💻

Metasploit Course Overview and Setup

Aug 30, 2024

Metasploit Course - Part 1 Notes

Introduction

  • Video presented by Hackersploit.
  • Complete Metasploit course aimed at taking learners from beginner to advanced.
  • Course planned to be completed within a week.

Overview of Metasploit

  • Definition: Leading exploitation framework used by penetration testers and ethical hackers.
  • Developer: Developed by Rapid7, which also owns vulnerability scanners like Nexpose.

Metasploit Interfaces

  1. MSF Console: Interactive command line interface.
  2. Armitage: GUI framework for Metasploit.
  3. MSF CLI: Literal Linux command line interface.
  4. MSF Web: Browser-based interface.

Setting Up Metasploit

  • Operating System: Demonstration on ParrotOS.
  • PostgreSQL Database: Must start the PostgreSQL database service for faster searches and information storage.
    • Command to start: service postgresql start
  • System Requirements:
    • Minimum 2GB RAM (recommended 4GB or more).
    • Good processor (i3 or i5 recommended).

Basic Commands in MSF Console

  • Help Command: Provides guidance on commands.
  • Use Command: Load a module (e.g., use exploit/windows/browser/adobe_flash_avm2).
  • Show Commands:
    • show options: Displays customizable options for the module.
    • show payloads: Displays compatible payloads for the exploit.
    • show targets: Shows potential targets for exploitation.
    • show info: Provides detailed information about the module.

Important Module Types in Metasploit

  1. Exploits: Modules that take advantage of vulnerabilities in a system.
  2. Payloads: Code that gets executed on the target system post-exploit (e.g., meterpreter).
  3. Auxiliary: Additional modules for various tasks.
  4. Nops: No operation payloads used to pad exploits.
  5. Post: Modules for post-exploitation tasks.
  6. Encoders: Used to encode payloads to evade detection.

Searching for Modules

  • Search Command: Use to find specific exploits or payloads.
    • Example: search type:exploit platform:windows name:flash
  • Set Command: Used to configure specific options for an exploit/payload (e.g., set RHOST 192.168.1.1).

Example of Using a Module

  1. Load the module: use exploit/windows/browser/adobe_flash_avm2
  2. Show options: show options
  3. Set necessary options:
    • set RHOST (target IP)
    • set SRVPORT (port number)
  4. Execute exploit: exploit

Conclusion

  • In the next video, advanced topics will be covered including module types, reconnaissance, using Armitage UI, and custom payload creation with MSF Venom.
  • Encouragement to engage through comments or social media.
  • Reminder to check out the documented version of the video on hsploit.com.

Full transcript