What is Metasploit Framework? How to Install? General Command and Concepts #1

in #utopian-io6 years ago (edited)

What Will I Learn?

  • What is Metasploit Framework?
  • How to Install?
  • General Command and Concepts

Requirements

  • Linux Operating System
  • Metasploit Framework

Difficulty

  • Advanced

What is Metasploit Framework?

Metasploit is an open source penetration testing tool developed for security testing. Ruby is encoded in the language and has a practical interface and rules. It contains over 1000 exploits. Metasploit contains many parameters and modules for easy use of exploits and other tools.

It provides convenient use when performing safety tests on this site. If any exploit is coded for Metasploit, it can be used and improved by adding it inside. With Metasploit, simple web security tests and managed tests on operating systems (Windows, Linux, Android, etc.) can be applied. Information is gathered from the system, the acquired information is exploited, and then the system is tracked for progress and persistence. Of course, this is something that the person doing the security test will have to do. The crucial point is that it can be used for many purposes, not for a single purpose. The user identifies the operations to be carried out and forms their own test strategies. This can be done in a practical and quick way.

Metasploit has its own file system:
DataData is used and can be changed by metasploit.
LibThe main structure of the system that makes up the Framework is the library.
PluginsPlugins that work automatically and function using all the features of the Framework. They work during the process.
ToolsThese are tools that work on their behalf and work on command lines.
ExternalExternal resources are 3rd party software and source codes.
DocumentationDocuments used to inform the Framework.
ModulesNormal modules.
ScriptsAdvanced scripts like Meterpreter

These may be reproduced. As you can see, metasploit architecture works fairly regularly. To understand these terms in full, it is necessary to use the stated facts. In this way you can produce strategies according to the process.

6a4a49_2bc602dcc9fd45d9924981d075a9b689_mv2.jpg

How to Install?

Metasploit can work on many platforms. For example, Mac, Windows and Linux. With these options, each user can address and make comfortable use. I use Linux and I will show you how to install and use it in Linux because I am more dominant. You can perform operations on Windows or Linux. I recommend Linux for convenient and practical use.

Installation for Linux:

Since I use the Lubuntu operating system, I will show you how to install it via Lubuntu, but most linux distrars have the same structure. If you are using operating systems such as Kali Linux or Backtrack Linux, the Metasploit Framework comes pre-installed, but if you are reading this tutorial and you want to learn how to do it by following the steps in the series, it's a good idea to update it.

We enter the following commands in order;

sudo apt-get install curl

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

chmod 755 msfinstall

./msfinstall

Screenshot_1.png

We have entered our commands in order and your installation process has been completed successfully.

General Command and Concepts

There are always commands to use in Metasploit. These commands will be used in many operations such as selecting an exploit, entering a parameter, and will always get confused.

The parameters vary according to the modules. If you follow the lessons you will know better as you use modules, I will explain from time to time to refresh this information. Since some concepts are long, we will briefly describe this introduction, and we will work in more detail later on.

Exploit Selection

The use command is used to select any exploit or module in the main metasploit window.

E.G.

use exploit/windows/smb/ms08_076_netapi

When the module is selected, it outputs exploit (ms08_067_netapi.

Selecting Payload and Lending of Payloads Suitable for Exploit

Payload is a module that is used to ensure that the system running after the exploit does not proceed and to perform the desired operations.

In general, when selecting an payload, an appropriate payload must be selected for the exploit. In other words, when Windows wants to perform an attack on a system, an appropriate exploit is selected for that system and a payload to be executed after the exploit is selected. Operating systems such as Windows, Linux, and Android have different payloads. Payloads can vary from system to system, as well as from exploits. We will process Payload in more detail in later courses.

Payloads can be used with exploits and usually also use remote exploits. The show payloads command lists all payloads that can be used with the selected exploit.

E.G.
With the command set PAYLOAD windows/shell_reverse_tcp we can choose our payload. When the system is exploited, windows/shell_reverse_tcp will switch to payload.

Getting to Know the Parameters

In order to run the explot on a system, some information about the target system and the target system should be entered into the exploit beforehand. You can use the "show options" command to see these parameters. The command will show the module at the top and the payload's parameters at the bottom.

NameParametric name
Current SettingThe value entered for the parameter
RequiredThe place where the input is not mandatory. "No" is not required, if "Yes" it is necessary to enter
DescriptionThe description of the parameter

Parameters should be entered based on this information.

The first topic of our series has been completed here, thank you for reading. See you on the next topic, respectfully.


Posted on Utopian.io - Rewarding Open Source Contributors

#linux #metasploit #exploit #security
6 years ago in #utopian-io by
$0.15
  • Past Payouts $0.15, 0.00 TRX
  • - Author $0.13, 0.00 TRX
  • - Curators $0.02, 0.00 TRX
32 votes
Reply 8
Sort:  
  • Trending
    • [-]
     6 years ago 

    Your contribution cannot be approved because it is not as informative as other contributions. See the Utopian Rules. Contributions need to be informative and descriptive in order to help readers and developers understand them.

    You can contact us on Discord.
    [utopian-moderator]

    $1.37
    • Past Payouts $1.37, 0.00 TRX
    • - Author $1.03, 0.00 TRX
    • - Curators $0.34, 0.00 TRX
    1 vote
    Reply
    [-]
     6 years ago 

    I do not think it is right to make a review like this, I wrote a detailed message on Discord.

    $0.00
      Reply
      [-]
       6 years ago 

      I believe that this post is more about the general information and could be suitable for a person that does not know metasploit.

      The information about installation is written in the documentation quite well and your post would benefit from including the links for other platforms even though you show it only for one distro.

      You mention some of the commands but I feel that it is not really explained what we can do with them.

      There are some passages where you repeat yourself or it is not clearly written.

      [...] some information about the target system and the target system [...]

      In general, when selecting an payload, an appropriate payload must be selected for the exploit.

      In other words, when Windows wants to perform an attack on a system, an appropriate exploit is selected for that system and a payload to be executed after the exploit is selected.

      It could be better if you were able to mention what the following part is going to be about. Afterall, you want to write a series.

      Overall, I think that this post is not suitable for the reward right now.

      $0.00
        Reply
        [-]
         6 years ago 

        Thank you for the detailed review @espoem

        $0.00
          Reply
          [-]
           6 years ago 

          Hey @shreyasgune, I just gave you a tip for your hard work on moderation. Upvote this comment to support the utopian moderators and increase your future rewards!

          $0.00
            Reply
            [-]
             6 years ago 

            @sdtyldz, Approve is not my ability, but I can upvote you.

            $0.00
              Reply
              [-]
               6 years ago 

              If you are lazy you can use a distro like Kali that already has metasploit installed. All you need to do to start it is:

              # service postgresql start
# service metasploit start
# msfdb init
# msfconsole

              There should also be a docker container that you can download and run. If metasploit is too much of a learning curve for you then you should have a look at armitage.

              Anyways nice article. Here are some bookmarks that I thought you might find helpful:
              http://securitytube.aircrack-ng.org/SecurityTube-Metasploit-Framework-Expert/SMFE-Community.zip
              http://www.securitytube.net/groups?operation=view&groupId=10
              https://github.com/rapid7/metasploit-framework/wiki/
              http://www.offensive-security.com/metasploit-unleashed/
              http://netsec.ws/?p=331

              $0.00
                Reply
                [-]
                 6 years ago 

                Thank you for the information.

                $0.00
                  Reply

                  Coin Marketplace

                  STEEM 0.24
                  TRX 0.12
                  JST 0.029
                  BTC 67396.07
                  ETH 3510.28
                  USDT 1.00
                  SBD 3.15