Metasploit Course Overview and Setup

hey guys Hackersploit here back again with another video in this video we're going to be looking at Metasploit all right now this is going to be the complete Metasploit course and this is going to take you from an advanced user of the Metasploit framework all right now as I said this is going to be an advanced course and it's going to take a beginner to advanced so that is the goal of the course and i'm going to try and cover it within one week so i'm gonna you know make the videos and i'm gonna upload them and hopefully uh you guys like the format in which i'll be uploading them so i'm not gonna waste time on one series i'm gonna complete it and then we'll move on to the next one right so i've made a lot of videos about metasploit but i realized that i really didn't cover uh the basics and how to navigate around uh around this and you know for most of the beginners you really don't understand Some of you guys did not understand the format and the way Metasploit worked. Alright, so let's get started. So this is going to be part one and we're going to be looking at all the basics to get started with. Right? Okay, so for those of you already asking what operating system I'm using, I'm using ParatOS for this demonstration. I just seem to really really enjoy the latest update and I've been using it as my daily driver on my laptop as you can see. I'm recording this on my laptop. So yeah, let's get started. So what is Metasploit? All right, so Metasploit essentially is the, you know, it's the leading exploitation framework. All right, so it is used by nearly every penetration tester or ethical hacker or hacker for that matter. And it is really, really important that you master it for you to, you know, to enter this field, right, or to, you know, to prosper in this field. Now, it was developed by Rapid7. All right. So Rapid7 is a company that owns the different, it owns these different vulnerability scanners like Nexpose. And it, again, as I've said, it owns Metasploit. All right. Now, looking at the Metasploit interfaces, we've already looked at some throughout, you know, the channel. And one of them is the MSF console. All right. So these are the... the multiple Metasploit interfaces. So we have MSF console, we have Armitage. All right, so Armitage is simply put a GUI framework that allows you to use the Metasploit framework. The MSF console gives you an interactive command line like interface that allows you to also use the framework, which is what we're going to be looking at because it's the easiest to set up. You then have the MSF CLI, which is a which is going to be a very little literal Linux command line interface that also allows you to use or the Metasploit framework, you then have finally the MSF web, which is the browser based interface, which is what we looked at, where we set up the community version, and we were able to scan for our targets and find the vulnerabilities, right. So as I said, we're going to be focusing on MSF console. Now, you know, the first thing to understand is that Metasploit as we have looked at pre in previous videos, I really didn't show you how to set it up correctly, and how to make it faster, because most of you realized it. And a lot of you guys raised that question, do I need to start any services? Yes, you do need to start the services. All right, now, you need to start the PostgreSQL database service, which does come with the major penetration testing distributions. So if you if you're running this on a normal Linux distribution, you know, I recommend that you switch to a penetration testing distribution, because these tools will be already pre installed. Right. So you don't need to run this on your main computer like I am, you can also run it in a virtualized environment, moving along. So we have to start the PostgreSQL database. All right. So what this will do is it will allow Metasploit to run faster searches. And that will allow Metasploit to store the information while you are performing the scanning and or exploitation. Alright, so I'm going to open up my terminal here. And what I'm going to do is let me just try and zoom this in. So I should have done that before I started the video. But you know what, I'm just going to run this through the para terminal because I don't want to confuse you guys. Right. So let me just zoom that in so we can have a good view of what's going on. Alright, so it's very, very simple to start your PostgreSQL service, as you know, with Linux, so it's service. post very very simple post progress whoops my bad sorry about that whoops there we are alright so service Boost please forgive my typing. I'm on a laptop right now. Boost greSQL. All right, and we can start. Whoops, my bad again. all right and you want to start the service now and it's going to ask you for your root password so make sure you enter that and once the service is started we can then move on to use the msf console all right which is the command line interface so again start it up so MSF console, and you'll see that it will load much much faster than when you if you didn't start up the PostgreSQL database. Alright, so just give it give the first run a bit of time because again, it's building the database. and it should load up immediately, right? So as you can see, it's starting the Metasploit framework console. And give that a few seconds as always. Now one thing I want to just tell you, and a lot of you guys have been asking me is, what are the system requirements? You know, if you want to become a penetration tester, the truth is, the thing that you need the most is going to be RAM. Now the minimum I would recommend 2GB works fine. But if you're going to be running a lot of penetration tests, i would recommend that you get a minimum of four gigabytes of ram and then you can uh possibly upgrade to eight and the ideal what would be eight to twelve all right so again you also want to make sure that your processor can match that so i would recommend you know an i5 or an i3 processor a good one quad core hopefully uh depending on you know on what you can afford it really really doesn't matter but if you want some great efficiency I recommend you get a computer with some good RAM. Alright, so once it starts up, it's really, really very simple. And we've gone through this before. Now, if you're wondering what are the other ways of launching it, what you can do is go to your, you know, in Kali Linux, it's simply your your menu in para twice, it lies they lie in the same in the same category, they lie in exploitation tools. Alright, so when once you open exploitation tools, you can see that the Metasploit framework exists and it gives