Metasploit framework in kali linux

Metasploit Framework is one of the most powerful tools used for penetration testing. Metasploit framework is an open-source framework that gives public resource for testing security  

Vulnerabilities and developing scripts that allow a network administrator to penetrate into his own network to identify vulnerabilities.

The Metasploit framework makes hacking simple. It’s become a very crucial tool for many attackers and defenders. And Metasploit is very simple to use. Open Metasploit, pick a target, pick exploit, set payload, and type exploit.

To open Metasploit framework you have to type msfconsole  .

Modules

As you can see we have 7 modules in msfconsole.

You can see all 7 modules in kali by typing  cd /usr/share/metasploit-framework/modules/

  • Exploit: Exploit is a code that was developed to take advantage or “exploit”  a flaw or vulnerability in a system.

You can also go in exploit modules directory By typing

ls -l exploit

  • Auxiliary: Auxiliary modules are essentially used to cover the first stage of a penetration test—fingerprinting and vulnerability scanning. The Auxiliary module system includes the Scanner mixin, which makes it possible to write scanning modules that will target one host or a range of user-specified hosts.

You can also go in auxiliary modules directory By typing

ls -l auxiliarly

  • Post: Post modules are used after the exploitation of a system. These modules are often used after the system has been “owned” and has the  Meterpreter running on the system.

           You can also go in post modules directory By typing

 ls -l post

  • Payloads: simple scripts that the hackers utilize to interact with a hacked system. Using payloads, they can transfer data to a victim system

           You can also go in payload modules directory By typing

 ls -l payload

  • Encoders: The encoder modules are designed to re-encode payloads and exploits to enable them to get past security defense systems such as AV and IDS.

    You can also go in encorders modules directory By typing

ls -l endorders

  • Nops: NOP’s are essential for getting a system to run remote code after a buffer overflow exploit. These are often referred to as “NOP sleds”. These modules are used primarily to create NOP sleds.

           You can also go in nops modules directory By typing

 ls -l nops

  • Evasion: evasion module  gives Framework users the ability to generate evasive payloads without having to install external tools. It also provides a framework for developers to build their own evasive modules based on Metasploit’s research.

           You can also go in evasion modules directory By typing

ls -l evasion

How to use msfconsole

Lets assume we have metasploitable which is vulnerable to samba usermap

So first you have to find exploit which is related to samba usermap_script

To search exploit type search usermap

Now we the exploit, to use this exploit type

use exploit/multi/samba/usermap_script

after this we have to see options by typing options

as you can see in the above picture. We have 2 options 2 sets. To set these options you have to types

set RHOST 10.0.2.253  (victim ip address)

          and RPORT is already set

          after this just you have to type

exploit

Now you can see I have metasploitable shell.

By- Pankaj

Leave a Reply

Your email address will not be published. Required fields are marked *