Introduction

Metasploit is a powerful and widely-used open source tool for penetration testing and security assessments. Developed by the Metasploit Corporation, it was designed to help security professionals find and exploit vulnerabilities in computer systems. Today, it is one of the most popular tools in the information security industry, used by both individuals and organizations to identify and remediate security risks. This tutorial will provide a comprehensive guide for beginners on how to use Metasploit for vulnerability assessment and exploitation activities. The objective is to provide a clear and concise understanding of the capabilities and functionality of Metasploit, as well as to provide practical exercises that will help build a solid foundation for future exploration and use.

Chapter 1: Introduction to Metasploit

What is Metasploit

Metasploit is an open-source penetration testing framework that provides a platform for developing, testing, and executing exploits against a target system. It is used by security professionals and ethical hackers to identify vulnerabilities in systems and applications.

Metasploit offers a comprehensive suite of tools for performing security assessments, including reconnaissance, scanning, exploitation, and post-exploitation activities. It also supports the development of custom exploits and payloads, allowing users to adapt to specific security needs and environments.

History of Metasploit

Metasploit was originally created in 2003 as a standalone tool for exploiting vulnerabilities in systems. Over time, it evolved into a full-featured framework with a large community of contributors and users.

Since its inception, Metasploit has been widely adopted by security professionals and is now considered a standard tool in the penetration testing industry. Its continued development and expansion have resulted in a robust and powerful framework that supports a wide range of security assessments and exploitation activities.

Purpose and Use of Metasploit

The primary purpose of Metasploit is to help security professionals identify vulnerabilities in systems and applications. By exploiting these vulnerabilities, security professionals can gain access to sensitive information, compromise systems, and perform other malicious activities.

However, Metasploit is used primarily by ethical hackers and security professionals to perform security assessments. These assessments are designed to identify and assess vulnerabilities in systems and applications, allowing organizations to take the necessary steps to improve their security posture.

By using Metasploit to perform security assessments, organizations can gain a better understanding of their security posture and identify areas that need improvement. This information can then be used to implement security measures that help prevent attackers from exploiting vulnerabilities in their systems.

Chapter 2: Setting up Metasploit

Installing Metasploit

The first step in using Metasploit is to install the framework on your system. Metasploit can be installed on various operating systems, including Windows, Linux, and macOS.

For Linux distribution:

1. Use the package manager to install Metasploit, for example, on Debian or Ubuntu-based systems, run the following command in the terminal: sudo apt-get install metasploit-framework

2. Download a pre-compiled binary from the official Metasploit website and install it by executing the binary file in the terminal.

3. Build Metasploit from source by cloning the repository from GitHub, navigating to the repository directory, and executing the following command in the terminal: sudo ./msfinstall

On macOS, you can use the Homebrew package manager to install Metasploit:

brew install metasploit-framework

If you’re using Windows, you can download the standalone executable from the Metasploit website and run it to install the framework.

Configuring Metasploit

In order to get the best results from Metasploit, it’s crucial to properly set it up after installation. This process involves configuring the database, adjusting network settings, and determining any additional options that your specific installation needs. To achieve this, the following commands can be used:

1. msfdb init – Initializes the Metasploit database
2. msfconsole – Launches the Metasploit console
3. db_connect – Connects to a database
4. setg – Sets global options
5. show options – Displays the current options for a module

It’s important to keep in mind that these commands may vary depending on the version of Metasploit you’re using.

Understanding Metasploit

Interface The Metasploit interface is the main interface for interacting with the framework. It provides a comprehensive suite of tools for performing security assessments, including reconnaissance, scanning, exploitation, and post-exploitation activities. The interface is designed to be easy to use, even for beginners, and provides a wide range of features and options for performing security assessments.

Chapter 3: Exploring Metasploit Modules

Types of Metasploit Modules

Metasploit offers a variety of modules for different purposes. These modules are organized into categories, including exploits, payloads, encoders, and auxiliary modules. The following commands can be used to navigate and utilize these different module categories:

1. search [module_category] – This command is used to search for modules within a specific category, for example: search exploits
2. use [module_name] – This command is used to select a specific module for use, for example: use exploit/windows/smb/ms17_010_eternalblue
3. show options – This command displays the options available for a selected module.