you the various options that you can use you have Armitage the Metasploit framework and you can update it and this is a another way of accessing it if you don't want to go through it through the terminal all right now let's look at the Metasploit keywords that are very very important now this is something that i did not fully cover so i'm going to do it right now now Metasploit has six types of modules we use mostly four of them the most all right but i'm going to explain them to you So the first thing we have is exploits. All right, it has exploits, it has payloads, it has the auxiliary, it has nops, it has post and it has encoders. All right. Now, let me explain what they are very, very simply and very quickly. Now an exploit is a model is a module that will take advantage of a system. All right, so it'll take advantage of our system's vulnerability. All right, so it's not going to you know just take advantage of a system that is patched or does not have any vulnerability it needs to have a vulnerability all right and then it will um it will install a payload on the system all right now the payload can either be a reverse shell or a metapretter all right so it'll give you access to that computer in form of the payload now uh you know uh Usually with other systems or in other environments, you would usually call these payloads things like rootkits and stuff like that. But for now, just understand that the payload is what the exploit will try and plant on the system. All right. So that will give you that access to the system, obviously, through an exploit, through a vulnerability that is then exploited. All right. So that's simple. Now, once I've explained that, now let's look at some of the basic commands. Now, one of the best commands that you know, you can use is the help command. And if I open up that up right now, you can see that whoops, let me there we are. If you open this up, it'll give you all the help commands or the commands that are very, very important for you. And again, this is very, very useful, because it will give you the ability to at any time, you know, refer to this documentation. So if you're lost, this can be a very, very good way of of using or of getting guidance using this framework. So you can go through this if you're feeling a bit lost. Alright, so that's the help command very, very important. And you'll find yourself using this quite a lot. Right? Alright, now. Let's look at the other commands. Now one of the most useful ones is the use command because the use command will allow you to load a module. Alright, so for example, we can load many, many modules here. And one of the most you know, the most common ones that you can start to load is the let's see, one that comes straight off my head of the back of my head. It is the X. Yeah. I think I remember this one, this was quite an old exploit and allows us to exploit the the Adobe Flash. I think it's the plugin. Yeah, the Adobe Flash plugin. Alright, so let me try to see if I remember. So use exploit. So use the use command allows you to use a module. So then you give the module name right. So use exploit. And then it was Windows. Alright, so it is a Windows and then browser. right and was it flash oops let me just bring that in into context here like so I think I already clicked on it I'm really really sorry about that let me just close that up there we are so use sorry about that I launched it by mistake so let me remember to use exploit windows right Windows was it Windows browser I'm not sure if it is the correct one use Windows browser and it is the Adobe whoops Adobe Flash AVM 2 believe was the vulnerability oops underscore my bad AVM to write use exploit Adobe AVM to let's see if that's the correct one there we are alright so that is the exploit I'm glad I remember it right so that is also very, very useful one, but I do believe it is patched by now. Alright, so now it medisploit has successfully loaded the module. Now one thing to understand is if it loads the module correctly, it will display the module name in red. Alright, so that's something you know, you can take home. Now, Since it's become red, we know that we can use it. Now the best command to use now in this case is the show command. And the show command will allow you to basically give you information on the module. Alright, so if I say show, there we are, it's going to give us some information. Now it may seem overwhelming, but really don't worry. So it's going to give you some information and you really don't need to worry about what it's telling me because I'm using a I'm using the flash player. exploit and all of this may seem like nonsense to you but we'll get to how to use the correct modules all right so as you can see it's given me some options and very very nicely there you you know these are the it's given us information about the the exploit or the module right so now what we can do is we've already show we have already shown what exists the information that exists now we can show options alright so the options will show us the options that we can change about the module all right So it'll give us, you know, the it'll give us options that we can change. So if I say show options, there we are, it's going to say what now these are things that you can customize depending on how you how and the method of exploitation. All right, so you have the server host, you have the local machine, the server port, whether it has SSL, the SSL certificate, you can change all of these options. All right. Now, the other options that we have is the payloads show payloads. Alright, once we show the payloads, just give it a few seconds, it's going to take a few seconds, obviously. Right, so give it a few seconds. And it should load up really, anytime now, again, please bear with me, guys. I'm running this on a laptop. There we are. Alright, so these are all the payloads that you can load. Now these as we have looked at, you know, in previous videos with Metasploit, give us different different ways of approaching an attack all right so it will give you or you'll give you all the payloads that are compatible with this exploit all right now if we look at the other options so we will be looking at all of this if you look at the other options we have the show targets all right so show targets will show you the targets that you can change which in this case is just we have not set anything all right now the targets um we can it's going to display the targets that you're trying to target um and you know the thing is with a different exploits you can have a lot of different targets you can specify many many targets all right And it's really important that you get this