By the end of this article, you will walk out with a working understanding of Metasploit. Your hands will be dying to try the tool and your head will be buried in your computer. We suggest you pause reading and grab a paper and a pen to jot down the important bits, pun not intended, and also write any questions that you have, which you can later comment below for us to answer.
KNOW THY BEAST
The Metasploit Project is a pentest project that you can use to find and exploit vulnerabilities. That’s about it. Oh and it’s Ruby based and is quite a favourite among pentesters and security analysts.
Oh and it also comes with pre-built scripts which make hacking so so simple.
And, and, and, it also has more than 1900 different kinds of exploits that don’t really care which operating system is at target, which means that you could exploit literally anything. Websites, IoT, networks, hosts, hardware, software, you name it!
WHAT CAN IT DO?
More like what can’t it do?
- Enumerate networks
- Execute attacks
- Identify security bugs
- Mitigate vulnerabilities
- Manage security assessments
- Evade detection
DO YOU HAVE WHAT IT TAKES?
Minimum System Requirements:
- 2 GHz Processor
- 4 GB RAM
- 1 GB Disk space
Supported Operating Systems:
- Windows Server 2008 and later
- Windows 8 and later
- Red Hat Enterprise Linux 5.10 and later
- Ubuntu Linux 14.04 and later
1, 2, 3, DOWNLOAD
Oh wait. No need to download. Kali has it pre-installed!
(If you want to know how to get started with Kali, go here.)
LET’S OPEN IT, THEN!
Now, write these 3 commands:
1. Start the postgresql service: service postgresql start
2. And check its status: systemctl status postgresql.service
3. Create and initialise msf database: msfdb init
You are ready to use it. 🙂
Wait, what are these numbers at the bottom. Let’s look at them, shall we?
- Metasploit v5.0.37-dev: is obviously the version of Metasploit (didn’t need to tell this but too late now)
- 1915 exploits : Are you fu**ing kidding me? No. We warned you earlier. It has a lot of exploits. It’s Metasploit, man!
- 545 payloads : After you use the exploit to get in, you drop the payload. Payloads are the malicious executable code that are sent to infect the system.
- 1074 auxiliary : Apart from 1915 exploit modules, you have 1074 auxiliary modules (which don’t have payloads cause they are not used for exploitation). Use them to a variety of other things like making port scanners, vulnerability scanners etc.
- 329 post : Once you breach into your target, you could escalate your privileges, get your hands on some evidence or do other shady stuff using these post exploitation modules.
- 44 encoders : These encoders ensure that your payloads sneak into the target without getting caught, by encoding them.
- 10 nops: Made to maintain the consistency of your payload size.
- 2 evasion: Use these to create payloads that can’t be detected and laugh at the target’s anti-virus.
Okay, last but not the least. Type help to see the endless things (along with the commands) you can do on this beast.
OK, LET’S BEGIN!
1. Check the database status to make sure you are connected and everything is in place. Command: db_status
a. For new workspace: workspace -a name_of_workspace
b. For deleting a workspace: workspace -d name_of_workspace
c. To get help about other workspace commands: workspace -h
3. Start enumeration:
In this post, you’ll be hacking into a Linux Virtual Machine.
Step 1: Command for nmap scan: db_nmap -A ip_to_scan
(Metasploit supports nmap scan, thanks to database!)
You’ll now see that the host is added to the database.
Command to see all hosts: hosts
Step 2: Command to see all services: services
Can you see vsftpd 2.3.4?
Step 3: Command to see the exploits you have for this: search exploit_name
You can also see ALL exploits you have through: show exploits
Voila! We found one!
SHALL WE EXPLOIT?
Step 1: Select the exploit: use exploit_name
Step 2: See what YOU need to input (also called options here).
Command: Figure this one out yourself from the image below.
You’ll see that RHOSTS (i.e. Remote Hosts) are needed.
RHOSTS mean Remote Hosts: The IP of your target
RPORT mean Remote Port: The port of your target
Do you know what LHOST and LPORT mean? Comment below to take a guess.
Step 3: Set RHOSTS
Command: set RHOSTS ip_of_target
In case you want to get them from the database, you can use the command: hosts -S Linux -R
The above command has two parts:
-S: S as in Operating System. We have used -S Linux to find all the devices that are Linux based.
-R: We use this to attach the above found devices in the RSHOSTS.
STEP 4: Check your targets: show targets
In case you see multiple targets, set them using this command:set target 0/1/2
Step 5: An exploit has to have a payload.
To see payloads for this exploit: show payloads
Set this payload using the command in the image below. And once again, check your options.
Can you see the payload options now?
Note: You could even be prompted to set LHOST and LPORT (but it varies from payload to payload).
1. Command to exploit: exploit
If all goes well, your payload will reach where it’s meant to and do it’s work and present you with a shell.
2. To put the shell in the background: background
You can carry out post exploits on the shell later. Can you recall how many post exploits Metasploit has?
Did you know: There are payloads in Metasploit that lead you to an awesome shell- meterpreter. Why is it awesome? It includes some savage commands (for webcam access, keylogger and other supercool stuff)
You could use this payload for instance: windows/meterpreter/reverse_tcp
Fun task for you: Try this on a target and and use all the commands. And tell us in the comments below which one’s your favourite.
3. To see all active sessions: sessions
Last but not the least,
Use this command to interact with a session: sessions -i session_id
Pro tip: Keep your beast updated!
Command: root:/# apt update; apt install metasploit-framework
We are confident that now you can use this ultimate hacking tool at your disposal to break into vulnerabilities and drop payloads and also do some other awesome stuff. We encourage you to ask questions in the comments below. You can also join our forum to connect with people and get your hacking queries cleared.
Read more. Know more. Grow more.