| | at : |





HaHwul’s Metasploit Cheat Sheet
Class Detail Class Cheat Sheet Author: HaHwul
HMCS-DEF
[Default Usage]
HMCS-DEF01
[Use Module]
- 0x01 Find Module
Search module
+ search [Key Word]

- 0x02 Use Vulnerability Module
+ use auxiliary/scanner/http/ssl_version [Module]
+ show options
+ run

- 0x01 Find MSF Plugin
HMCS-DEF02
[Use Exploit Handler]
- 0x01 Use Exploit Handler
+ use exploit/multiple/handler
+ set PAYLOAD [Payload Name]
+ show options
+ //set options data
+ exploit

HMCS-DEF03
[Metasploit Database]
- 0x01 Setting/Connect Database
 + > su - postgres
 + > createuser yourdbid -P
 + > createdb --owner=yourdbid yourdbname



- 0x02 Use MSF Database
 + db_connect yourdbid:yourpassword@127.0.0.1:5432/yourdbname

HMCS-MPS
[Metapreter Shell]
HMCS-MPS01 - 0x01 Use MSF Database

HMCS-MPS01 - 0x01 Use MSF Database
HMCS-WEB
[Attack Web Server]
HMCS-WEB01
[Web Vulnerability Scan]
- 0x01 Web Vulnerability Scan with WMAP(MSF Plugin)
Load Wmap Module in Metasploit(MSF에서 wmap 로드하기)
+ load wmap
+ wmap_sites -a [TARGET SITE NAME]
+ wmap_targets -a [TARGET URL] #타겟 URL 지정
+ wmap_targets -d 0 #Scan된 hosts 정보에서 데이터를 가져옴 / 0번째 host
+ wmap_run -e #Run Scan!!

- 0x02 Find SSL Vulnerability with Metasploit
POODLE Attack
+ use auxiliary/scanner/http/ssl_version
+ hosts -a # or set RHOST [TARGET]
+ run / exploit

CCS Injection
+ use auxiliary/scanner/ssl/openssl_ccs
+ hosts -a # or set RHOST [TARGET]
+ run / exploit

HeartBleed
+ use auxiliary/scanner/ssl/openssl_heartbleed
+ hosts -a # or set RHOST [TARGET]
+ run / exploit

HMCS-WEB02
[Load Web Payload]


HMCS-MOB
[Attack Mobile Devices]
HMCS-MOB01
[Attack Mobile Devcie with Autopwn]


HMCS-MOB02
[Gerenate Remote Shell APK]