Metasploit has long been one of the most widely used tools by Information Security Professionals and hackers today we're going to cover everything you need to know about metas sploit whether you're a beginner or a Season Pro I will guide you from the basics to Advanced Techniques after watching this video you won't need to ask about Metasploit again to my wonderful subscribers I'm truly sorry for my inconsistency I've been busy creating a course for you all and I'm trying to make it as good as possible no more wasting time let's get into it before we dive in let's briefly cover the history of Metasploit met exploit was created by HD Moore in October 23 while he was working at a security firm he wanted a flexible and maintainable framework for developing exploits so he released the first Pearl based version with 11 exploits in April 2004 with the help of spoon him Metasploit tuo was released featuring 19 exploits and over 27 p loads Matt Miller or scape joined the team and the tool quickly became essential for penetration testing Med exploit threo a complete rewrite in Ruby was released in 27 after 18 months of work introducing over 150,000 lines of new code this version gained widespread adoption and increased user contributions in 2009 rapid 7 acquired medis sploit allowing for faster development and the release of two commercial products Metasploit Express and Metasploit Pro these versions offer additional features like a GUI reporting and collaboration tools okay now I realize I forgot to explain what Metasploit is many of you probably clicked on this video already knowing about Metasploit but just in case you don't in short Metasploit is a powerful framework used for developing testing and executing exploits against various software vulnerabilities it's a crucial tool for hackers penetrate testers and Security Professionals to identify and address security flaws in systems metlo consists of tools libraries modules and user interfaces at its core it functions as a module launcher enabling users to configure and deploy exploit modules against Target systems if an exploit succeeds the payload is executed on the target providing the user with a shell to interact with it metlo offers hundreds of exploits and numerous payload options making it an indispensable tool for security testing and exploitation installing metlo is straightforward especially if you're using Linux in fact on many Linux distributions like colie Linux you don't need to install it at all here's how you can get started open your terminal update your coli Linux with this command launch metas by typing msf console that's it we've successfully opened msf console from the terminal however there are several other ways to access the Metasploit framework these include msf GUI msf CLI msf web Metasploit Pro and Armitage for our purposes in this video we'll be focusing on using msf console if you want to install metlo on Windows or another operating system you can visit their website for detailed installation guides if you run into any issues feel free to ask for help in the comments all right now let's explore the Metasploit directory together follow these steps to get started first if you don't remember or don't know where the metas sploit directory is you can find it by typing locate metlo once you've got the directory path copy it then navigate to it by typing CD then paste the directory path to see the list of files type LS you'll notice a bunch of directories and scripts the key directories are data external tools plugins and scripts let's take a look at each one start by exploring the data directory CD data then LS here you'll find various helper modules like meter prer exploits word lists templates and more next let's check out the meter prer directory CD meter prer then LS in this directory you'll see important files here's a quick rundown of what some of these are this is a staged payload for arm 64bit on Mac OS delivered in Parts this executable is for the meter prer service on Windows providing an interactive shell and post exploitation features this is the server component for meter prer which helps in communication between the compromised machine and the attacker this folder contains Python scripts or modules this is similar to the arm version this is a staged payload for 64-bit maos where the initial stage sets up the environment and fetches the main payload all right let's keep exploring the Metasploit directory first let's go back to the data directory and check out the word list folder here's how navigate back to the data directory enter the word list directory CD word lists this directory contains lists of usernames and passwords for different services like HTTP Oracle posters VNC SNMP and more next let's explore the exploits directory CD exploits here you'll find a variety of files and directories related to different security exploits that Metasploit can use each file or directory often includes a cve or common vulnerabilities and exposures identifier which tells you which specific vulnerability it targets for example you might see files like cve 273d 314 cve 20121 723 jar or cve 201918 5113 these contain the necessary code or data to exploit a particular vulnerability these resources are essential for metas sploits ability to test and exploit vulnerabilities during security assessments when Metasploit runs an exploit it uses these files to carry out the attack by understanding these directories and their contents you'll have a better grasp of how Metasploit operates and can effectively use it in your security assessments now that we've covered a lot in the data directory let's head back to the main Metasploit framework directory and explore some other important directories all right we're in the metas sploit framework directory let's check out the modules directory which is crucial and holds various functionalities CD modules okay here are all modules let's see them each directory let's start with exploit directory CD exploit then LS here you'll find a list of exploit modules categorized based on operating systems for instance let's focus on Windows exploit modules CD Windows then Lis within the windows directory you'll see numerous EXP modules categorized by Windows services like FTP SMB telnet browser email and more for example let's explore the FTP directory as an illustration CD FP LS you'll find a list of FTP Service exploits typically in the form of ruik scripts to view the code of any exploit you can use the cat command followed by the exploit name okay this allows us to delve into different types of exploits according to operating systems and their respective Services it's a crucial part of understanding how Metasploit operates and enables us to effectively assess and exploit vulnerabilities let's continue our exploration by checking out auxiliary modules navigate back to the modules directory okay then enter the auxiliary directory by typing CD auxiliary auxiliary modules are essentially exploits without payloads they serve various tasks such as Port scanning fingerprinting service scanning and more there are different types of auxiliary modules including scanners for protocols Network protocol fuzzers Port scanner modules Wireless modules denial of service modules server modules administrative access exploits and more let's take a look at the available auxiliary modules here you'll see a list of auxiliary modules such as admin client fuzzers scanner spoof and more now let's dive into the scanner directory as an example within the scanner directory you'll find modules categorized based on service scans for instance let's explore the FTP scanner module here you'll see three Ruby scripts related to FTP scanning to view the Ruby code of any module use the cat command followed by the module name this allows us to examine the inner workings of different auxiliary modules gain insights into their functionalities and effectively utilize them for various security tasks within Metasploit let's delve into the payloads directory within the modules directory before diving into the payloads directory it's essential to understand what payloads are a payload is a piece of software that runs after a system is compromised typically attached to and delivered with an exploit in Metasploit there are four types of payloads adapters these payloads can adapt or modify their behavior based on the characteristics of the target system potentially including evasion or bypass capabilities singles Standalone payloads like shell codes reverse shells command execution payloads Etc stagers focuses on setting up the environment for subsequent payload delivery stages larger payloads delivered after the Stager offering Advanced functionalities like meter prer for post exploitation activities file transfer capabilities and more now let's navigate to the payloads directory within the modules directory to explore these payload types further for example let's see single directory CD singles here payloads are categorized based on operating systems like Windows Linux Etc let's focus on the Windows directory to demonstrate how these payloads work CD Windows as we discussed earlier single payloads are self-contained for specific tasks like creating a user account binding a shell and more let's take the windows ad user payload as an example to view the code of this payload use the cat command followed by the payload name Cat ad user RB this command will display the Ruby code for the window set user payload allowing us to understand how it functions and what actions it performs when executed by exploring these payloads we gain insights into their functionalities and how they can be utilized in security assessments penetration testing and hacking activities stagers play a critical role in establishing the initial connection between the attacker and the victim machine for example when injecting a meter prer payload the process is split into two parts the smaller Stager payload creates the network connection and then the larger stage payload is delivered to perform Advanced actions on the victim Machine by exploring these payloads we gain insights into their functionalities and how they contribute to exploiting vulnerabilities and gaining control over Target systems during security assessments and ethical hacking activities all right let's dive into some key directories in Metasploit besides the one we just talked about check out the scripts directory inside metlo it's packed with tons of scripts that metlo relies on then there's the tools directory you'll find all sorts of tools here that help with exploitation lastly there's the plugins directory this one's super useful because it's where you can add in third-party tools like nessus nexos and naap plugins to work seamlessly with Metasploit okay now that I've explained these directories can you do me a favor open up up your colie Linux then head to the metlo directory and check out all these files okay let's dive into the nitty-gritty we're starting with basic exploitation in this section where we'll talk about what exploitation really means exploitation is all about breaking into a computer