Created
October 30, 2017 16:48
-
-
Save busterb/0c80b9c9f604e51eb5dab276941ac5d6 to your computer and use it in GitHub Desktop.
Metasploit Basic Skills
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Metasploit Framework Basic Skills | |
| If you are a developer of Metasploit, make sure you know how to do the following: | |
| ## 1. Basic Metasploit Experience | |
| ### Set up | |
| - [ ] Set up Metasploit Framework Developer's Environment (with database connection) | |
| ### Running an auxiliary module | |
| - [ ] SMB enumeration | |
| ### How to run an exploit | |
| - [ ] Server side: ms17_010_eternalblue | |
| - [ ] Client side: ms14_064_ole_code_execution | |
| ### How to run a post module | |
| - [ ] enum_ie | |
| - [ ] enum_applications | |
| ### How to run browser autopwn 2 | |
| - [ ] Normal mode | |
| - [ ] Dry-run mode | |
| ### How to use meterpreter | |
| - [ ] Interact with the remote file system | |
| - [ ] getsystem | |
| - [ ] switch between meterpreter > and msf > | |
| - [ ] Keylogging | |
| - [ ] Using an extension: Clipboard monitoring (extapi) | |
| - [ ] Using an extension: mimikatz | |
| ### Creating a payload | |
| - [ ] Generate an EXE | |
| - [ ] Generate an ELF | |
| ### Running a resource script | |
| - [ ] auto_win32_multihandler | |
| - [ ] bap_dryrun_only | |
| ### Writing a resource script | |
| - [ ] Automate: ms17_010_eternalblue to enum_applications | |
| ### Engaging against multiple targets | |
| - [ ] Using the RHOSTS option in auxiliary scanner modules | |
| - [ ] Exploit against multiple hosts | |
| - [ ] Run a post module against multiple sessions | |
| ### Privilege Escalation | |
| - [ ] bypassuac.rb | |
| - [ ] ms14_058_track_popup_menu.rb | |
| - [ ] Local exploit suggester | |
| ### Network pivoting | |
| - [ ] Using the route command | |
| - [ ] Allow a 3rd party tool to use a Metasploit pivot | |
| ### Using the postgres database in Framework | |
| - [ ] notes | |
| - [ ] services | |
| - [ ] hosts | |
| - [ ] creds | |
| - [ ] notes | |
| - [ ] loots | |
| ### Using a plugin | |
| - [ ] The sounds plugin | |
| ## 2. Hands-on Experience | |
| ### Information gathering | |
| - [ ] Nmap ports | |
| - [ ] Talking to common protocols: HTTP and HTTPS using Burp Suite | |
| - [ ] Talking to a common protocol: FTP | |
| - [ ] Talking to a common protocol: SSH | |
| - [ ] Talking to a common protocol: SMB | |
| - [ ] Collecting users from Wordpress | |
| - [ ] Brute-force HTTP | |
| - [ ] Vulnerability scanning | |
| - [ ] Client side browser info | |
| - [ ] Google dorks | |
| - [ ] Shodan / Censys | |
| - [ ] Researching what exploits could be used from Metasploit, Exploit-DB, SecurityFocus, Twitter | |
| ### Hacking Scenarios | |
| - [ ] Exploit a server, pivot to a VPN, exploit another server inside that VPN. | |
| - [ ] Find a server running a vulnerable SMB service on the network, exploit it. Get C:\secret.txt | |
| - [ ] Exploit a browser, escalate, get C:\secret.txt, and install a persistent backdoor | |
| - [ ] Find a vulnerable web server, exploit it, escalate, get C:\secret.txt | |
| - [ ] Find an admin password, psexec, get C:\secret.txt | |
| - [ ] Test Metasploitable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment