Tags

, , , , , ,

Important Note: The following is simply a reference. Readers are entirely responsible for understanding thoroughly the background, legal issues, risks and implications of launching a given exploit. Do not run Metasploit against anyone’s system without the express informed (and ideally written) consent of its owner.

1. Start Metasploit Framework (MSF) Console:
$ ./msfconsole

2. List available exploits and payloads:
msf > show exploits
msf > show payloads

3. Select exploit
msf > use (exploit name)

4. List available targets:
exploit > show targets

The output lists the discovered targets on the network as a menu. The value for selecting a target is the number next to its entry.

5. Select target:
exploit > set TARGET (target number)

6. Select payload
If the exploit was selected first, the ‘show payloads‘ command will list only the payloads that are compatible with the exploit, so it might be worth listing them again here.
exploit > show payloads
exploit > set payload (payload name)

7. Configure the exploit
exploit > show options

This will display the current setup for the exploit, which can aither be confirmed or modified. It’s important as the target address and port must be set, and it might be necessry to send the traffic through a proxy.

exploit > set RHOST 192.168.1.241
exploit > set RPORT 8080
exploit > set LHOST 192.168.1.244
exploit > set LPORT 4444

8. Run a vulnerability scan for the exploit
exploit > check

This will determine whether the target can be exploited using the loaded module.

9. Launch exploit
exploit > exploit

Other Metasploit features
The ‘show‘ command can be used in the following ways:
msf > show auxhiliary
msf > show exploits
msf > show payloads

Auxhiliary modules include extra features for vulnerability scanning, denial of service and other actions for testing security. These are best executed with the ‘run‘ command.

Users can search for vulnerabilities by MS and CVE reference numbers with the ‘search’ command, e.g.
msf > search (MS reference)

Connections can, in some cases, be established with a target without launching an exploit:
msf > connect (IP address) (port num)

Global variables can be set for a pen test using ‘setg‘.
msf > setg LHOST (IP address)
msf > setg RHOST (IP address)
msf > save

Advertisements