Ethical Hacking - Metasploit

Metasploit

One of the most powerful exploit tools is Metasploit. The link to find the resources of Metasploit is https://www.metasploit.com . Two versions of Metasploit are available free edition and commercial. Mostly free edition is used in this tutorial, as there is not much difference between the two versions.

Metasploit

Metasplit can be easily installed as a separate tool on systems which run on Linux, Windows or Mac OS X.

To install Metasploit some of the hardware required are −

  • 2 GHz+ processor.
  • 1 GB RAM available.
  • 1 GB+ available disk space.

Matasploit can be used either with command prompt or with Web UI.

To open in Kali, go to Applications → Exploitation Tools → metasploit.

Exploitation Tools

After Metasploit starts, the screen appears as follows, red underline highlighted is the version of Metasploit.

Metasploit Exploitation Tools

What are the Exploits of Metasploit?

From Vulnerability Scanner, it is identified that the machine used of testing is vulnerable to FTP service. To use the exploit that works, the command is:

use “exploit path”

Then type mfs> show options to check for the parameters to be set to make functional. RHOST is set as the “target IP”.

Type msf> set RHOST 192.168.1.101 and msf>set RPORT 21.

Then, type mfs>run. If the exploit is successful, then it will open one session that can be interacted with, as shown in the following screenshot.

Metasploit Run

What is Metasploit Payloads?

The scripts that hackers use to interact with hacked system are payloads. Payloads are used by hackers to transfer data to a victim system.

Metasploit payloads can be of three types −

Singles − Singles are very small and designed to create some kind of communication, then move to the next stage. For example, just creating a user.

Staged − It is a payload that an attacker can use to upload a bigger file onto a victim system.

Stages − Stages are payload components that are downloaded by Stagers modules. The various payload stages provide advanced features with no size limits such as Meterpreter and VNC Injection.