right. Now, some other commands that we can use, you know, that can describe that can give us information about the module or the exploit that we're using is the show info. All right, the show info will give you information about it will give you information about the exploit. All right. So as you can see here, this module exploits a vulnerability found in the ActiveX component of the Adobe Flash player before all right so again it's for a specific version and will not work on the latest one we already knew that right that's the trick now uh there's a lot of other commands that you can look at and one of them is the msf search all right so you can use the search command and the search command will give you the ability uh to search and find the module that you need all right now you know metasploit has a lot of modules and finding one finding the right one is probably the you know the most important thing and it can also can be the most time consuming so you need to learn how to use the the search command all right now with the search command it comes with um with some very very important keywords the search command comes with the keywords like the platform all right so this is to target or to search for the platform specifically you then have the type right, this will give you the type of module for example, exploits payloads, as we already discussed, you then have the name and this is if you're searching for a specific name, right, so we can do this very, very nicely right now. Alright, so what I'm going to do is, I'm just gonna, I'm just gonna control C, oops, let me just exit this. Alright, so I'm going to start the MSF console again, just to show you how this would work. Alright, so I'm going to start that up again. And let's just give it a few seconds. And I'm going to show you how to do this. Alright. So as I said, using the search command allows you to search for exploits. So that's great. And then we'll be looking at the other ones, right? So let it start up. I really, really sorry about the slow startup times. Again, you know, just bear with me, it should start up there. Yeah. Alright. So as I was saying, the most important one is the search, right? So if we search, it's very simple. So search type, alright, so that's the keyword type, the type is going to be an exploit, we're going to search for the same one. So type exploit, it is an exploit, the platform was Windows. The platform was Windows and flash. Alright, so if we search for that, whoops, my bad. Pardon me, guys, my typing today is is Thank you. There we are. All right, and it's going to give us all of these options. Now, the correct one that we want is the is probably the first one, it's going to lie up here. And there's a lot of them that you can use, or that we can use, you know, some of them are they're sorted with the their day, their date. And this allows you to, you know, specify or to get one that works. Okay. So what we're going to do now is we need to set. All right. Now, when I'm saying set you, that allows you to set a specific, it allows you to set the specific payload or the exploit that you're trying to use. In this case, we can you know, you can just use the first one because I don't want to go through all of these ones. There's a lot that you can use over here. And as you can see, this is the one that we were using previously, the exploit, the AVM2 is very, very popular one at some given time so we're gonna say set all right and I'm just gonna paste that in there there we are and whoops set option oh sorry about that guys apologies apologies apologies all right so we have to use the use and whoops and I'm going to paste that in there use there we are so that's the module that we were using and then we use the set to set the options so we can say show options like so and we have the options here and then to set the specific options what you just do is you use things like let's if you wanted to set the server port so usually this would be set SRV server whoops server port right and we'll set that to 80 right and that will set it to 80 we can then say we can set other things like we can set a lot of other stuff and once you're all set so let's say we could say set the server host to something like set the server host then that's going to be the host IP so SRV host all right to something like of course this doesn't make any sense because I'm not really targeting a system and you will also set and then if you say show options again As you can see, it's going to show you the options that you did set, which we set were the server host and the server port. And once you're ready to exploit, once you've set all the options, all you have to do is just hit exploit and it will exploit it perfectly. Right. So let's try that right now. And of course, it's not going to give us anything. Right. Because we have not done anything. So if I hit exploit, it's going to hit exploit and it's probably not going to return anything important here. Right. so just give it a few seconds right again as you can see it's not displaying anything because there we are all right so it did start a reverse tcp handler uh on a specific on this ip using the port uh you know four four four four four all right but we're not gonna get anything out of that really right now i'm pretty pretty sure of that right all right so once that's done Once you're done exploiting or in this case as you can see we have not really exploited anything We can just let me just close this there We are and we're done now the last commands that I want to show you are the exit or the back command Which takes you a step back? you can use the exit command to exit the Metasploit or the MSF console framework all right and these are or that is all the basics that I needed to cover in the first video now in the next video we're going to be looking at some really really advanced stuff so we're going to be looking at the module types we'll be looking at performing reconnaissance the Armitage UI and we'll be looking at exploiting some Windows systems then finally we'll be building our own custom payloads with the MSF venom framework or interface alright so thank you so much for watching this video guys if you found value in this video please leave a like down below and you know if you have any questions or suggestions let me know in the comment section down below or you can hit me up on my social networks for the documented article or the documented version of this video check out my website hsploit.com Link will be in the description and you can also get this on my application. So again, again, guys, thank you so much for watching. Merry Christmas, and I'll be seeing you in the next video. Peace

