MSFConsole is one of the most efficient, most powerful, highly integrated end interface that facilitates penetration testers to use the entire exploit framework.
To facilitate the operation of some of the most commonly used commands summarized in the following table
instruction |
description |
check |
Without exploitation of a vulnerability scan (most do not use this command) |
search string |
Using the module name query |
show exploits |
Under the framework of the program displays all vulnerabilities |
show payloads |
Internet display all payloads |
show encoders |
Display coding tools available templates |
show nops |
Display all available NOP generator |
show options |
All information and options specified template information |
show targets |
Displays the operating system supports the type of exploit |
show advanced |
Show Advanced Options |
connect IP |
Test connectivity instruction |
exploit |
Executes the specified exploit |
run |
Executes the specified auxiliary |
info module |
Displays information specified template |
use module |
Select a specific penetration testing function template |
set param value |
Set the current template parameters |
setg param value |
Set global parameters |
unset param |
Cancel set to set, cancel all with unset all |
Unsetg Param |
Cancel part or all of the global settings |
Module has been tested and found himself MSF does not have the tools to scan vulnerabilities
So do not try to use the host vulnerability scanning;
Use of MS17-010, use the query module
Select the modules used
Setting targets:
Payloads in the current display module
Select the appropriate payload
Set the listening IP
Execution attack
Due to the poor performance of the target system, the system has been down
Simply look at options right