By using these commands, you can effectively utilize the different module categories in Metasploit to perform a comprehensive security assessment.

How to search for Metasploit Modules

In Metasploit, you can search for the right module to use in your security assessment by using the search feature. This feature allows you to find the right module based on a range of criteria, including the target operating system, the type of application you are assessing, the type of vulnerability you are trying to exploit, and more. To use the search feature, simply enter the following command in the Metasploit console:

search [criteria]

For example, if you want to search for all modules that relate to Windows systems, you can enter the following command:

search type:exploit platform:windows

This will show you a list of all modules that are designed for Windows systems. You can then choose the module that you want to use and execute it using the use command.

use [module name]

With the search feature, you can easily find the right module to use in your security assessment and make the most of the power of Metasploit.

How to use Metasploit Modules

Using Metasploit modules is simple and straightforward. Users simply need to select the desired module, configure any required options, and then execute the module to perform the security assessment. Metasploit provides detailed information about each module, including options, descriptions, and usage examples, making it easy to understand how to use each module effectively.

To see the provided options for the chosen module a user just needs to use the following command:

To set the target host and port in Metasploit, you can use the following commands:

show options

After checking what you need to parameters you need to setup, you can use the set command.

For example, to set the target host and port in Metasploit, you can use the following commands:

set rhosts [target_host]
set rport [target_port]

Finally to run or exploit a module in Metasploit, you can use the following command:

run
or
exploit

Chapter 4: Scanning with Metasploit

Scanning Types in Metasploit

Metasploit provides several types of scanning capabilities, including host and port scanning, vulnerability scanning, and service scanning. Each type of scanning is designed to gather specific information about a target system and can be used in combination to provide a comprehensive security assessment.

How to perform Host and Port Scanning with Metasploit

Host and port scanning is an important step in performing a security assessment. It allows users to identify live systems on a network and determine which services and applications are running on those systems. Metasploit provides several modules for performing host and port scanning, including the Nmap Scanner, the Host and Port Scanner, and the TCP Port Scanner.

use auxiliary/scanner/portscan/tcp to select the TCP port scanner module

set rhosts [target host IP] to set the target host IP

set ports [port range] to set the target port range

run to run the scan

Service scanning:

use auxiliary/scanner/http/http_version to select the HTTP version scanner module

set rhosts [target host IP] to set the target host IP

run to run the scan

Note: These are just a few examples of the many scanning modules available in Metasploit. You can find more modules by running the search [type of scan] command in Metasploit console.

Understanding the Scanning Results

The results of a Metasploit scan are displayed in the Metasploit interface. These results provide valuable information about a target system, including the IP addresses of live systems, the services and applications running on those systems, and any vulnerabilities that may be present. The results can be used to identify potential targets for further security assessments and exploitation.

Here’s an example of the output displayed on the terminal after running a Metasploit scan:

Metasploit Framework 4.0.1 Console
=
[*] 192.168.0.100:22 - SSH - OpenSSH 4.3 (protocol 2.0)
[+] 192.168.0.100:80 - HTTP - Apache httpd 2.2.14
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Vulnerabilities:
[+] Apache Struts 2.3.15.3 - Remote Command Execution (CVE-2013-2251)
[+] Apache Struts 2.3.15.3 - Remote Code Execution (CVE-2013-1966)

Hosts:
192.168.0.100 

Services:
host: 192.168.0.100
  ssh: 22/tcp open
  http: 80/tcp open

In this example, the results show that there is one live system (192.168.0.100) with two open services: SSH and HTTP. The results also display information about the SSH and HTTP services, including the version numbers. Additionally, the results highlight two potential vulnerabilities in Apache Struts. These results can be used to further analyze the target system and identify potential attack vectors.