Right? Okay, so for those of you already asking what operating system I'm using, I'm using ParatOS for this demonstration. I just seem to really really enjoy the latest update and I've been using it as my daily driver on my laptop as you can see.

I'm recording this on my laptop. So yeah, let's get started. So what is Metasploit?

All right, so Metasploit essentially is the, you know, it's the leading exploitation framework. All right, so it is used by nearly every penetration tester or ethical hacker or hacker for that matter. And it is really, really important that you master it for you to, you know, to enter this field, right, or to, you know, to prosper in this field. Now, it was developed by Rapid7.

All right. So Rapid7 is a company that owns the different, it owns these different vulnerability scanners like Nexpose. And it, again, as I've said, it owns Metasploit. All right.

Now, looking at the Metasploit interfaces, we've already looked at some throughout, you know, the channel. And one of them is the MSF console. All right. So these are the...

the multiple Metasploit interfaces. So we have MSF console, we have Armitage. All right, so Armitage is simply put a GUI framework that allows you to use the Metasploit framework. The MSF console gives you an interactive command line like interface that allows you to also use the framework, which is what we're going to be looking at because it's the easiest to set up. You then have the MSF CLI, which is a which is going to be a very little literal Linux command line interface that also allows you to use or the Metasploit framework, you then have finally the MSF web, which is the browser based interface, which is what we looked at, where we set up the community version, and we were able to scan for our targets and find the vulnerabilities, right.

So as I said, we're going to be focusing on MSF console. Now, you know, the first thing to understand is that Metasploit as we have looked at pre in previous videos, I really didn't show you how to set it up correctly, and how to make it faster, because most of you realized it. And a lot of you guys raised that question, do I need to start any services? Yes, you do need to start the services. All right, now, you need to start the PostgreSQL database service, which does come with the major penetration testing distributions.

So if you if you're running this on a normal Linux distribution, you know, I recommend that you switch to a penetration testing distribution, because these tools will be already pre installed. Right. So you don't need to run this on your main computer like I am, you can also run it in a virtualized environment, moving along.

So we have to start the PostgreSQL database. All right. So what this will do is it will allow Metasploit to run faster searches. And that will allow Metasploit to store the information while you are performing the scanning and or exploitation.

Alright, so I'm going to open up my terminal here. And what I'm going to do is let me just try and zoom this in. So I should have done that before I started the video. But you know what, I'm just going to run this through the para terminal because I don't want to confuse you guys.

Right. So let me just zoom that in so we can have a good view of what's going on. Alright, so it's very, very simple to start your PostgreSQL service, as you know, with Linux, so it's service. post very very simple post progress whoops my bad sorry about that whoops there we are alright so service Boost please forgive my typing.

I'm on a laptop right now. Boost greSQL. All right, and we can start. Whoops, my bad again.

all right and you want to start the service now and it's going to ask you for your root password so make sure you enter that and once the service is started we can then move on to use the msf console all right which is the command line interface so again start it up so MSF console, and you'll see that it will load much much faster than when you if you didn't start up the PostgreSQL database. Alright, so just give it give the first run a bit of time because again, it's building the database. and it should load up immediately, right?

So as you can see, it's starting the Metasploit framework console. And give that a few seconds as always. Now one thing I want to just tell you, and a lot of you guys have been asking me is, what are the system requirements?

