MetaSploit tutorial for beginners

MetaSploit tutorial for beginners

This MetaSploit tutorial for beginners is meant to be a starting guide on how to use MetaSploit if you have never used it before. It assumes that you already have MetaSploit installed and that it works, or that you are running Kali / other pen testing distro of linux (eg Parrot or BlackArch).

Metasploit history

Metasploit was created by H. D. Moore in 2003 as a portable network tool using Perl.

Metasploit 3.0 began to include fuzzing tools, used to discover software vulnerabilities, rather than just exploits for known bugs. This avenue can be seen with the integration of the lorcon wireless (802.11) toolset into Metasploit 3.0 in November 2006.

By 2007, the Metasploit Framework had been completely rewritten in ruby.

On October 21, 2009, the Metasploit Project announced that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.

Metasploit 4.0 was released in August 2011

Metasploit Framework is opensource and you can view their code repo here: https://github.com/rapid7/metasploit-framework

Using Metasploit

The basic concept you need to use in order to know how to use MetaSploit is pretty easy when you have used the tool a few times and is as follows:
– Run msfconsole in your terminal
– Identify a remote host and add to the metasploit database
– Identify a vulnerability in the remote host that you wish to exploit
– Configure the payload to exploit the vulnerability in the remote host
– Execute the payload against the remote host

Once you have practiced and mastered this pattern, you can perform most of the tasks within Metasploit. As this is a MetaSploit tutorial for beginners, I’ll walk you through the steps you need to know to scan your first machine.

If you enjoy this tutorial, please check out my metasploit tutorials below

Start the database service

In your favourite Kali Linux Terminal (I recommend terminator), run the following command to start up a database server on your machine. This database is used to store all your results (so that you can come back to them later on, or share the database with others if working on a team)

MetaSploit tutorial for beginners
sudo systemctl start postgresql

If this is the first time you are running metasploit, then you will need to run the following command to create a database schema

MetaSploit tutorial for beginners
sudo msfdb init

You can now start metasploit using the msfconsole command from the terminal

MetaSploit tutorial for beginners
msfconsole

Or using the kali linux menu system you will find it under “Exploitation tools > metasploit framework”

MetaSploit tutorial for beginners

Starting Metasploit Video Clip

Once Metasploit has loaded you will meet with the following prompt in your terminal – the splash screens are random, so don’t worry if yours looks different:

MetaSploit tutorial for beginners
MetaSploit tutorial for beginners

This is msfconsole. Msfconsole is the main command line interface to MetaSploit. There are other interfaces available – GUI interfaces (armitage), and a web interface too (websploit). With msfconsole you can launch exploits, create listeners, configure payloads etc.

Getting help in metasploit

MetaSploit has lots of great documentation built in. You can access this documentation if you type help to get a basic list of commands.

help show
MetaSploit tutorial for beginners

help show will give you the help section for the show command. You can then pass additional queries, such as show exploits

Getting help inside MetaSploit Video clip
help search
MetaSploit tutorial for beginners

help search will give you the help section for the search command

To show a list of all available port scanners:

search portscan

More examples of port-scanning remote machines and saving the output into the metasploit database are here

There is also a way to search within msfconsole for various exploits:

MetaSploit tutorial for beginners
MetaSploit tutorial for beginners
MetaSploit tutorial for beginners

See metasploit unleashed for more examples of the search command

Identify a remote host – run an nmap scan inside metasploit

You can now run an nmap scan from inside msfconsole and save the output into the MetaSploit database.

db_nmap -v -sV host_or_network_to_scan[eg 192.168.0.0/24]

Running an NMAP scan inside Metasploit Video Clip

This is a handy way to get an initial list of remote hosts on your network. I have some other tips in this linux commands for networking article.

To list all the remote hosts found by your nmap scan:

MetaSploit tutorial for beginners
hosts

To add these hosts to your list of remote targets

hosts -R

MetaSploit tutorial for beginners – Pick a vulnerability and use an exploit

Once you have performed an operating system fingerprint (or you have identified the application running on the remote host, eg by imporing nessus results into metasploit) and know what your remote hosts operating system is (using nmap, lynix, maltego, wp-scan, etc) you can pick an exploit to test. rapid7 have an easy way to find exploits. There is also a way to search within msfconsole for various exploits:

MetaSploit tutorial for beginners

See metasploit unleashed for more examples of the search command

MetaSploit tutorial for beginners
MetaSploit tutorial for beginners

Once you have found a suitable exploit to use against the vulnerability in the remote host, issue the following command into msfconsole:

use exploit/path/to/exploit_name

eg: use exploit/unix/webapp/php_wordpress_total_cache

From this point on, the available options change based on the exploit you are using, but you can get a list of the available options with:

show payloads
MetaSploit tutorial for beginners
Picking an exploit in metasploit

For a list of the available targets:

show targets

MetaSploit tutorial for beginners – Configure the exploit

In MetaSploit each exploit has a set of options to configure for your remote host:

show options

This gives a list. You need to set the options with ‘yes’ next to them in the ‘required’ column.

MetaSploit tutorial for beginners showing options

If you issue the ‘hosts -R’ command then you will see that the remote hosts parameters are already filled in for you.

Execute the exploit against the remote host

run

or

exploit

If metasploit is successful in exploiting the vulnerability, you will know – most likely it will pop a shell for you. If you don’t get a shell, then your exploit may not have worked – you may have to try a different exploit for the same vulnerability, or you may have to gain better information on your targets – perhaps you wrongly identified the version of the service.

Thats the very basics of using metasploit covered! I hope you enjoyed my basic metasploit tutorial for beginners.

If you enjoy this tutorial, please check out my metasploit tutorials below

References which I used to make this guide:
Kali Metasploit Guide
offensive security – metasploit unleashed – using exploits
offensive security – metasploit unleashed – msfconsole commands

This Post Has 10 Comments

  1. nutesh

    what if no hosts are detected???

    1. 312.

      Then nobody to run anything against to.

  2. siddhesh jadhav

    hey i am using kali 2.0 , I would like to use msf over wan or public domain . will you please suggest or make good article on it . thanks in advance

  3. Anthony

    ok thank you so much for the help i just have one question how do i find the rports

  4. Rio

    how do i know which exploit to grab?

  5. NE0

    typo on database start command, should be

    service postgresql start

      1. bon

        no, it’s not

        1. jonathan

          I had restored a previous revision and it reinstated the typo :)
          It should be good for now

Leave a Reply