Using the Metasploit Framework

Introduction

Welcome to the Using the Metasploit Framework Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

• Exercise 1 - Using the Metasploit Framework
• Exercise 2 - Setting Module Options
• Exercise 3 - Using Payloads
• Exercise 4 - Creating Standalone Payloads with Msfvenom

After completing this lab, you will be able to:

• Switch Off the Windows Firewall on PLABWIN810
• Start Metasploit
• Find Metasploit Modules
• Use the Modules Database
• Set Module Options
• Find Compatible Payloads
• Explain the types of Shell Targets
• Choose a Payload
• Share the Payload with the Victim
• Use the Multi/handler Module and Exploit the System

Exam Objectives

The following exam objectives are covered in this lab:

• PT0-001: 4.2 Compare and contrast various use cases of tools
• PT0-001: 2.1 Given a scenario, conduct information gathering using appropriate techniques

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1- Using the Metasploit Framework

Metasploit framework is the most widely used tool in exploiting vulnerabilities. A free edition is available in Kali Linux. Metasploit has a modular and flexible architecture that helps you develop new exploits as more and more vulnerabilities are discovered. On the other hand, it is also used in penetration testing.

You can use the Metasploit framework with or without a database. If you configure it with the database, then Metasploit will be able to track what you do within the framework.

In this exercise, you will learn about using the Metasploit framework.

Learning Outcomes

After completing this exercise, you will be able to:

• Switch Off the Windows Firewall on PLABWIN810
• Start Metasploit
• Find Metasploit Modules
• Use the Modules Database

Exercise 2 - Setting the Module Options

The resources that should be made available to the pentester are dependent on the scope of penetration testing. There can be a variety of resources that can be made available to the pentester if they fit into the scope of penetration testing.

In this exercise, you will learn about penetration testing resources and requirements.

Learning Outcomes

After completing this exercise, you will be able to:

• Set the Module Options

Exercise 3 - Using Payloads

After the exploit executes on the target, you need to tell it the action it needs to perform. This is done by loading the payload, which is designed to perform specific tasks.

In this exercise, you will learn about using payloads.

Learning Outcomes

After completing this exercise, you will be able to:

• Find Compatible Payloads
• Explain the Types of Shells

Exercise 4 - Creating Standalone Payloads with Msfvenom

Msfvenom is a combination of two different tools, Msfpayload and Msfencode, which are part of Kali Linux. The functionality of both the tools was later combined into this single tool named Msfvenom. However, both the tools, Msfpayload, and Msfencode, still exist in Kali Linux as independent tools. Msfvenom is designed to create standalone payloads.

To use this tool, you do not need to invoke the Metasploit framework, and it can work directly from the command prompt in Kali Linux.

In this exercise, you will learn about creating standalone payloads with Msfvenom.

Learning Outcomes

After completing this exercise, you will be able to:

• Choose a Payload
• Share the Payload with the Victim
• Use the Multi/handler Module and Exploit the System