Metasploit
Learn to use Metasploit, a tool to probe and exploit vulnerabilities on networks and servers.
Metasploit, an open-source pentesting framework, is a powerful tool utilized by security engineers around the world. Maintained by Rapid 7, Metasploit is a collection of not only thoroughly tested exploits but also auxiliary and post-exploitation tools.
First things first, we need to initialize the database! Let’s do that now with the command: msfdb init
Before starting Metasploit, we can view some of the advanced options we can trigger for starting the console. Check these out now by using the command: msfconsole -h
After Metasploit has started, let’s go ahead and check that we’ve connected to the database. Do this now with the command: db_status
To view the help page type help or ?
Finding various modules we have at our disposal within Metasploit is one of the most common commands we will leverage in the framework. What is the base command we use for searching?
search
Once we’ve found the module we want to leverage, what command we use to select it as the active module?
use
How about if we want to view information about either a specific module or just the active one we have selected?
info
Metasploit has a built-in netcat-like function where we can make a quick connection with a host simply to verify that we can ‘talk’ to it. What command is this?
connect
We’ll revisit these next two commands shortly, however, they’re two of the most used commands within Metasploit. First, what command do we use to change the value of a variable?
set
Metasploit supports the use of global variables, something which is incredibly useful when you’re specifically focusing on a single box. What command changes the value of a variable globally?
setg
Now that we’ve learned how to change the value of variables, how do we view them? There are technically several answers to this question, however, I’m looking for a specific three-letter command which is used to view the value of single variables.
get
If you want to build metasploit modules you can check new exploits that arrive on exploit-db website. It is a great way of learning programming.
How about changing the value of a variable to null/no value?
unset
When performing a penetration test it’s quite common to record your screen either for further review or for providing evidence of any actions taken. This is often coupled with the collection of console output to a file as it can be incredibly useful to grep for different pieces of information output to the screen. What command can we use to set our console output to save to a file?
spool
Leaving a Metasploit console running isn’t always convenient and it can be helpful to have all of our previously set values load when starting up Metasploit. What command can we use to store the settings/active datastores from Metasploit to a settings file? This will save within your msf4 (or msf5) directory and can be undone easily by simply removing the created settings file
save
Metasploit consists of six core modules that make up the bulk of the tools you will utilize within it. Let’s take a quick look through the various modules, their purposes, and some of the commands associated with modules.
Metasploit comes with a built-in way to run nmap and feed it’s results directly into our database. Example → using the command db_nmap -sV 10.10.211.196
One last thing, try the command vulns now. This won't show much at the current moment, however, it's worth noting that Metasploit will keep track of discovered vulnerabilities. One of the many ways the database can be leveraged quickly and powerfully.
LHOST refers to the IP of your machine, which is usually used to create a reverse connection to your machine after the attack succeeds. RHOST refers to the IP address of the target host.
Let’s go ahead and figure out the privileges of our current user, what command do we run?
getprivs
What command do we run to transfer files to our victim computer?
upload
How about if we want to run a Metasploit module?
run
