through a session
save Saves the active datastores
sessions Dump session listings and display information about sessions
set Sets a context-specific variable to a value
setg Sets a global variable to a value
sleep Do nothing for the specified number of seconds
spool Write console output into a file as well the screen
threads View and manipulate background threads
unload Unload a framework plugin
unset Unsets one or more context-specific variables
unsetg Unsets one or more global variables
version Show the framework and console library version numbers
Module Commands
===============
Command Description
------- -----------
advanced Displays advanced options for one or more modules
back Move back from the current context
info Displays information about one or more modules
loadpath Searches for and loads modules from a path
options Displays global options or for one or more modules
popm Pops the latest module off the stack and makes it active
previous Sets the previously loaded module as the current module
pushm Pushes the active or list of modules onto the module stack
reload_all Reloads all modules from all defined module paths
search Searches module names and descriptions
show Displays modules of a given type, or all modules
use Interact with a module by name or search term/index
Job Commands
============
Command Description
------- -----------
handler Start a payload handler as job
jobs Displays and manages jobs
kill Kill a job
rename_job Rename a job
Resource Script Commands
========================
Command Description
------- -----------
makerc Save commands entered since start to a file
resource Run the commands stored in a file
Database Backend Commands
=========================
Command Description
------- -----------
analyze Analyze database information about a specific address or address range
db_connect Connect to an existing data service
db_disconnect Disconnect from the current data service
db_export Export a file containing the contents of the database
db_import Import a scan result file (filetype will be auto-detected)
db_nmap Executes nmap and records the output automatically
db_rebuild_cache Rebuilds the database-stored module cache
db_remove Remove the saved data service entry
db_save Save the current data service connection as the default to reconnect on startup
db_status Show the current data service status
hosts List all hosts in the database
loot List all loot in the database
notes List all notes in the database
services List all services in the database
vulns List all vulnerabilities in the database
workspace Switch between database workspaces
Credentials Backend Commands
============================
Command Description
------- -----------
creds List all credentials in the database
Developer Commands
==================
Command Description
------- -----------
edit Edit the current module or a file with the preferred editor
irb Open an interactive Ruby shell in the current context
log Display framework.log paged to the end if possible
pry Open the Pry debugger on the current module or Framework
reload_lib Reload Ruby library files from specified paths
关于一些真正使用时候的操作流程,后面就行实操的时候会有,这里想强调一下使用help的重要性。
msfconsole中支持tab键对命令的补全功能
msf是最直接,最强大好用的msf交互界面,也是本篇文章的重点介绍对象
图形化的交互界面,虽然界面不太美观,但是可以试一下,感觉用的不多
msfvenom是一个不用进入msfconsole就可使用的命令,是专门为payload generator设置的命令,使用msfvenom和相关参数可以直接生成我们想要的payload。
本篇文章为介绍性,后面会有对应的实操。