Part 1.1 - Introduction: Metasploit Course | Cybrary

Video Activity

Create Free Account

This video and the next provide an introduction to the Metasploit course taught by Dean Pompilio. The course is an introduction to pentesting based on the Metasploit framework from Rapid7. Dean lays out the fundamental components used in the course, where to obtain them, and how they should be configured. The components are Kali Linux available for...

Sign up with

Or

Already have an account? Sign In »

Time

5 hours 38 minutes

Difficulty

Intermediate

CEU/CPE

6

Create Free Account

This video and the next provide an introduction to the Metasploit course taught by Dean Pompilio. The course is an introduction to pentesting based on the Metasploit framework from Rapid7. Dean lays out the fundamental components used in the course, where to obtain them, and how they should be configured. The components are Kali Linux available for download from kali.org and Metaspoitable from Offensive Security.

00:04

Hello, everyone.

00:06

My name is Dean Pompilio

00:08

and we are about to embark on a medicinally adventure.

00:13

I got a bunch of great things I want to show all of you. We're gonna learn a lot of different techniques,

00:18

get to see a lot of different tools

00:20

and hopefully give you a chance to build up your pen testing confidence in your pen testing tool kit

00:28

to the point where you feel comfortable sitting down and going to work

00:32

right away.

00:34

All right, so where do we begin

00:38

that exploit?

00:40

This is a rapid seven product. Some of you may be familiar with the company.

00:44

They also make fantastic scanners like Next Pose.

00:50

And unfortunately, next Post is not

00:53

currently compatible with the version of Cali that I'm using for this course.

00:58

So if I decide to run it on a separate Windows VM later, maybe we'll we'll compare some scan results between next Pose and Ness's, for instance.

01:11

In any case, medicinally is the

01:15

the penetration testing framework that will be exploring. There's a lot of different

01:19

aspects to Mattis point.

01:22

Uh, as we can see, there is a free download,

01:26

and this is, uh,

01:26

basically the equivalent of what you get when you install Callie Lennox,

01:30

and we'll cover that just here in a minute.

01:34

But the one thing that you can get

01:38

and by downloading this

01:40

free version of Venice, Italy, is the Community Edition, which is a a Web based

01:47

interface from Menace Boy

01:49

and the Web is interfaces is pretty handy for a lot of different things.

01:55

We'll start out with the text based interface, but eventually we will work our way over to the

02:01

to the gooey.

02:02

We'll also explore Armitage,

02:06

which is another gooey interface that one's

02:08

actually older than the Web based interface, from from my own knowledge anyway.

02:15

So we'll try both of those. And then we'll also do a lot of work with the command line.

02:19

I personally prefer the command line. I think that

02:22

you can learn the tool much better, more thoroughly.

02:25

You can also understand a lower level how the different actions take place within the framework, and the interaction with the database is much more direct.

02:36

So we'll start there and then work our way up to some of the time saving futures of using the buoys.

02:43

Okay, so

02:44

I'm Drew Callie.

02:46

You'll notice I'm at callie dot or GE

02:50

This is the website where you can download your pen testing platform.

02:54

And what will we doing here in this next segment is going over the basic set up to get your

03:02

you're penetration testing lamp up and running.

03:06

So there's several components

03:07

which are required in order to make this,

03:10

uh,

03:13

course possible

03:15

when the first things you want to think about is

03:20

Vienna, where workstation

03:23

I have a work station, 12 pro, highly recommended. If you have the money to spend on a product like this, it's a huge

03:30

time saver. If you do a lot of work with virtual machines,

03:34

I'm not sure about the exact price because I've upgraded a few times, but I think it's about to 50 to 300 U. S. Dollars.

03:42

Otherwise, if you don't

03:43

have the funds to

03:46

or the need to use workstation pro,

03:49

you could always go to.

03:52

I was going to Vienna, where dot com

03:54

helps with your spell it right

03:55

and go to their download section,

03:59

and you'll notice that you have via more player.

04:06

Here it is.

04:11

So the more player is free,

04:14

which is nice,

04:15

and you can get this for Windows or or letting systems. As you can see,

04:20

uh,

04:21

and the player really does offer a similar

04:26

amount of functionality to work. Station some of the big differences our viewer player does not allow

04:31

you. Thio capture a snapshot. For instance,

04:35

there's a couple there

04:38

advanced features that the work station offers the ability to have all of your V EMS in a tabbed interface, for instance,

04:45

and just some other nice features. Be able to set up a Server

04:48

four via more clients to connect you.

04:50

We're not gonna really use any of those features to any of those futures, rather for this course.

04:56

But regardless, the more players here available. If you have another player that you like to use, you can certainly

05:02

trying to use the same V ems with that player of your choice. If you like

05:10

the Microsoft Hyper V player or

05:13

Virtual Box from Oracle, for instance, you might got to find ways to get this off of work.

05:17

But the classes designed around Vienna, where

05:20

Workstation

05:21

and Kelly Lennox and medicine portable,

05:26

so you might be wondering what menace plausible is.

05:29

I know I'm kind of jumping around here a little bit but

05:32

I think you'll agree that

05:34

unexplainable is a

05:39

fantastic resource.

05:42

We can see offensive security offers this,

05:46

and you can download it from a bunch of different places.

05:54

But the

05:57

you do have to register with Rapid seven's website nor to get medicine portable. And what this is is a virtual machine,

06:04

which has

06:05

intentional vulnerabilities.

06:09

And these vulnerabilities are due to things like lack of patching

06:12

or using software that has known bugs that just hasn't been removed or shut down.

06:19

There's several different ways to go about attacking this this virtual machine,

06:24

and I think that, uh,

06:27

if you can grab this V M in addition to the Cali VM, you should be able to replicate all of the labs that will be doing the demonstrations that I'll be doing throughout this course.

06:38

There are some basic things to think about.

06:40

For instance, let's go back to our Callie Lennox.

06:45

We can download

06:46

Callie lyrics from the Cali dot award website.

06:49

You'll notice we have several different versions here,

06:55

depending on if you have the aware workstation or via more player, you can download pre built

07:02

virtual machines that will work with those. Stop those piece of software.

07:08

I had a little trouble

07:10

with the latest version of Cali

07:12

downloading as a V M, where image.

07:16

But in any case, dollar, the Esso image is pretty straightforward.

07:21

So you simply download this, save it to a, uh,

07:27

a location of your choosing.

07:29

It's gonna cancel that since I don't need it.

07:31

And then you simply open up the image

07:35

in your view, more player or in via my workstation.

07:44

So going back to work station.

07:46

Once I have the so image downloaded, I just create a new virtual machine. This is similar if you have the aware player,

07:56

and then we just pointed to the ice. So image file wherever that ISS. So there's my Callie Lennox.

08:01

I so image.

08:09

So it'll take a moment to read the file.

08:11

All right tells me you cannot detect the operating system. That's fine.

08:16

If you're using the n word player

08:18

and you want to do the same operation, you basically go to file menu.

08:22

There should be an option there that says open or new, and you do the same thing. You point to the ice, so image

08:30

and we'll click next. This is a guest operating system of Lennox Debian 6 64 bit should do the job. You have a lot to choose from here,

08:39

but Callie Lennox is based on Debbie in

08:43

and, uh, six. Version 6 64 bit is the setting that I use with

08:48

with the last version.

08:50

So we'll go ahead and click next.

08:54

Don't call this, um,

08:56

callie test because I already have my Callie image, but we're gonna just kind of step through this a little bit. You can see what it looks like.

09:03

All right onto the disk size. The default comes up with 20 gig.

09:07

Uh, if you got the space

09:11

on your hard drive and recommend upping that to 30 you can also use the buttons here, if you like.

09:16

By 30. Gig is good, Because if you build a fully functional

09:20

pen testing

09:20

instance of Callie and you start adding more tools and have you got some databases with a bunch of your information besides congrats. Oh, it's better. Just plan ahead.

09:31

I always prefer to have my discus a single file. If you're moving v EMS around,

09:39

this is a little bit more convenient and depending on how you partition your disk or how you provision of this. Rather, you might have some different care considerations for how much space will eventually use. It will just change this to store the discus. A single file.

09:54

We're looking at a hardware noticed that the network setting is Nat.

10:01

This is important.

10:03

I met my settings for the V M right now,

10:05

if you, um

10:07

if you want to keep your

10:09

your pen testing VM

10:13

relatively safe from the network that you're on, you should at least be using Nat Mode.

10:16

This means that I'll be sharing my i p address of my host.

10:20

I am allowed to get out to the Internet from this V M.

10:24

But I'm just basically using different source sports when I'm a connection to the outside.

10:28

If you're concerned about complete isolation and complete privacy for doing your pen testing work

10:35

that you could go into host on Lee mode.

10:37

So when the VM boots, it will get an address that's local to your host

10:41

itself and cannot get to the outside network

10:46

for our purposes. We're going to use that because we wanna be able to get to the Internet. We want to be able to do certain things which require Internet access.

10:54

Oh, by the way,

10:54

I got a great T shirt on here. One shorter. One.

10:58

Hope you're having fun with cyber Eri.

11:01

I know what's out. It's a nice pleasure to be able to contribute to the videos. I know a lot of people really

11:07

are getting a lot of benefit from this.

Part 1.2 - Introduction

Part 2 - Kali Installation

Part 1 - Update Kali

Part 2 - Explore Metasploit Structure

Part 3 - Metasploit Database

This Metasploit tutorial will teach you to utilize the deep capabilities of Metasploit for penetration testing and help you to prepare to run vulnerability assessments for organizations of any size.

CEO of SteppingStone Solutions

CyDefe Assessment

This assessment is designed to validate students understanding of the Metasploit framework. These challenges will ...

Interview Mocha Test

One of the largest penetration tools out there, Metasploit is a penetration testing platform that ...

The Advanced Penetration Testing course teaches the cyber attack lifecycle from the perspective of an ...

15 CEU/CPE Hours Available

Certificate of Completion Offered