MetaSploit tutorial for beginners

MetaSploit tutorial for beginners

This MetaSploit tutorial for beginners is to be a starting guide for how to use MetaSploit. It assumes that you already have MetaSploit installed, or that you are running Kali / backtrack Linux.

I also have a follow-up metasploit tutorial

The basic concept of how to use MetaSploit is as follows:
– Run msfconsole in your terminal
– Identify a remote host and add to the metasploit database
– Identify a vulnerability in the remote host that you wish to exploit
– Configure the payload to exploit the vulnerability in the remote host
– Execute the payload against the remote host

Once you have mastered this pattern, you can do most things within Metasploit. As this is a MetaSploit tutorial for beginners, I’ll walk you through the steps.

Start the database service

In Kali Linux Terminal:

# start the database server
service postgresql start # if this is the first time you are running metasploit, run the following: msfdb init # start metasploit using msfconsole msfconsole

or using the kali linux menu system:

Exploitation tools > Metasploit

You will meet with the following prompt in your terminal:

MetaSploit tutorial for beginners

This is msfconsole. Msfconsole is the main command line interface to MetaSploit. There are other interfaces available – GUI interfaces (armitage), and a web interface too (websploit). With msfconsole you can launch exploits, create listeners, configure payloads etc.

If you get the error ‘Database not connected or cache not built’ use ‘db_status’ to see if the metasploit database connected. if not, start the postgresql database (instructions above) and re-start msfconsole. If ‘db_status’ reports ‘connected’ then run the ‘db_rebuild_cache’ command to rebuild your metasploit database cache.

#rebuild the database caches
db_rebuild_cache

Getting help in metasploit

MetaSploit has lots of great documentation built in. Type help to get a basic list of commands.

help show

help show will give you the help section for the show command.

help search

help search will give you the help section for the search command.

Common Terms in metasploit

MetaSploit comes with its own terms (as everything does) 

LHOST: local host (the IP address of the local machine)
LPORT: local port (the port address of the local machine)
RHOST: remote host (the IP address of the remote machine)
RPORT: remote port (the port address of the remote machine)
Vulnerability: A known weakness in a remote system.
Exploit: The code used to leverage a vulnerability.
Payload: The code delivered after a vulnerability has been exploited.

Identifying remote hosts

You can run nmap inside msfconsole and save the output into the MetaSploit database.

db_nmap -v -sV host_or_network_to_scan[eg 192.168.0.0/24]

MetaSploit tutorial for beginners

This is a handy way to get an initial list of remote hosts on your network. I have some other tips in this linux commands for networking article.
To show a list of all available port scanners:

search port-scan

More examples of port-scanning remote machines and saving the output into the MetaSploit database are here:

To list all the remote hosts found by your nmap scan:

hosts

To add these hosts to your list of remote targets

hosts -R

Picking an exploit for a known vulnerability

Once you have performed an operating system fingerprint (or you have identified the application running on the remote host, eg by following my other metasploit tutorial or imporing nessus results into metasploit) and know what your remote hosts operating system is (using nmap, lynix, maltego, wp-scan, etc) you can pick an exploit to test. rapid7 have an easy way to find exploits. There is also a way to search within msfconsole for various exploits:

search type:exploit
search CVE-XXXX-XXXX
search cve:2014
search name:wordpress

See metasploit unleashed for more examples of the search command

metasploit tutorial for beginners

Once you have found a suitable exploit to use against the vulnerability in the remote host, issue the following command into msfconsole:

use exploit/path/to/exploit_name

eg: use exploit/unix/webapp/php_wordpress_total_cache

From this point on, the available options change based on the exploit you are using, but you can get a list of the available options with:

show payloads

For a list of the available targets:

show targets

metasploit tutorial for beginners

Configure the exploit

In MetaSploit each exploit has a set of options to configure for your remote host:

show options

This gives a list. You need to set the options with ‘yes’ next to them.

set RHOST 192.168.0.15

If you issue the ‘hosts -R’ command then you will see that the remote hosts parameters are already filled in for you.

LHOST: local host (the IP address of the local machine)
LPORT: local port (the port address of the local machine)
RHOST: remote host (the IP address of the remote machine)
RPORT: remote port (the port address of the remote machine)

Execute the exploit against the remote host

run

or

exploit

If metasploit is successful in exploiting the vulnerability, you will know. If not, then try again with a different exploit, or aim for an alternative vulnerability ;)