Basic Metasploit Tutorial
In this Metasploit tutorial series, I’ll tell you all the about Metasploit from basic to advance. So, I request you to take the advantage as much as you can because this Metasploit tutorial series is going to be very interested. In this series, you will also get the knowledge of most of the Metasploit commands.
Metasploit Framework is a very famous widely used Penetration testing tool. Metasploit Framework is an open-source-penetration testing Platform which helps you to find and exploit different vulnerabilities. It was created by H.D. Moore in 2003 and On October 21, 2009, It was acquired by Rapid7(Security Company which provides Vulnerability Management).
Metasploit Framework is very helpful for security professionals to find, execute and fixing up the vulnerability. The main use of this tool to defend our systems by exploiting them and understanding about the vulnerability. I have already written a post on How To Hack Mobile Phone Using Kali Linux and How to Use Armitage? Armitage Tutorial To Perform Armitage Hack. You can read these posts also if you wanted to know how to exploit vulnerabilities on vulnerable systems.
Supported Operating Systems:
- Windows Server 2008, Sever 2012
- Windows 8.1, Windows 10
- Red Hat Enterprise Linux Server 5.10+, 6.5+, 7.1+
- Kali Linux 2.0 or Upper Version
- BOSS O.S
Basic Hardware Requirements:
- 2 GHz+ processor
- 1 GB RAM available
- 1 GB+ available disk space
Basics Of Metasploit Tutorial
Vulnerability: Vulnerability is the weakness of the system by using that vulnerability a malicious hacker can execute his malicious code on that vulnerable system an gain access to the system using the vulnerability.
Exploit: When a malicious hacker takes advantage of the vulnerability and exploit that vulnerability for gaining unauthorized access to the vulnerable system or privilege escalation. Exploit is the code by which hacker is gaining is able to exploit the system.
Payload: A payload is a type of file which contains viruses, worms, trojan etc. which is sent by the hacker to exploiting the target through the vulnerability present on it. It can perform several tasks like spying, keylogging, encrypting data, locking data etc.
Auxiliary: These are the modules which are present on the database of the Metasploit framework to perform sniffing, fuzzing etc. These are very useful for scanning.
Encoder: Encoders are used in the Metasploit framework to encrypting a payload.
Post: Post modules that can be run on the compromised targets to gather evidence, pivot deeper into the network and much more.
Nops: These are used to keep the size of the payload consistent in exploit attempts.
Some Basic Metasploit Commands
This command is used to call the Metasploit framework. It has a great look and also its functionality is too good. This is one of my favorite tools.
You can see where it has
- 1749 exploits
- 1002 auxiliary
- 302 post
- 536 payloads
- 40 encoders
- 10 nops
in its database.
To exit the Metasploit Framework.
Change the display banner of Metasploit.
msf > ? / help
You can use any of them ‘?‘ and ‘help‘ to see all the basic commands with its explanation.
msf > show exploits
This will show you all 1749 exploits which are present in its database. These are arranged in the alphabetical orders. This will display you the date of the creation with its working condition.
msf > show payloads
This will show you all 536 payloads which are present on the Metasploit Framework. You can use them according to your need.
msf > show auxiliary
This will show you all 1002 auxiliary to perform scanning, fuzzing, denial of service etc.
msf > show post
To see the list of all post modules.
msf > show encoders
This will also show the modules of encoders. Encoders are very helpful to make the payload protected from the target firewalls, anti-viruses.
msf > show nops
This will display the nops modules.
If you like this post and gain some basic knowledge of Metasploit tutorial then please like this post and share with your friends and if you have any doubts regarding the Metasploit tutorial series. You can contact us by commenting below.