Skip to content

Instantly share code, notes, and snippets.

@busterb
Created October 30, 2017 16:48
Show Gist options
  • Save busterb/0c80b9c9f604e51eb5dab276941ac5d6 to your computer and use it in GitHub Desktop.
Save busterb/0c80b9c9f604e51eb5dab276941ac5d6 to your computer and use it in GitHub Desktop.
Metasploit Basic Skills
# Metasploit Framework Basic Skills
If you are a developer of Metasploit, make sure you know how to do the following:
## 1. Basic Metasploit Experience
### Set up
- [ ] Set up Metasploit Framework Developer's Environment (with database connection)
### Running an auxiliary module
- [ ] SMB enumeration
### How to run an exploit
- [ ] Server side: ms17_010_eternalblue
- [ ] Client side: ms14_064_ole_code_execution
### How to run a post module
- [ ] enum_ie
- [ ] enum_applications
### How to run browser autopwn 2
- [ ] Normal mode
- [ ] Dry-run mode
### How to use meterpreter
- [ ] Interact with the remote file system
- [ ] getsystem
- [ ] switch between meterpreter > and msf >
- [ ] Keylogging
- [ ] Using an extension: Clipboard monitoring (extapi)
- [ ] Using an extension: mimikatz
### Creating a payload
- [ ] Generate an EXE
- [ ] Generate an ELF
### Running a resource script
- [ ] auto_win32_multihandler
- [ ] bap_dryrun_only
### Writing a resource script
- [ ] Automate: ms17_010_eternalblue to enum_applications
### Engaging against multiple targets
- [ ] Using the RHOSTS option in auxiliary scanner modules
- [ ] Exploit against multiple hosts
- [ ] Run a post module against multiple sessions
### Privilege Escalation
- [ ] bypassuac.rb
- [ ] ms14_058_track_popup_menu.rb
- [ ] Local exploit suggester
### Network pivoting
- [ ] Using the route command
- [ ] Allow a 3rd party tool to use a Metasploit pivot
### Using the postgres database in Framework
- [ ] notes
- [ ] services
- [ ] hosts
- [ ] creds
- [ ] notes
- [ ] loots
### Using a plugin
- [ ] The sounds plugin
## 2. Hands-on Experience
### Information gathering
- [ ] Nmap ports
- [ ] Talking to common protocols: HTTP and HTTPS using Burp Suite
- [ ] Talking to a common protocol: FTP
- [ ] Talking to a common protocol: SSH
- [ ] Talking to a common protocol: SMB
- [ ] Collecting users from Wordpress
- [ ] Brute-force HTTP
- [ ] Vulnerability scanning
- [ ] Client side browser info
- [ ] Google dorks
- [ ] Shodan / Censys
- [ ] Facebook
- [ ] Twitter
- [ ] Linkedin
- [ ] Researching what exploits could be used from Metasploit, Exploit-DB, SecurityFocus, Twitter
### Hacking Scenarios
- [ ] Exploit a server, pivot to a VPN, exploit another server inside that VPN.
- [ ] Find a server running a vulnerable SMB service on the network, exploit it. Get C:\secret.txt
- [ ] Exploit a browser, escalate, get C:\secret.txt, and install a persistent backdoor
- [ ] Find a vulnerable web server, exploit it, escalate, get C:\secret.txt
- [ ] Find an admin password, psexec, get C:\secret.txt
- [ ] Test Metasploitable
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment