Metasploit project is an open-source penetration testing platform that enables you to find and exploit vulnerabilities. In 2003, H.D. Moore created metasploit as portable network tool. On October 21, 2009, the metasploit project was acquired Rapid7.
Metasploit project helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments. The metasploit project includes sub-project like Metasploit Framework and its commercial counterparts: Metasploit Pro, Express, Community, and Nexpose Ultimate.
Minimum System Requirements:
- 2 GHz+ Processor
- 4 GB RAM (8 GB recommended)
- 1 GB Disk space (50 GB recommended)
Supported Operating System:
- Windows Server 2008, Server 2012
- Windows 8.1, Windows 10
- Red Hat Enterprise Linux 5.10, 6.5, 7.1 or later
- Ubuntu Linux 14.04 or 16.04 LTS(recommended)
Required Browser version:
- Google Chrome(latest)
- Mozilla Firefox(latest)
- Microsoft internet explorer 11
Basic Terms of Metasploit
Vulnerability: A vulnerability is a weakness which can be exploited by an attacker to perform unauthorized actions with a computer system. Vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities.
Exploit: Exploit is a piece of code, or a chunk of data, or a sequence of commands that takes the advantage of a vulnerability present in a computer system to cause unintended behavior to occur on a computer system such as giving unauthorized access to a system or allowing privilege escalation.
Payload: The payload is the part of the private user text which could also contain malware such as worms or viruses which performs the malicious action; deleting data, sending spam or encrypting data.
Auxiliary: Auxiliaries are modules present in metasploit that are used to perform to scanning, sniffing, and fuzzing. Auxiliary modules are not useful to give you a shell, but they are extremely useful to brute force passwords or for scanning vulnerabilities.
Post: Post modules are used for post exploitation that is used on a compromised target machine to gather evidence or pivot deep within the network.
Encoders: Encoder module is used ensure the payload makes it to the destination.
Nops: Nops are used to keep the size of the payload consistent across exploit attempts.
Cheat sheet of Basic Commands
To start metasploit framework we type msfconsole on the terminal. We are greeted by a banner; it spawns a banner every time we start the msfconsole.
After starting metasploit framework, we can check for the basic commands by using “help” command.
msf > help
- ? / help: Display the summary of commands that can be used in msfconsole.
- banner: Change and display banner in msfconsole.
- cd: Change the current working directoy.
- color: Enable or disable color output of metasploit. It has 3 options “true”, “false” and auto.
- connect: netcat like function to connect to a host machine build into msfconsole.
- exit: Exit the metasploit console.
- get: Gets the value of a context-specific variable
- getg: Gets the value of global variable
- grep: It matches a given pattern from the output of another msfconsole command
- history: Shows command that are previously used in metasploit
- irb: Opens a live ruby interactive shell
- load: Loads a metasploit plugin
- quit: Exit the metasploit console
- route: It allows you to route sockets through a session or ‘comm’, providing basic pivoting capabilities
- save: This command allows you to save your current environment and settings
- sessions: This command allows you to list, interact, and kill spawned sessions
- set: This command allows you to configure Framework options and parameters for the current module that is selected on the console.
- setg: This command is used to set global variables within msfconsole
- sleep: Do nothing for the specified number of seconds
- spool: It allows a user to save the output of metasploit console to a specified file
- threads: View and manipulate background threads
- unload: unloads a previously loaded plugin and removes any extended commands
- unset: It removes a parameter previously configured with set
- unsetg: It removes a global variable inside msfconsole
- version: Show the framework and console library version numbers
- advanced: It is used to further fine tune a module, ‘show advanced’ displays more advanced option for a module.
- back: Once you have finished working with a particular module, or if you inadvertently select the wrong module, you can issue the back command to move out of the current context.
- info: It provides detailed information about a particular module including all options, targets, and other information.
- loadpath: It loads a third-part module tree for the path.
- options: It shows you the available parameters for an exploit.
- popm: It pops the pushed module from the top of the module stack.
- previous: It sets the previously loaded module as the current module.
- pushm: This command pushes the current module on to the stack.
- reload_all: It reloads all modules from all defined module paths.
- search: It searchers module names and descriptions
- show: This command displays modules of a given type, or display all modules.
- use: It is used to select a particular module.
- handler: It starts a payload handler in the background.
- Jobs: It is used to list jobs running in the background and terminate them.
- kill: It kills any running job.
- rename_job: It is used to rename a job
Resource Script Commands:
- makerc: It saves commands entered to a specified rc file.
- Resource: It runs all the command stored in the rc file.
- edit: This command is used to edit the current selected module.
- log: It displays framework.log starting from the bottom.
- reload_lib: This command is used to reload one or more library files from specified paths.
Database Backend Commands:
- db_connect: It is used to connect to an existing database.
- db_disconnect: It is used to disconnect from the current database instance.
- db_export: It is used to export a file containing the contents of the database.
- db_import: It is used to import a scan result result file.
- db_rebuild_cache: It is used to rebuild the database-stored module cache.
- db_status: It shows the name of the current connected database.
- hosts: It lists all hosts in the database.
- loot: It lists all loot in the database.
- notes: It lists all notes in the database.
- services: It lists all services in the database.
- vulns: It lists all vulnerabilities in the database.
- workspace: It helps switch between database workspaces.
To see all the payloads that are available on the metasploit framework we use command “show payloads”. It lists all the available payloads in alphabetic order.
msf > show payloads
To see all the exploits that are available on the metasploit framework we use command “show exploits”. It lists all the available payloads in alphabetic order and it also shows the date it was disclosed and the rank of the exploit ranging from “Excellent-average”.
msf > show exploits
To see the list of all the auxiliaries available in metasploit framework we can use command “show auxiliary”. As mentioned earlier, auxiliary modules include scanners, denial of service modules, fuzzers, and more.
msf > show auxiliary
To see the list of all the post exploitation modules available in metasploit framework we can use command “show post”. Post modules are used for post exploitation that is used on a compromised target machine to gather evidence or pivot deep within the network.
msf > show post
To see the list of all the encoders available in metasploit framework we can use command “show encoder”. These are used to obfuscate modules to avoid detection by a protection mechanism such as an antivirus or a firewall.
msf > show encoders
To see the list of all the nops available in metasploit framework we can use command “show nops”. They are used to keep the size of payload consistent across exploit attempts.
msf > show nops
Author: Shikha Prakash is a technical writer at hacking articles and cyber security enthusiast. Contact here.