The Metasploit Framework: Hacking on Rails

OS

All major operating systems.

Website

https://www.metasploit.com/

Reference Walk-Throughs

HackTheBox

Legacy

VulnHub

Kioptrix Level 1

What is the Metasploit Framework?

Originally created by H.D. Moore in 2003, the Metasploit Framework (MSF) is one of the most widely-used and controversial tools in the modern hacker’s arsenal. It simplifies the process of developing and executing exploit code against remote target machines. Many have labeled MSF a tool for “script kiddies,” because it contains a plethora of easy-to-use, weaponized exploits that require very little effort to deploy. Despite this claim, Metasploit has become a mainstay in the Information Security community, and is included in nearly every mainstream Linux distribution aimed at penetration testing.

In addition to exploits, MSF comes shipped with a significant number of auxiliary modules, designed for a whole host of additional features, including port scanning, enumeration, and more.

Warning

Despite its popularity, the original criticism still stands: MSF makes it remarkably simple for unskilled individuals to break into remote systems. As such, it can easily become a crutch for those who use it exclusively. If you only use Metasploit, you only learn Metasploit, and when you come face-to-face with a vulnerability for which no Metasploit module exists, you’ll be stumped. For this reason, the authors urge you to find non-Metasploit methods of execution whenever possible. These “manual” methods (as opposed to Metasploit’s “automated” method) will help you grow in knowledge and skill, and they’ll make you a stronger hacker overall.

How does it work?

The Metasploit Framework includes a comprehensive suite of Ruby scripts that simplify the development of exploits and payloads targeting remote systems. Metasploit is commonly shipped “batteries included,” meaning that it comes with a large array of exploits and payloads built-in. It also includes a number of other useful features, including tools for enumeration, vulnerability scanning, documentation, and more. The free version, included in most pentesting-focused Linux distributions, uses a command-line interface for selecting and executing exploits and payloads.

Using Metasploit

The Metasploit Framework is such a diverse and powerful toolkit that a thorough enumeration of its functionality is beyond the scope of this document. For those who wish to dive deeper into this tool, there are many books and guides available, including the Official Documentation by Rapid7, and the Metasploit Unleashed course by Offensive Security, both of which are provided free-of-charge.

For the purposes of this document, we’ll include only the most commonly-used functions within the MSF.

msfconsole: Launch Metasploit Interactively

Example: msfconsole

This command launches an interactive Metasploit session with a command-line interface. This is the most common method of using the Framework, and provides access to the full functionality of the utility. This console features tab-completion and the use of up- and down-arrows to scroll through the command history.

help [COMMAND]: Get Help

Example: help search

This command requests help on a given subject, providing useful information for maximizing your effectiveness with MSF. Using help without a specified command will provide the MSF default help guide, including all core, module, job, resource script, database backend, credentials backend, and developer commands.

search [OPTIONS] [KEYWORDS]: Search for Modules

Example: search type:exploit ms17-010

This command returns a list of modules for the specified keywords, modified by the specified options. Options are optional, but keywords are required. Keywords can include basic search terms, such as the name of a CVE, as well as advanced terms, such as the specific type of module sought. For example, the search term listed above (search type:exploit ms17-010) will return all exploit modules related to the MS17-010 vulnerability.

use [MODULE/NUMBER]: Use a Specified Module

Example: use exploit/windows/smb/ms17_010_psexec

This command loads the specified module (either by path or by number). Typically, modules are loaded by path (e.g. use exploit/windows/smb/ms17_010_psexec). However, if a search command was previously run, the results will be returned in an enumerated list, allowing you to enter the number of the desired module instead of typing the full path (e.g. use 3).

show [PARAMETER]: Show the Specified Information

Example: show options

This command provides contextual information dependent on the specified parameter. For example, show info will provide information about the currently-selected module, whereas show options will display the current module’s configuration. For a full list of parameters, type help show.

set [KEY] [VALUE]: Set the Value of the Specified Key

Example: set RHOSTS 10.10.10.4

This command sets the value of the specified key. This can be used both for modules and for associated payloads.