From today we will start writing the Metasploit Tutorial Series, I will try to include all the best methods and techniques from basics to the most advanced ones and explain them step by step.
What is Metasploit?
Metasploit was created by H. D. Moore in 2003 as a simple network tool, years later, in 2009 Metasploit was rewritten completely, while currently is maintained and updated by “Rapid7”, a professional security company and is used for hacking into computer systems and penetration testing.
Metasploit works using its six modules: exploits, payloads, post, nops, auxiliary and encoders, currently contains over 1700 exploits and more than 500 payloads which can be used to attack various platforms, this makes it one of most powerful hacking platforms in the world!
First of all, you should understand: what are exploits, payloads and how they work together.
The Answer: We have different types of payloads like reverse or bind shells which can be used to perform various attacks on target computer, so payload is the code that will be executed to target computer, but this code needs a way or a door to go through (vulnerability), by default all platforms try to block every door for such codes that could take control over their platforms, and this is what exploit does, it enables us to execute payload code into target computers through platforms vulnerabilities.
And we should know about other modules & how they work.
Post – After exploiting your target computer, post module will enable you to gain more information about the target, for example, we can show target: computer name, operating system, running processes, browser history, screenshots of the current display, if it’s a virutal or physical computer, etc.
Nops – it pads a payload to a pre-determined buffer size with essentially the assembly version of a non-breaking space; there’s something there, and the processor reads it, but it does absolutely nothing with it.
Nops are short for No OPerationS. It means “do nothing”. And it’s very important in creating a buffer overflow. In buffer overflows it is used to allocate a lot of space before the payload itself, to allow for a reliable return address in memory (instead of knowing the exact location of the start of the payload).
Auxiliary – includes many inner modules such as port scanners, fuzzers, crawlers, sniffers, ddos (denial of service attack) modules, etc.
Encoders – using these modules we will be able to encode our payload in order to pass antivirus scans and other security devices.
How to download & install Metasploit Framework?
If you are using Kali Linux, Metasploit is included there and you can skip this part of installation instructions, but if you’re using other versions of Linux or Mac OS and Windows (*we do not recommend using Metasploit in Windows, many features will not work because of compatibility), you can download Metasploit from official Rapid7 website: https://www.rapid7.com/products/metasploit/download/editions/
There are many versions of Metasploit, free and paid, we’re going to use “Metasploit Community” which is free for our tutorial series, click “Free Download” inside “Community” tab and proceed to next page where you can select your operating system.
Run installer wizard by double clicking downloaded file and continue installing like any other software.
*Don’t forget to configure your antivirus to ignore Metasploit installation folder.
How to use Metasploit?
Now that we have installed Metasploit, we will explain how to use it.
Metasploit can be used through: command line interface (msfconsole), graphical interface (armitage) and web interface (websploit, paid version), we will use msfconsole (command line interface) during our Metasploit Tutorial Series.
To start using Metasploit you should be familiar with basic commands: show, search, use, exit, help & back.
Everything starts by finding the module you need to perform an attack.
Type msf > show -h command below to see options of “show” command.
As we can see, using “show” command, we can show all modules we mentioned before in this tutorial, let’s try to show all exploits, type: msf > show exploits.
This way we can show all other modules such as: payloads, encoders, nops, etc.
Module list may be too large to find our needed exploit or payload, we can use Search command to simplify this process, type: msf > search -h to see search options.
Let’s try to search all exploits for “Windows” platform, type: msf > search type:exploits platform:windows.
Now that we have found needed exploit, type: msf > use [exploit name], to start using exploit, example: msf > use exploit/firefox/local/exec_shellcode.
Once we start using, we can show this exploit info & options by typing: info & show options, also we can go back by typing: back.
Now that we have found our needed exploit, we need to show eligible payloads for this exploit, this can be done by typing: show payloads, inside use [exploit name], like we did in image below.
To select a certain payload you need to use the set command followed by the payload name, example:
set payload cmd/unix/bind_awk.
Once all required options have been set, like: payload, encoding, nop generator, etc, exploit is ready and can be executed using: run or exploit commands.
There are many other advanced options that can be set for certain exploit, we will try to explain as much as we can in next tutorial series.
This was “What is Metasploit and how to use it” tutorial, thanks for reading. If you have any question or suggestion please feel free to leave your feedback below.