system it's like figuring out the weak spots and using them to get in to do this you need to understand vulnerabilities and payloads really well an exploit is basically a clever piece of code you write it compile it which means turning it into a form the computer can understand and then run it on a system you want to break into it takes advantage of known weaknesses like a service that's not secure or badly written code in this section we're going to cover how to find systems that are vulnerable and then how to use exploits to get into them let's understand how hacking works the attacker sends a code called an exploit and a payload to a weak system first the exploit tries to break break in if it succeeds it activates the payload once the payload is running the attacker can do whatever they want on that system like stealing data or adding harmful stuff like viruses okay the first step in hacking into a system is scanning its IP address this helps us find open ports the operating system and services running on it next we look for a weak spot in one of those Services we search Metasploit for an exploit that matches that weakness if we can't find one in net exploit we check other websites like Securo focus.com or exploit db.com okay let's get started with simple exploitation we are going to see the basic exploitation just copying and pasting code into Windows terminal to exploit a system by copying and pasting code into a Windows terminal we often Target a vulnerability in a service on the machine we can use metas sploit to generate a payload that can be executed directly from the window Windows command prompt or Powershell I'll guide you through this process first use metas sploit to create a payload for Powershell type this command let me explain this command msf Venom is metas sploits tool for generating payloads P specifies the payload this payload creates a reverse TCP connection to the attacker's machine and spawns a meter prer shell windows 64 indicates the payload is for a 64-bit Windows operating system lhost is the IP address of the attacker machine or your coli Linux machine that will receive the reverse connection L Port is the port on the attacker's machine that will listen for the reverse connection F specifies the output format psh CMD generates a payload as a poell command that can be run directly in the Windows command line okay now just hit enter it will give this command before executing the payload on the target machine you need to set up a listener on your colie Linux machine using Metasploit let's just open another Tab and open metas setting up the listener is a crucial step in the exploitation process it involves configuring metas sploit to wait for and handle the incoming connection from the target machine once the payload is executed here's a detailed explanation of how to set up the listener use the multi-hand module the multi- Handler module is a generic payload Handler used to receive connections from payloads load this module by typing so this command tells Metasploit to use the multi- Handler module you need to configure the multi- Handler to use the same payload that was generated with msf Venom since you created a Windows 64 meter pred reverse TCP payload you should set the same payload in the Handler okay now let's check what we need type show options you need to set the local host or L host and local port or L port to match the values you used when generating the payload this ensures that the listener will be listening on the correct IP address and and port for incoming connections start The Listener by running the exploit or run command this command puts the Handler into listening mode waiting for the Target machine to execute the payload and establish a connection back to your collie machine now our Handler will wait for a connection on the specified IP address and Port you'll see output like this when the target machine runs the generated Powershell command it will try to connect back to your collie machine on the specified IP and Port all right now we're ready to exploit copy the command go to your target Windows machine open the terminal and paste it there then go back to your coli Linux and check if it worked once the connection is established you will see output indicating that a session has been opened we now have an active meter prer session now that we've successfully exploited our Target you can do whatever you want you just need to know a few Powershell commands now for that reason let's learn some meter prer Basics meter prer is a powerful tool in the Metasploit framework used after exploiting a vulnerable system it uses a technique called inmemory dll injection which injects code into a running process without writing any files to the disk this makes it very stealthy when we use meter prer as a payload we get a shell on the compromised system meter prater's unique attack Vector attaches itself to an active process in memory avoiding detection by antivirus and intrusion detection systems communication between the client and server uses an encrypted format called type length value in this format type indicates the kind of field length shows the size of the field and value contains the actual data meter prer is highly effective allowing us to acquire password hashes run a key logger and escalate privileges it can also switch between different processes it's attached to staying hidden by clinging to running applications on the compromised host all right let's dive into what meter prer can do type help to get a list of commands and see all the tools we have