• THM Practice Room- https://tryhackme.com/room/rpmetasploit

  • Metasploit is case-insensitive. Variables can be in CAPITAL or small case letters.

  • Initialize the database - msfdb init

  • Check that we've connected to the database - db_status

  • start Metasploit - msfconsole or msfdb run

  • Find modules - search <module_name>

  • Select a module as the active module - use <module_name OR number>

  • Set remote host variable - set RHOSTS <remote_host_IP>

  • Also set any other required variable

  • Exploit the target - exploit OR run

  • msfdb run → start the database and run msfconsole, it stores cracked passwords in its database, check using creds while using Metasploit

  • setg → set global variables, unsetg → unset a global variable, guide

  • Run Nmap inside Metasploit - db_nmap <IP>

  • List of service available after scan - services

  • Default Payload - windows/meterpreter/reverse_tcp

  • After exploitation,

    • find out more information regarding the current user running the process we are in - getuid
    • finding more information out about the system itself - sysinfo
    • figure out the privileges of our current user - getprivs
    • determine if we're in a VM - run post/windows/gather/checkvm
    • check for various exploits which we can run within our session to elevate our privileges - run post/multi/recon/local_exploit_suggester
    • forcing RDP to be available - run post/windows/manage/enable_rdp