“Give me eight hours to chop down a tree; I’d spend the first six of them sharpening my axe.”-Abraham Lincoln
Many of you must be thinking what does this semi-philosophical opening have to do with the Metasploit Framework?
So, before approaching a penetration test or an audit.
We always take care to “sharpen our tools” and update everything in Kali, especially the Metasploit Framework.
The Metasploit Framework (MSF) is far more than just a collection of exploits.
It is also a solid foundation that you can build upon and easily customize to meet your needs.
From a wide array of commercial-grade exploits and an extensive exploit development environment.
All the way to network information gathering tools and web vulnerability plugins the Metasploit Framework provides a truly impressive work environment.
After hearing this much about it you must be excited to know how to set it up, so let’s check out the installation process.
Metasploit Framework comes preinstalled in all the major hacking distributions.
For those who are using another version of Linux or Unix (including Mac OS) or Windows,
You can download Metasploit from Rapid7’s website.
Different Interfaces for Metasploit:
Metasploit provides two type of consoles:
1. Armitage (Graphical User Interface)
Armitage is a fantastic Java-based GUI front-end for the Metasploit Framework developed by Raphael Mudge.
Its goal is to help security professionals better understand hacking and help them realize the power and potential of Metasploit.
For further details, you can always visit the Armitage’s Official Website like me.
2. MSFconsole (command line Interface):
The most used and my personal favorite interface is Msfconsole.
It provides an “all-in-one” centralized console.
And allows you efficient access to virtually all of the options available in the MSF.
Benefits to Using MSFconsole
- It is the only supported way to access most of the features within Metasploit.
- Provides a console-based interface to the framework.
- Contains the most features and is the most stable MSF interface.
- Full read-line support, tabbing, and command completion.
- Execution of external commands in msfconsole is possible.
Metasploit Framework provides six different modules, These are:
|Payloads||Actual code that does the work. Mostly used to set up a connection between the attacking and the victim machine.|
|Exploit||Exploit is a code that allows an attacker/tester to take advantage of a vulnerable system and compromise its security.|
|Post||Metasploit has a wide array of post-exploitation modules that run on compromised targets to gather evidence, pivot deeper into a target network.|
|Nops||Nops are short for No OPerationS simply means “do nothing”. This can be crucial in creating a buffer overflow.|
|Auxiliary||Auxiliary includes numerous modules that don’t fit into any of the other categories such as fuzzers, scanners, denial of service attacks, and more.|
|Encoders||To help us evade security, we can use encoders to encode our shellcode.|
So lastly, Metasploit has many capabilities that are still untouched by me.
So, I will continue this Metasploit series to explore the simplest to the most complex form so that you can have a command over the Metasploit framework.
In the meantime check out my other informative posts and keep coming back to this series to learn using Metasploit like a pro!