Skip to main content

Metasploit Framework: Notes

Source: https://www.metasploit.com/includes/images/metasploit-og.png

"The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection."

Metasploit was originally created by H. D. Moore in 2003, using the Perl programming language. In 2009, the Metasploit Project was acquired by the cybersecurity company Rapid7. Before the acquisition, in 2007, the framework was completely rewritten in the Ruby programming language.

Keep updating

https://github.com/rapid7/metasploit-framework

Install/Upgrade metesploit framework on Linux

curl -k https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall \
&& chmod +x msfinstall \
&& ./msfinstall

Init database

db_init
db_status
db_connect

Get help

msfconsole -h
msf6 > search 
msf6 > use

msf6 > msfupdate

Metasploit tips

Search can apply complex filters such as search cve:2009 type:exploit, see all the filters with help search

Use the edit command to open the currently active module in your editor

On Fedora Workstation 32

[tuyen@g73jh ~]$ msfconsole

 ** Welcome to Metasploit Framework Initial Setup **
    Please answer a few questions to get started.


Would you like to use and setup a new database (recommended)?
Please answer yes or no.
Would you like to use and setup a new database (recommended)? yes
Creating database at /home/tuyen/.msf4/db
Starting database at /home/tuyen/.msf4/db...success
Creating database users
Writing client authentication configuration file /home/tuyen/.msf4/db/pg_hba.conf
Stopping database at /home/tuyen/.msf4/db
Starting database at /home/tuyen/.msf4/db...success
Creating initial database schema
[?] Initial MSF web service account username? [tuyen]:
[?] Initial MSF web service account password? (Leave blank for random password):
Generating SSL key and certificate for MSF web service
Attempting to start MSF web service...success
MSF web service started and online
Creating MSF web service user tuyen

    ############################################################
    ##              MSF Web Service Credentials               ##
    ##                                                        ##
    ##        Please store these credentials securely.        ##
    ##    You will need them to connect to the webservice.    ##
    ############################################################

MSF web service username: tuyen
MSF web service password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
MSF web service user API token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


MSF web service configuration complete
The web service has been configured as your default data service in msfconsole with the name "local-https-data-service"

If needed, manually reconnect to the data service in msfconsole using the command:
db_connect --token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx --cert /home/tuyen/.msf4/msf-ws-cert.pem --skip-verify https://localhost:5443

The username and password are credentials for the API account:
https://localhost:5443/api/v1/auth/account


 ** Metasploit Framework Initial Setup Complete **


       =[ metasploit v6.0.9-dev-                          ]
+ -- --=[ 2068 exploits - 1123 auxiliary - 352 post       ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 7 evasion                                       ]

Metasploit tip: Search can apply complex filters such as search cve:2009 type:exploit, see all the filters with help search

msf6 >
msf6 > msfupdate
[*] exec: msfupdate

Switching to root user to update the package
[sudo] password for tuyen:
Checking for and installing update..
Adding metasploit-framework to your repository list..Metasploit                                   [===
Metasploit                                                                               12 kB/s | 3.0 kB     00:00
Package metasploit-framework-6.0.9+20201001102443~1rapid7-1.el6.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
msf6 >

Practice

https://tryhackme.com/room/ccpentesting

Resources

>>> Metasploit Training

>>> THM | Metasploit: Introduction

>>> Metasploit Cheat Sheet | SANS Institute

Popular posts from this blog

Java: Free Online Courses

The Java™ Tutorials by Oracle The Java Tutorials are practical guides for programmers who want to use the Java programming language to create applications. They include hundreds of complete, working examples, and dozens of lessons. Groups of related lessons are organized into "trails". https://docs.oracle.com/javase/tutorial/ Learn to Program in Java at edX.ogr Get started on the path to becoming a software engineer by learning core coding skills in Java—one of the most popular programming languages. https://www.edx.org/course/learn-to-program-in-java-0 Java Tutorial by javapoint.com https://www.javatpoint.com/java-tutorial Java Tutorial by SoloLearn.com I love SoloLearn because I can learn Java - and other popular programming languages - anywhere, any time on your mobile devices. https://www.sololearn.com/Course/Java/ Java on Azure https://docs.microsoft.com/en-us/learn/paths/java-on-azure/

Less secure app access in gmail or G Suite

From G Suite Update on December 16, 2019 Google turned off less secure app access to G Suite accounts .