MetaSploit tutorial for beginners

MetaSploit tutorial for beginners

MetaSploit tutorial for beginners

This MetaSploit tutorial for beginners is to be a starting guide for how to use MetaSploit. It assumes that you already have MetaSploit installed, or that you are running Kali / backtrack Linux.

References used:
https://www.hackthis.co.uk/articles/a-beginners-guide-to-metasploit

http://www.offensive-security.com/metasploit-unleashed/Using_Exploits

http://www.offensive-security.com/metasploit-unleashed/Msfconsole_Commands

The basic concept of how to use MetaSploit:
– Run msfconsole
– Identify a remote host
– Pick a vulnerability and use an exploit
– Configure the exploit
– Execute the payload against the remote host

Once you have mastered this pattern, you can do most things within Metasploit. As this is a MetaSploit tutorial for beginners, I’ll walk you through the steps.

Start the database service

In Kali Linux Terminal:


service postgreqsl start
msfconsole

or using the menus:

Exploitation tools > Metasploit

You will meet with the following:

MetaSploit tutorial for beginners

This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.

Getting help

MetaSploit has lots of great documentation built in. Type help to get a basic list of commands.

help show

Will give you the help section for the show command.

help search

Will give you the help section for the search command.

If you get the error ‘Database not connected or cache not built’ use ‘db_status’ to see if the database connected. if not, start the database (instructions above) and re-start msfconsole. If ‘db_status’ reports ‘connected’ then run the ‘db_rebuild_cache’ command to rebuild your database cache.

Identify a remote host

You can run nmap inside msfconsole and save its output into the MetaSploit database.

db_nmap -v -sV host_or_network_to_scan

MetaSploit tutorial for beginners

This is a handy way to get an initial list of hosts on your network. To show a list of all available port scanners:

search port-scan

More examples of port-scanning into the MetaSploit database are here:

To list all the hosts found by nmap:

hosts

To add these hosts to your list of remote targets

hosts -R

Pick a vulnerability and use an exploit

Once you know what your remote hosts system is (nmap, lynix, maltego, wp-scan, etc) you can pick an exploit to test. rapid7 have an easy way to find exploits. There is also a way to search within msfconsole for various exploits:


search type:exploit
search CVE-XXXX-XXXX
search cve:2014
search name:wordpress

See metasploit unleashed for more examples of the search command

metasploit tutorial for beginners

Once you have decided on an exploit to use, issue the following command into msfconsole:

use exploit/path/to/exploit_name

eg: use exploit/unix/webapp/php_wordpress_total_cache

From this point on, the available options change based on the exploit you are using, but you can get a list of the available options with:

show payloads

For a list of the available targets:

show targets

metasploit tutorial for beginners

Configure the exploit

In MetaSploit each exploit has a set of options to configure for your remote host:

show options

This gives a list. You need to set the options with ‘yes’ next to them.

set RHOST 192.168.0.15

If you issues the ‘hosts -R’ command then you will see that the remote hosts parameters are already filled in for you.

Execute the exploit against the remote host

run

or

exploit

If successful, you’ll know. If not, then try again with a different exploit ;)

MetaSploit tutorial for beginners

  • nutesh

    what if no hosts are detected???

  • siddhesh jadhav

    hey i am using kali 2.0 , I would like to use msf over wan or public domain . will you please suggest or make good article on it . thanks in advance

  • Anthony

    ok thank you so much for the help i just have one question how do i find the rports

  • Rio

    how do i know which exploit to grab?