at our disposal now let's kick things off by checking out some details about the victim's system types this info to get info like their computer name and operating system next up let's get a visual on what's happening on their screen just type screenshot and it'll snap a pick of their desktop check the path to find where the screenshot is saved great it worked like a charm curious about what processes are running type PS to list them out moving on to some serious hacking action let's fire up a q logger type key scan start and it'll start logging keystrokes want to see what we captured type key skin dump to check out the keystrokes we snagged look at that we caught some juicy stuff to stop the key logger type key skin stop and hey that's just the tip of the iceberg we can do even more cool tricks like taking photos and exploring further into the system and don't forget we can move delete create and edit files on our Target machine for example if we want to get a list of all files we can type dire if we want to download a file from the target machine to our own we Type download file name this command will will download the specified file to our machine if we want to send a file to the Target machine we use upload file name this will upload the specified file to the Target machine you can do whatever you want just type help to see all the commands available and explore the possibilities check out what you can do and try them out now let's explore what else we can do with metas sploit starting with information gathering information gathering involves collecting data about a Target using various techniques this process is divided into two steps footprinting and scanning a lot of information is publicly available about an organization through its website business news job portals and even disgruntled employees during this phase a malicious user can find domain names remote access info Network architecture public IP addresses and much more let's dive into Hands-On information gathering using Med exploit suppose we're the attackers and we have a domain we want to exploit our first step is to gather all possible information about that domain for our malicious purposes one of the best methods for this is using who is it's widely used to query databases that store details about registered users of Internet Resources like domain names and IP addresses to do this type who is then domain name for example let's use Facebook's domain name you'll see a lot of information related to the Facebook domain which can be very useful for further exploitation okay now let's use metlo to gather more information Metasploit has many auxiliary scanners that are very useful for task like email harvesting email harvesting helps us collect email IDs associated with a particular domain to use the email collector auxiliary module type use auxiliary gather search email collector next let's see the available options by typing show options you'll see that the domain and app file fields are blank we need to set the domain address to do this type set domain domain name you can also specify an out file to store the generated email list now let's run the auxiliary module it will show the results in my case I got zero results but when you scan you might get some email addresses now let us move on to some active information gathering for exploiting our victim another useful auxiliary scanner is the telnet version scanner to use this type use auxiliary scanner T theelement version next type show options to see the available options you'll see that the r hosts option is Will empty for you we need to set the target IP address for scanning the telnet version to do this type set our hosts then Target IP address if the other R Port is empty fill it with Port 23 after setting your target IP address just type run in my case the scan returned no results because my Target's Port 23 is closed if your target has Port 23 open you will see the telit version of the machine let me remind you I could make my device vulnerable and show you the results but the point here is to teach you how to use Metasploit so don't be upset with my scanning results okay now you might be wondering what is telet telet is a network protocol used to provide a command line interface for communication with remote devices it allows users to log into another computer over a network and control it as if they were physically present however telnet is not secure because it transmits data in plain text making it susceptible to interception and attacks this is why it's important to scan for telnet vulnerabilities and understand their potential risks now that you know how to use these tools in Metasploit you can continue exploring and practicing with different modules and techniques to enhance your penetration testing skills I can't finish by showing you all the modules and auxiliary tools but by now you should have a good idea of how to use Metasploit to scan to keep practicing your scanning skills go to the Metasploit framework GitHub page I'll put the link in the description specifically check out the scanner tab you'll see a bunch of different things to scan just find what you're interested in click on it read the details and you're good to go and for more information you can check out this website too let me tell you one thing I've just given you an overview of Metasploit there are so many things you can do with it but I hope you now understand how to use it if you have any questions about Metasploit don't hesitate to ask if you want to learn more about networking check this out