Introduction To Metasploit – The Ultimate Hacking Tool!!! – Part 1

Pratik Patel

Dec 19, 2022

3 Min

TABLE OF CONTENTS

  1. Introduction
  2. What can we achieve with Metasploit?
  3. Modules
  4. MSFCONSOLE (Metasploit Framework Console)

Introduction

The Metasploit Framework (MSF) is far more than just a collection of exploits.

The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. It is a powerful open-source framework for exploit development and penetration testing.

The Hackers Community and Cyber Security Professionals love the Metasploit Framework due to it’s ease of use and customization options. Yes, Even you can create modules as per your requirements.

What can we achieve with Metasploit?

  • Test security vulnerabilities
  • Enumerate networks
  • Execute attacks
  • Evade detection and much more…

Modules

I Don’t Understand Command XYZ, What Should I Do?

To understand the working of Metasploit, a degree of pre-requisite knowledge is required for the students. You’ll need to focus on Research and Self-learning. Cyber security is ever-learning field where LEARNING and RESEARCHING are constant. You’ll need to keep yourself engaged in R&D to be relevant for the current trends.

Almost all of your interactions with Metasploit would be via its modules. Metasploit modules are divided into 5 categories according to their functionalities.

  • Auxiliary
  • Exploits
  • Payloads
  • Encoders
  • Nops

Auxiliary – can be used to perform arbitrary actions that may not be directly related to exploitation. It includes port scanners, fuzzers, sniffers, and more.

Exploits – An exploit executes a sequence of commands that target a specific vulnerability found in a system.

Payloads – consist of code that runs remotely to establish a connection with the victim.

singles stagers stages

Encoders – ensures that payloads make it to their destination intact and doesn’t get blocked by antiviruses.

cmd generic mipsbe mipsle php ppc ruby sparc x64 x86

Nops – keep the payload sizes consistent across exploit attempts. aarch64

armle mipsbe php ppc sparc tty x64 x86

MSFCONSOLE (Metasploit Framework Console)

MSFCONSOLE (Metasploit Framework Console)

Most popular interface to the Metasploit Framework (MSF)

Centralized console that allows you efficient access virtually to all of the options available in the MSF.

root@kali:# msfconsole

For example, here a popular SMB related vulnerability is exploited using Metasploit. I’ve used a vulnerable VirtualBox Machine to exploit the vulnerability.

Let’s first define the module we are going to use and then set required options for the exploit.

Here,

RHOST is Remote Host (Target IP)

PAYLOAD is the payload that is used for creating malicious commands.

LHOST is Listener Host (Attacker IP)

LPORT is Listener Port (Attacker PORT)

SMBUSER and SMBPASS is optional data we want to enter to execute the exploit.

exploit or run is a command to execute the module.

And Done!! Just as simple as that You’ve taken over the vulnerable windows machine using SMB PSexec exploit module of the Metasploit.

Hope you got a little understanding regarding metasploit. In learning how to use Metasploit, some prerequisite knowledge is expected. If you find some difficulties understanding some topic, I recommend you to engage in self research and finding solutions by yourself. You can reach out to me via my LinkedIn. I’ll be back with  some advanced usage of Metasploit.

Peace Out!

Pratik Patel
Pratik PatelSecurity Consultant
linkedin

Pratik Patel, 4 years in Offensive Cyber Security at Certbar. CEH certified, excelling in Network VAPT and Web/Android Application VAPT, ensuring robust cybersecurity.

Share