Tutorials | Challenges | Tools | Downloads | Resources | Documentaries

How To Use Metasploit Framework (msfconsole)

msfconsole

Metasploit is the world's most used penetration testing software, which is avaliable on both Linux and Windows. Always download Metasploit (msf) from the offical website at metasploit.com
This tutorial is based on the Kali Linux version.

Fisrt we need to start the service postgresql and then initialise the Metasploit database:

sudo service postgresql start && sudo msfdb init

Once that has been done, msf will respond must quicker and not need to rely on "slow search" to find your search query. From here we can type msfconsole

We are now greeted by the msf banner:

msfconsole





We can type 'help' to see the list of commands used in msf. For now, we are just going to use a few of those Database Backend Commands.

msfconsole database


 Occasionally, even though we have already initialised the msfdb, msf will still use "slow search". This is because the db cache needs to be rebuilt, which can be solved by typing db_rebuild_cache.

We should consider making a workspace that saves our work and keeps it separate from other workspaces. By default msf uses the 'default' workspace every time it's opened. We'll create a new one and name it anything we like:
workspace -a hackingblog
msfconsole


Scanning a target with Nmap is our next step. We can do a scan directly from msf:
db_nmap  192.168.1.101
msfconsole


 However, for a better result, it's recommended to do the scan outside of msf then import it. Let's do the same basic scan and save it as an xml file that can be imported. In a separate terminal, we type:
 nmap 192.168.1.101 -oX scan.xml
Now we use db_import to add our scan into the workspace.

db_import scan.xml
Once successfully done, we can type hosts to show the information of our target(s). As we are going to be using our target's IP address for every msf modules, we can type hosts -R which saves us from having to keep specifying it.

We saw from our scan results that our target is using an FTP service called vsftpd 2.3.4 Let's find out of there's an exploit for it.

search vsftpd 2.3.4
msfconsole


 Let's use this exploit:

use exploit/unix/ftp/vsftpd_234_backdoor 
Every modules requires specific information. By typing show options we'll see what is needed. Once the fields are complete, we start the exploit by typing run or exploit.

Every vulnerability has a CVE number that can be searched for in the msfdb.
For example the well-known heartbleed vulnerability can be found via it's CVE number: 2014-0160
We make this search by typing:
search cve:2014-0160
The results are shown as follows:
msfconsole



 There are also other useful ways to search the msfdb. If we want to see all the names that contain WordPress, we can type:
search name:wordpress
Furthermore, we can narrow down the results and show only the auxiliary modules for WordPress:

search type:auxiliary wordpress

msfconsole




Using search filters makes it easier to find what you are looking for, and to prevent being overloaded with results.

We can use spool to keep and save a log of everything we are doing in our msf session. This is a good way to remind ourselves of every module we have previously tried. This can be done at any time during our session.


spool hackingblog.txt
To read the contents, we type:

cat hackingblog.txt
Everthing that we typed during our msf session will appear in the opened terminal window.

msfconsole

Labels:
Reactions:

Post a Comment

[blogger]

GrayHatHackers

{twitter https://twitter.com/ghhackers}

Contact Form

Name

Email *

Message *

Powered by Blogger.
Javascript DisablePlease Enable Javascript To See All Widget