5 Best Elements to Explore with Metasploit Basics |
In this security article, I’ll define the framework of Metasploit.
We’ll cover following topics (there are many more of them and we’ll cover them in my next article):
- What is Metasploit?
- What Can We Do with It?
- Understanding Metasploit
- CLI Commands and Exploit Attacks
- Armitage
1. What is Metasploit?
Metasploit is software that works with hardware to find additional vulnerabilities and aids in figuring out the kinds of machines our victim/target is using (to attack it better or to defend it better). We must know what they’re using to know we’re suppose to do. Metasploit facilitates our work with such features as CLI (Command Line) and offers a GUI (Graphics User Interface i.e. Armitage)
2. What Can We Do with It?
Metasploit exploits can be developed and Metasploit can be extended. The tool comes with various types of exploits for different OS’s (MAC, Linux, Windows, and more). Different kinds of exploits can create different kinds of noise.
Metasploit can be run in:
msfconsole
(CLI) and
armitage
(GUI)
Normally, Windows can be exploited with SMBA and we’ll talk about that next. These exploits include unnecessary opened ports or backdoors, pass the hash and other methods.
rdesktop
( remote desktop ) windows information / data transfer and many more.
Metasploit comes with SET (Social Engineering Toolkit). The Social Engineering Toolkit incorporates many useful social engineering attacks, all in one interface. The main purpose of SET is to automate and improve on many of the social engineering attacks out there. It can automatically generate exploit-hiding web pages and email messages. It can use Metasploit payloads and do other multiple tasks that we’ll highlight next.
3. Understanding Metasploit
There are some small things we should know before getting started to Metasploit, including:
- postgre SQL
- Metasploit local service
- Configuration and uses
- exploits
We discussed how Metasploit can be started both ways (CLI & GUI). Before Metasploit starts, we need to start these maintained services and load our configuration and exploits. The services can be started by typing in a terminal:
service postgresql start
and Metasploit can be started by typing service metasploit start
Note: Let them run in that window and open new window for the Metasploit console. Clicking on the terminal will open new instance and type ‘msfconsole’ to open.
4. CLI
After we started the services and run the console, we have a list of default exploits to use. Regarding SET, it also contains many methods to take over several items including tab nabbing, site cloning, key tracing, etc. I’ll clarify them in detail in next part.
Commands
To get started, we need to stick with commands in the command line interface. To select targets and fix ports, the rport, rhost commands are used. We can see our target configurations by typing
show options
– this will give you information about your configuration and attack progress.
Note: All of images are not mine; some are placed to help you understand more clearly.
We can set our rhost by typing
set RHOST 192.168.xx.xx (anything )
in the terminal. In the same way, we can set our rport.
After setting the target we may see attack vector information by again typing “show options” we can search and check exploits by typing “search this ( write exploit name )” and can use that exploit by typing “use (this exploit name)” for example
Practically, we have Windows XP here and port 445 is open. We can use an SMBA exploit for Windows XP to remote desktop and takeover everything there with LAN or IP. We can do this both ways…
We can check whether our exploit can be implemented or not by typing
Check (this exploit name).
If the result is positive, we can exploit it by typing exploit
and access our target.
5. Armitage
Armitage is a GUI version of the Metasploit framework. We can check almost every kind of attack available just by clicking. Armitage is build on Java and it’s a bit slower then CLI. Adding host and configuration info is just a matter of clicking.
We can figure out what OS is running and can exploit it co-correspondingly.
In the next chapter, we’ll learn:
- SMB Exploitations
- Custom Exploits
- Passing the Hash
- Payloads
- Meterpreter
Metasploit Basics
metasploit basics tutorial
metasploit basics pdf
metasploit framework basics
metasploit tutorial console
metasploit community tutorial
metasploit complete tutorial pdf
metasploit complete tutorial
metasploit kali tutorial
metasploit cydia tutorial
metasploit.com tutorial
basics of metasploit
metasploit basic tutorial pdf
metasploit beginners tutorial
metasploit basic command tutorial
metasploit tutorial for beginners
metasploit framework tutorial basics
metasploit tutorial pdf
metasploit tutorial pdf download
tutorial metasploit pdf español
metasploit tutorial deutsch pdf
metasploit tutorial español pdf
metasploit tutorial pdf free
metasploit tutorial filetype pdf
metasploit tutorial pdf free download
metasploit tutorial francais pdf
metasploit tutorial fr pdf
metasploit tutorial in pdf
metasploit tutorial kali pdf
metasploit tutorial portugues pdf
metasploit tutorial windows pdf
metasploit framework tutorials
metasploit framework examples
metasploit framework introduction
metasploit framework for beginners
metasploit console commands
metasploit pro console tutorial
metasploit framework console tutorial
Would love to here from you...