In this article we will be talking about the very basics of Metasploit and the Metasploit commands used in the command line interface. At first the MSF console command line and the number of available commands might seem a lot and hard to understand and use, but don’t be intimidated by them. Once you get to understand the concept and the clear structure it will be very easy. If we put it all together the Metasploit framework consists of the core and base, a lot of exploits, payloads, modules (Ruby classes), plugin’s, scripts and multiple user interfaces. Metasploit framework also contains some great information gathering tools called auxiliary modules. Auxiliary modules can be used for port scanning, service identification, password sniffing and Windows patch enumeration. Metasploit is highly customizable for advanced users and can be customized the meet your custom needs by writing your own exploits, modules, plugin’s and scripts. If Metasploit doesn’t provide the information gathering module you need by default, than you can simply write it yourself.
The msfconsole is the user interface known to be the most stable interface and the one we will be working with throughout the Metasploit tutorials on Hacking Tutorials. Apart from the stability, another benefit of the msfconsole is the option to execute external commands like the ping command and the tab auto completion. There is also a graphical user interface available for Metasploit called Armitage. We will be looking at Armitage and how to use it instead of msfconsole in a later tutorial. Let’s continue this Metasploit commands tutorial with updating the Metasploit Framework if necessary and then switch to the msfconsole to see what commands are available to us.
Basic Msfconsole commands
Assuming you are on Kali Linux 2016 rolling edition we can start the Metasploit framework and msfconsole by clicking the Metasploit icon in the dock. This will start the PostgreSQL service and Metasploit service automatically.
Updating Metasploit with msfupdate
Let’s start with updating Metasploit by using the following command in a terminal session (not in msfconsole):
msfupdate
This command should update the Metasploit framework to the latest version. The updates says that we should be expecting updates weekly(ish). Beware: Running msfupdate might break your Metasploit installation. After running this command for this tutorial we ran into errors like:
An error occurred while installing pg (0.18.3), and Bundler cannot continue.
Make sure that gem install pg -v '0.18.3' succeeds before bundling.
This error had something to do with PostgreSQL and to fix this problem first try to run the following commands:
apt-get update
apt-get upgrade
apt-get dist-upgrade
This solved to problem on our side, it probably had something to do with an outdated version of a package. Is your Metasploit installation broken after running an update and you need some help to fix it? Use the comment function below and we’ll try to help you as best as we can. Let’s continue with the msfconsole.
Metasploit msfconsole
When Metasploit has booted and the msfconsole is available we can type ‘help’ to get an overview of the Metasploit core and backend commands with a description:
It would be a waste of time and outside the scope of this tutorial to explain every single Metasploit command in this tutorial. We just want you to be up and running as soon as possible in Metasploit and therefore a basic knowledge of basics commands should be sufficient for the moment. You will learn a lot more about the advanced options along the way. Also, most command descriptions should be very clear about what the command exactly does and how to use it. For now we will be looking at the most used basic Metasploit commands in this tutorial like:
Basic commands: search, use, back, help, info and exit.
Exploit commands: set to set variables and show to show the exploit options, targets, payloads, encoders, nops and the advanced and evasion options.
Exploit execution commands: run and exploit to run exploits against a target.
There is also a comprehensive Metasploit documentation included with Metasploit which can be used to clarify anything. Let’s have a look at the Metasploit commands.
Metasploit commands
We will go through the Metasploit basic commands quickly so we can get started with the fun part and learn how to use the exploits on a vulnerable machine like Metasploitable 2. The basics command consist of help, back, exit and info.
Use, back and exit commands
The use command in Metasploit is used to activate a particular module and changes the context of the msfconsole to that particular module.
The Flash exploit contains a total of 6 options from which only 2 are required:
Retries
SRVHOST (Required)
SRVPORT (Required)
SSL
SSLCert
URLPath
Note that the show options command is returning the current selected target below the module options. The default target is 0 which is Windows for the selected exploit.
Use the set command followed by the option name and the new value to change the default values:
Metasploit commands for exploit execution
When all the required options have been set for the exploit, including a payload and advanced settings like a NOP generator, evasion options and encoding, the exploit is ready to be executed. The exploit can be executed using two commands: run and exploit. Just type run or exploit in the msfconsole and the exploit will run.
This will conclude the Metasploit commands tutorial for now. If you have questions regarding any of the mentioned or non mentioned commands, please ask them using the comment functionality below this post. In the next Metasploit tutorial we will enumerating the Metasploitable 2 machine. After that we will be doing a vulnerability assessment with the gathered information.
Support Crack-Vault and help us keep providing free tools. Every donation counts!
(BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn
