“You can’t learn to use a weapon directly by using it in battle field, First you need to train properly in barrack.”
Howdy, my tender foot Hackers!
I’m back with another guide in the Metasploit Framework series. So, you might be thinking about this
semi-philosophical start, again here is the message:
As we discussed in my last tutorial for a successful attack we need the right set of upgraded tools. Now before getting our hands dirty in hacking. We must understand basic concepts first.
Let’s first understand the basics.
In our last guide, we went through the Basic introduction of the Metasploit Framework, then we saw the different Interfaces at last, I gave you the basic Introduction of all 6 modules.
Now, In this Guide I’ll Introduce you to my favorite MSFconsole (Command Line Interface).
Before proceeding I would like you to visit my last Tutorial part 1.
Launching the Framework
Now here comes my favorite dialogue…”Fire up your terminal and let’s get started”.
Launching command Line interface is pretty easy.
You just have to type:
On your terminal and you will see it will take a few seconds depending on your system resources, and you be greeted with one of the beautiful ASCII character banners.
As we are just starting with MSFconsole it is Important to get an understanding of a few most fundamental Keywords and commands, which I’m going to show you now,
These are far from a plethora of commands used by this powerful utility tool but they are good to get started with.
As I told you MSF is a huge collection of various modules, like really a huge one.
So obviously it is very difficult to remember the path of the correct module so we use the “search” keyword to find the correct module to use.
The search keyword not just enables us to do simple keyword searches, but also allows us to be a bit more refined in our search as well.
For instance, we can define what type of module we are searching for by using the type keyword
Now I type :
msf6> search type : exploit
After this command MSF come up with list of all 2131 Exploits (in MSF v-6.0.44) which is not quite helpful.
So we can modify our search by specifying the specific platform let’s say windows, so command would be:
msf6> search type: exploit platform: windows
One of the most basic commands of MSFconsole. You can use the show command to show modules such as exploits, payloads, etc., but it can also be used to show options that are used by the exploit.
show command : a context sensitive command i.e., It depends on the exploit against which it is used.
A nice guide for beginners you can use help command any time to get list of basic commands.
Basic but critical command line keyword for metasploit. We use it to set parameter values required to run exploit.
These parameter includes Payloads, LHOST, LPORT, RHOST, RPORT, Session, etc.
When we have decided which module to use. We use the “use” command to load module in memory.
Now we searched for exploits, decided which exploit to use, set all the parameters required, Now we are good to use the “exploit/run” command to exploit our target.
To exit MSFconsole simply type exit and press enter.
Now that we are out of MSFconsole what are you waiting for, I’m done for this post.
Go, and checkout my other awesome posts.
PS: If you wanna boost up your skills I would suggest a good read to follow along with this tutorial series: Metasploit Penetration Testing Cookbook -by Abhinav Singh