ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 4522

[Part 1]$~Metasploit for beginners

by spirited_wolf - 12-13-2016 - 09:05 AM
#1
[Image: sLMInEU.png]

So, Hello everyone let me first introduce myself. My name is Spirited wolf and now i'm 16 years old cool and po** lover guy. And i love to share my knowledge with everyone who really need it. The thing  that you just need to understand me is Brain.exe, you can contact me here on my Facebook.

So  my first question is what is metasploit?

On Wikipedia it is written that 
"The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

[Image: VfqUr28.png]
There are several interfaces for Metasploit available. The most popular are maintained by Rapid7 and Strategic Cyber LLC.

Metasploit Framework Edition
The free version. It contains a command line interface, third-party import, manual exploitation and manual brute forcing. 

Metasploit Community Edition
In October 2011, Rapid7 released Metasploit Community Edition, a free, web-based user interface for Metasploit. Metasploit Community is based on the commercial functionality of the paid-for editions with a reduced set of features, including network discovery, module browsing and manual exploitation. Metasploit Community is included in the main installer.

Metasploit Express 
In April 2010, Rapid7 released Metasploit Express, an open-core commercial edition for security teams who need to verify vulnerabilities. It offers a graphical user interface, integrates nmap for discovery, and adds smart bruteforcing as well as automated evidence collection.

Metasploit Pro 
In October 2010, Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers. Metasploit Pro adds onto Metasploit Express with features such as Quick Start Wizards/MetaModules, building and managing social engineering campaigns, web application testing, an advanced Pro Console, dynamic payloads for anti-virus evasion, integration with Nexpose for ad-hoc vulnerability scans, and VPN pivoting.

Armitage 
Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for shared sessions, data, and communication through a single Metasploit instance.

Cobalt Strike 
Cobalt Strike is a collection of threat emulation tools provided by Strategic Cyber LLC to work with the Metasploit Framework. Cobalt Strike includes all features of Armitage and adds post-exploitation tools, in addition to report generation features.

HOW TO USE METASPLOIT?? 


First of all start the metasploit service 
Code:
applications > kali linux > system services > metasploit > start 

or
Code:
service metasploit start 

Run msfconsole
just type msfconsole in your terminal 
Code:
sudo msfconsole 

and the you will see something like this


so, what is msfconsole?
->Msfconsole is the main interface to metasploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.
Quote:
Note:-"Metasploit has lots of great documentation built in. Type help to get a basic list of commands."

like if you wants to check what commands you can use then just type help or ? <- question mark 

Example::
Code:
[align=center]msf > help[/align]
[align=center][/align]
[align=center]Core Commands[/align]
[align=center]=====================[/align]
[align=center][/align]
[align=center]    Command       Description[/align]
[align=center]    -------       -----------[/align]
[align=center]    ?             Help menu[/align]
[align=center]    advanced      Displays advanced options for one or more modules[/align]
[align=center]    back          Move back from the current context[/align]
[align=center]    banner        Display an awesome metasploit banner[/align]
[align=center]    cd            Change the current working directory[/align]
[align=center]    color         Toggle color[/align]
[align=center]    connect       Communicate with a host[/align]
[align=center]    edit          Edit the current module with $VISUAL or $EDITOR[/align]
[align=center]    exit          Exit the console[/align]
[align=center]    get           Gets the value of a context-specific variable[/align]
[align=center]    getg          Gets the value of a global variable[/align]
[align=center]    grep          Grep the output of another command[/align]
[align=center]    help          Help menu[/align]
[align=center]    info          Displays information about one or more modules[/align]
[align=center]    irb           Drop into irb scripting mode[/align]
[align=center]    jobs          Displays and manages jobs[/align]
[align=center]    kill          Kill a job[/align]
[align=center]    load          Load a framework plugin[/align]
[align=center]    loadpath      Searches for and loads modules from a path[/align]
[align=center]    makerc        Save commands entered since start to a file[/align]
[align=center]    options       Displays global options or for one or more modules[/align]
[align=center]    pushm         Pushes the active or list of modules onto the module stack[/align]
[align=center]    quit          Exit the console[/align]
[align=center]    reload_all    Reloads all modules from all defined module paths[/align]
[align=center]    rename_job    Rename a job[/align]
[align=center]    resource      Run the commands stored in a file[/align]
[align=center]    route         Route traffic through a session[/align]
[align=center]    save          Saves the active datastores[/align]
[align=center]    search        Searches module names and descriptions[/align]
[align=center]    sessions      Dump session listings and display information about sessions[/align]
[align=center]    set           Sets a context-specific variable to a value[/align]
[align=center]    setg          Sets a global variable to a value[/align]
[align=center]    show          Displays modules of a given type, or all modules[/align]
[align=center]    sleep         Do nothing for the specified number of seconds[/align]
[align=center]    spool         Write console output into a file as well the screen[/align]
[align=center]    threads       View and manipulate background threads[/align]
[align=center]    unload        Unload a framework plugin[/align]
[align=center]    unset         Unsets one or more context-specific variables[/align]
[align=center]    unsetg        Unsets one or more global variables[/align]
[align=center]    use           Selects a module by name[/align]
[align=center]    version       Show the framework and console library version numbers[/align]
[align=center][/align]
[align=center][/align]
[align=center]Database Backend Commands[/align]
[align=center]========================================[/align]
[align=center][/align]
[align=center]    Command           Description[/align]
[align=center]    -------           -----------[/align]
[align=center]    creds             List all credentials in the database[/align]
[align=center]    db_connect        Connect to an existing database[/align]
[align=center]    db_disconnect     Disconnect from the current database instance[/align]
[align=center]    db_export         Export a file containing the contents of the database[/align]
[align=center]    db_nmap           Executes nmap and records the output automatically[/align]
[align=center]    db_rebuild_cache  Rebuilds the database-stored module cache[/align]
[align=center]    db_status         Show the current database status[/align]
[align=center]    hosts             List all hosts in the database[/align]
[align=center]    loot              List all loot in the database[/align]
[align=center]    notes             List all notes in the database[/align]
[align=center]    services          List all services in the database[/align]
[align=center]    vulns             List all vulnerabilities in the database[/align]
[align=center]    workspace         Switch between database workspaces[/align]
[align=center][/align]
[align=center]msf >[/align]
[Image: JK3dNQa.png]

Pick a vulnerability and use an exploit

->Once you know what your remote hosts system is (nmaplynixmaltego, wp-scan, etc) you can pick an exploit from Metasploit to test. rapid7 have an easy way to find exploits. There is also a way to search within msfconsole for various exploits:
example::

Quote:
search type:exploit


Quote:
search name:xxxx


Quote:
search CVE-xxx-xxx


Quote:
search cve:2016 


Hope you liked my tutorial:-



See you in my next tutorial 



and if you wants to check some of measploit tutorials then you can check them on my channel 




Please subscribe



Special thanks to:- CodeN/inja, Th3_uNique,Bd_InjeCtor,Alteas,Repetence,IndiGear,msfanurag,msfsri,Kishan,rootxploiter
Reply
#2
Nice job dude. I wait your second tutorial!
I hope you make a tutorial for create a good payload
Reply
#3
Thanks, a good intro to MSF for beginners.
Reply
#4
Very nice. thanks for this tutorial
Reply

Users browsing: 2 Guest(s)