Once you get to understand the concept and the clear structure it will be very easy. Metasploit framework also contains some great information gathering tools called auxiliary modules. Apart from the stability, another benefit of the msfconsole is the option to execute external commands like the ping command and the tab auto completion. There is also a graphical user interface available for Metasploit called Armitage. We will be looking at Armitage and how to use it instead of msfconsole in a later tutorial.
Basic Msfconsole commands Assuming you are on Kali Linux rolling edition we can start the Metasploit framework and msfconsole by clicking the Metasploit icon in the dock. The updates says that we should be expecting updates weekly ish. Running msfupdate might break your Metasploit installation. After running this command for this tutorial we ran into errors like: An error occurred while installing pg 0.
Make sure that gem install pg -v '0. This error had something to do with PostgreSQL and to fix this problem first try to run the following commands: Is your Metasploit installation broken after running an update and you need some help to fix it? Metasploit commands It would be a waste of time and outside the scope of this tutorial to explain every single Metasploit command in this tutorial.
We just want you to be up and running as soon as possible in Metasploit and therefore a basic knowledge of basics commands should be sufficient for the moment. You will learn a lot more about the advanced options along the way. Also, most command descriptions should be very clear about what the command exactly does and how to use it. For now we will be looking at the most used basic Metasploit commands in this tutorial like: There is also a comprehensive Metasploit documentation included with Metasploit which can be used to clarify anything.
The basics command consist of help, back, exit and info. Use, back and exit commands The use command in Metasploit is used to activate a particular module and changes the context of the msfconsole to that particular module. The exploit name will be mentioned in red on the command line as following: From here on we can retrieve information about this exploit, set the required exploit parameters and run it against a target.
If we want to leave the exploit context and switch back to the msfconsole we need to use the back command. The back command will take us back to the msfconsole in the general context. When there is an active exploit selected we can use the help command to get a list of exploit commands: Info command When an exploit is selected with the use command we can retrieve information like the name, platform, author, available targets and a lot more by using the info command. With this number of exploit the search function, and knowing how to use it, becomes very important.
The easiest way of using the search function is by issuing the command search followed by a search term, for example flash to search for exploits related to Flash player. By using the search command Metasploit will search for the given search term in the module names and description as following: As expected there are a lot of exploits related to the often vulnerable Flash player software. The usage of the search command with a keyword is pretty straight forward and displayed at the bottom of the help text.
Now we will be looking at how to show the exploit parameters and how to change them with the set command. We will also be looking at how to show the payloads, targets, advanced and evasion options. The help show command will display the available parameters for the show command: Show options The show options command will show you the available parameters for an exploit if used when the command line is in exploit context.