Ready to Start Your Career?

[Part 1]$~Metasploit for Beginners

spiritedwolf 's profile image

By: spiritedwolf

March 23, 2017

[Image: hack-like-pro-metasploit-for-aspiring-ha...80x600.jpg][Image: sLMInEU.png]

Hello, everyone! Let me first introduce myself. My name is Spirited Wolf and I love to share my knowledge with everyone and anyone who needs it. You can contact me on Cybrary or on my Facebook. Now, let's get started.

What is Metasploit?

According to Wikipedia, it is: "The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development."

[Image: VfqUr28.png]

There are several interfaces for Metasploit available. The most popular are maintained by Rapid7 and Strategic Cyber LLC.

Metasploit Framework Edition

The free version. It contains a command line interface, third-party import, manual exploitation and manual brute forcing.

Metasploit Community Edition

In October 2011, Rapid7 released Metasploit Community Edition, a free, web-based user interface for Metasploit. Metasploit Community is based on the commercial functionality of the paid-for editions with a reduced set of features, including network discovery, module browsing, and manual exploitation. Metasploit Community is included in the main installer.

Metasploit Express 

In April 2010, Rapid7 released Metasploit Express, an open-core commercial edition for security teams who need to verify vulnerabilities. It offers a graphical user interface, integrates nmap for discovery, and adds smart brute forcing, as well as automated evidence collection.

Metasploit Pro 

In October 2010, Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers. Metasploit Pro adds onto Metasploit Express with features such as Quick Start Wizards/MetaModules, building and managing social engineering campaigns, web application testing, an advanced Pro Console, dynamic payloads for anti-virus evasion, integration with Nexpose for ad-hoc vulnerability scans, and VPN pivoting.

Armitage 

Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for shared sessions, data, and communication through a single Metasploit instance.

Cobalt Strike 

Cobalt Strike is a collection of threat emulation tools provided by Strategic Cyber LLC to work with the Metasploit Framework. Cobalt Strike includes all features of Armitage and adds post-exploitation tools in addition to report generation features.

HOW TO USE METASPLOIT?? 

First of all, let's start the Metasploit service.
Code:
applications > kali linux > system services > metasploit > start 
or
Code:
service metasploit start 
Run msfconsoleJust type msfconsole in your terminal
Code:
sudo msfconsole 
And then you will see something like this[Image: 8wDgOcs.png]

So, what is msfconsole?

->Msfconsole is the main interface to Metasploit. There are GUI interfaces (Armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Quote:
Note:-"Metasploit has lots of great documentation built in. Type help to get a basic list of commands."

If you want to check what commands you can use, then just type "help" or "?" <- question mark without the quotations.

Example::

Code:
msf > helpCore Commands=====================Command       Description-------       -----------?             Help menuadvanced      Displays advanced options for one or more modulesback          Move back from the current contextbanner        Display an awesome Metasploit bannercd            Change the current working directorycolor         Toggle colorconnect       Communicate with a hostedit          Edit the current module with $VISUAL or $EDITORexit          Exit the consoleget           Gets the value of a context-specific variablegetg          Gets the value of a global variablegrep          Grep the output of another commandhelp          Help menuinfo          Displays information about one or more modulesirb           Drop into irb scripting modejobs          Displays and manages jobskill          Kill a jobload          Load a framework pluginloadpath      Searches for and loads modules from a pathmakerc        Save commands entered since starts to a fileoptions       Displays global options or for one or more modulespushm         Pushes the active or list of modules onto the module stackquit          Exit the consolereload_all    Reloads all modules from all defined module pathsrename_job    Rename a jobresource      Run the commands stored in a fileroute         Route traffic through a sessionsave          Saves the active datastoressearch        Searches module names and descriptionssessions      Dump session listings and display information about sessionsset           Sets a context-specific variable to a valuesetg          Sets a global variable to a valueshow          Displays modules of a given type, or all modulessleep         Do nothing for the specified number of secondsspool         Write console output into a file as well the screenthreads       View and manipulate background threadsunload        Unload a framework pluginunset         Unsets one or more context-specific variablesunsetg        Unsets one or more global variablesuse           Selects a module by nameversion       Show the framework and console library version numbersDatabase Backend Commands========================================Command           Description-------           -----------creds             List all credentials in the databasedb_connect        Connect to an existing databasedb_disconnect     Disconnect from the current database instancedb_export         Export a file containing the contents of the databasedb_nmap           Executes nmap and records the output automaticallydb_rebuild_cache  Rebuilds the database-stored module cachedb_status         Show the current database statushosts             List all hosts in the databaseloot              List all loot in the databasenotes             List all notes in the databaseservices          List all services in the databasevulns             List all vulnerabilities in the databaseworkspace         Switch between database workspacesmsf >
[Image: JK3dNQa.png]Pick a vulnerability and use an exploit

->Once you know what your remote host's system is (nmap, lynix, maltego, wp-scan, etc) you can pick an exploit from Metasploit to test. rapid7 have an easy way to find exploits. There is also a way to search within msfconsole for various exploits:

Example::

Quote:
search type:exploit
Quote:
search name:xxxx
Quote:
search CVE-xxx-xxx
Quote:
search cve:2016 
Hope you liked my tutorial:-See you in my next tutorial, and if you want to check some of my other Metasploit tutorials then you can request more info in the comments, and/or check them on my channel.
Special thanks: CodeNinja, Th3_uNique,Bd_InjeCtor, Alteas, Repetence, Rootexploiter, IndiGear, Toni, msfanurag, msfsri, and KishanThanks ✌   
Schedule Demo
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry