Metasploit01

before we use Metasploit

Use the following command to open the postgresql service
'service postgresql start'

Open the Metasploit software

Use the 'msfconsole' to open the software
The location of Metasploit is
 /usr/share/metasploit-framework/msfconsole

Help function in Metasploit

'msfconsole -h'

Find system hole by name

'search name:mysql'
msf > search name:mysql

Matching Modules
================

   Name                                               Disclosure Date  Rank       Description
   ----                                               ---------------  ----       -----------
   auxiliary/admin/mysql/mysql_enum                                    normal     MySQL Enumeration Module
   auxiliary/admin/mysql/mysql_sql                                     normal     MySQL SQL Generic Query
   auxiliary/analyze/jtr_mysql_fast                                    normal     John the Ripper MySQL Password Cracker (Fast Mode)
   auxiliary/scanner/mysql/mysql_authbypass_hashdump  2012-06-09       normal     MySQL Authentication Bypass Password Dump
   auxiliary/scanner/mysql/mysql_file_enum                             normal     MYSQL File/Directory Enumerator
   auxiliary/scanner/mysql/mysql_hashdump                              normal     MYSQL Password Hashdump
   auxiliary/scanner/mysql/mysql_login                                 normal     MySQL Login Utility
   auxiliary/scanner/mysql/mysql_schemadump                            normal     MYSQL Schema Dump
   auxiliary/scanner/mysql/mysql_version                               normal     MySQL Server Version Enumeration
   auxiliary/server/capture/mysql                                      normal     Authentication Capture: MySQL
   exploit/linux/mysql/mysql_yassl_getname            2010-01-25       good       MySQL yaSSL CertDecoder::GetName Buffer Overflow
   exploit/linux/mysql/mysql_yassl_hello              2008-01-04       good       MySQL yaSSL SSL Hello Message Buffer Overflow
   exploit/windows/mysql/mysql_mof                    2012-12-01       excellent  Oracle MySQL for Microsoft Windows MOF Execution
   exploit/windows/mysql/mysql_payload                2009-01-16       excellent  Oracle MySQL for Microsoft Windows Payload Execution
   exploit/windows/mysql/mysql_start_up               2012-12-01       excellent  Oracle MySQL for Microsoft Windows FILE Privilege Abuse
   exploit/windows/mysql/mysql_yassl_hello            2008-01-04       average    MySQL yaSSL SSL Hello Message Buffer Overflow
   exploit/windows/mysql/scrutinizer_upload_exec      2012-07-27       excellent  Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential

Find system hole by platform

'search platform：mysql'
msf >search platform:mysql

Matching Modules
================

   Name                                          Disclosure Date  Rank       Description
   ----                                          ---------------  ----       -----------
   exploit/linux/mysql/mysql_yassl_getname       2010-01-25       good       MySQL yaSSL CertDecoder::GetName Buffer Overflow
   exploit/linux/mysql/mysql_yassl_hello         2008-01-04       good       MySQL yaSSL SSL Hello Message Buffer Overflow
   exploit/multi/http/manage_engine_dc_pmp_sqli  2014-06-08       excellent  ManageEngine Desktop Central / Password Manager LinkViewFetchServlet.dat SQL Injection
   exploit/windows/mysql/mysql_mof               2012-12-01       excellent  Oracle MySQL for Microsoft Windows MOF Execution
   exploit/windows/mysql/mysql_start_up          2012-12-01       excellent  Oracle MySQL for Microsoft Windows FILE Privilege Abuse
   exploit/windows/mysql/mysql_yassl_hello       2008-01-04       average    MySQL yaSSL SSL Hello Message Buffer Overflow

Search by type

'search type：post'

Search by author

'search author：dookie'