Chapter 5: Vulnerability Assessment with Metasploit

Vulnerability assessment is an important step in penetration testing, which involves identifying and assessing potential weaknesses in a target system. Metasploit provides several tools and modules to assist in this process.

The Metasploit framework has a built-in vulnerability scanner, which can be used to quickly identify vulnerabilities in a target system. The scanner uses a database of known vulnerabilities and exploits to identify potential weak points.

Once vulnerabilities have been identified, the next step is to assess the severity of the issue. Metasploit provides several tools to help determine the impact of the vulnerability, such as the ability to simulate an attack and see the results.

Vulnerability scanning:

use auxiliary/scanner/vulnerability/nessus to select the Nessus vulnerability scanner module

set RHOSTS [target host IP] to set the target host IP

run to run the scan

Chapter 6: Exploitation with Metasploit

Exploitation is the act of taking advantage of a vulnerability in a target system to gain unauthorized access or carry out malicious actions. Metasploit provides a range of exploits that can be used to exploit vulnerabilities in a target system.

The first step in exploiting a vulnerability is to identify a suitable exploit. Metasploit has a large library of exploits, so it is important to select the one that is most appropriate for the target system.

Once a suitable exploit has been identified, the next step is to configure and launch the exploit. Metasploit provides a range of options to configure the exploit, such as setting the target IP address, specifying the payload, and adjusting the timing of the attack.

Here are some Metasploit commands and terminal outputs that demonstrate how to assess the severity of a vulnerability:

1. Use the Metasploit module that exploits the identified vulnerability:
   • use exploit/[module name] to select the exploit module
   • set rhost [target host IP] to set the target host IP
   • run to run the exploit

Here’s an example of the output you might see after running an exploit:

Framework 4.0.1 Console
=
[*] 192.168.0.100:22 - SSH - OpenSSH 4.3 (protocol 2.0)
[+] 192.168.0.100:80 - HTTP - Apache httpd 2.2.14
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Vulnerabilities:
[+] Apache Struts 2.3.15.3 - Remote Command Execution (CVE-2013-2251)

Exploit:
[+] Apache Struts 2.3.15.3 - Remote Command Execution (CVE-2013-2251)

Hosts:
192.168.0.100 

Services:
host: 192.168.0.100
  ssh: 22/tcp open
  http: 80/tcp open

msf exploit(apache_struts_rce) > set rhost 192.168.0.100
rhost => 192.168.0.100
msf exploit(apache_struts_rce) > run

[*] 192.168.0.100:80 - Attempting to exploit Apache Struts 2.3.15.3 Remote Command Execution (CVE-2013-2251)
[+] 192.168.0.100:80 - Command execution successful

In this example, the Metasploit module exploited the remote command execution vulnerability in Apache Struts 2.3.15.3 (CVE-2013-2251). The output shows that the exploit was successful and the command was executed on the target system. This information can be used to determine the severity of the vulnerability and the potential impact of a real-world attack.

Note: Always use Metasploit in a controlled and responsible manner, such as in a virtual environment or with explicit permission from the target system owner.

Chapter 7: Conclusion

In conclusion, Metasploit is a powerful tool that is widely used by penetration testers and security professionals to identify and exploit vulnerabilities in target systems. It provides a comprehensive platform for performing vulnerability assessments, exploitation, payload generation, and post-exploitation activities. The tool offers a user-friendly interface and a wide range of modules and features to simplify the penetration testing process.

This tutorial has provided an overview of the various features of Metasploit and how to use them effectively. By following the steps and techniques outlined in this tutorial, beginners can start using Metasploit for their own security assessments and exploitation exercises. However, it is important to note that Metasploit should only be used for legal and ethical purposes, and that it is the responsibility of the user to understand and comply with all laws and regulations.

In addition to the basics covered in this tutorial, there is much more to learn about Metasploit and how to use it to its full potential. As with any tool, the best way to become proficient is through practice and experimentation. With that in mind, we encourage you to continue learning and exploring the capabilities of Metasploit.