You know, if you want to become a penetration tester, the truth is, the thing that you need the most is going to be RAM. Now the minimum I would recommend 2GB works fine. But if you're going to be running a lot of penetration tests, i would recommend that you get a minimum of four gigabytes of ram and then you can uh possibly upgrade to eight and the ideal what would be eight to twelve all right so again you also want to make sure that your processor can match that so i would recommend you know an i5 or an i3 processor a good one quad core hopefully uh depending on you know on what you can afford it really really doesn't matter but if you want some great efficiency I recommend you get a computer with some good RAM.

Alright, so once it starts up, it's really, really very simple. And we've gone through this before. Now, if you're wondering what are the other ways of launching it, what you can do is go to your, you know, in Kali Linux, it's simply your your menu in para twice, it lies they lie in the same in the same category, they lie in exploitation tools. Alright, so when once you open exploitation tools, you can see that the Metasploit framework exists and it gives you the various options that you can use you have Armitage the Metasploit framework and you can update it and this is a another way of accessing it if you don't want to go through it through the terminal all right now let's look at the Metasploit keywords that are very very important now this is something that i did not fully cover so i'm going to do it right now now Metasploit has six types of modules we use mostly four of them the most all right but i'm going to explain them to you So the first thing we have is exploits.

All right, it has exploits, it has payloads, it has the auxiliary, it has nops, it has post and it has encoders. All right. Now, let me explain what they are very, very simply and very quickly. Now an exploit is a model is a module that will take advantage of a system. All right, so it'll take advantage of our system's vulnerability.

All right, so it's not going to you know just take advantage of a system that is patched or does not have any vulnerability it needs to have a vulnerability all right and then it will um it will install a payload on the system all right now the payload can either be a reverse shell or a metapretter all right so it'll give you access to that computer in form of the payload now uh you know uh Usually with other systems or in other environments, you would usually call these payloads things like rootkits and stuff like that. But for now, just understand that the payload is what the exploit will try and plant on the system. All right.

So that will give you that access to the system, obviously, through an exploit, through a vulnerability that is then exploited. All right. So that's simple. Now, once I've explained that, now let's look at some of the basic commands. Now, one of the best commands that you know, you can use is the help command.

And if I open up that up right now, you can see that whoops, let me there we are. If you open this up, it'll give you all the help commands or the commands that are very, very important for you. And again, this is very, very useful, because it will give you the ability to at any time, you know, refer to this documentation. So if you're lost, this can be a very, very good way of of using or of getting guidance using this framework.

So you can go through this if you're feeling a bit lost. Alright, so that's the help command very, very important. And you'll find yourself using this quite a lot.

Right? Alright, now. Let's look at the other commands.

Now one of the most useful ones is the use command because the use command will allow you to load a module. Alright, so for example, we can load many, many modules here. And one of the most you know, the most common ones that you can start to load is the let's see, one that comes straight off my head of the back of my head. It is the X. Yeah.

I think I remember this one, this was quite an old exploit and allows us to exploit the the Adobe Flash. I think it's the plugin. Yeah, the Adobe Flash plugin. Alright, so let me try to see if I remember. So use exploit.

So use the use command allows you to use a module. So then you give the module name right. So use exploit.

And then it was Windows. Alright, so it is a Windows and then browser. right and was it flash oops let me just bring that in into context here like so I think I already clicked on it I'm really really sorry about that let me just close that up there we are so use sorry about that I launched it by mistake so let me remember to use exploit windows right Windows was it Windows browser I'm not sure if it is the correct one use Windows browser and it is the Adobe whoops Adobe Flash AVM 2 believe was the vulnerability oops underscore my bad AVM to write use exploit Adobe AVM to let's see if that's the correct one there we are alright so that is the exploit I'm glad I remember it right so that is also very, very useful one, but I do believe it is patched by now.

Alright, so now it medisploit has successfully loaded the module. Now one thing to understand is if it loads the module correctly, it will display the module name in red. Alright, so that's something you know, you can take home.

Now, Since it's become red, we know that we can use it. Now the best command to use now in this case is the show command. And the show command will allow you to basically give you information on the module. Alright, so if I say show, there we are, it's going to give us some information. Now it may seem overwhelming, but really don't worry.

So it's going to give you some information and you really don't need to worry about what it's telling me because I'm using a I'm using the flash player. exploit and all of this may seem like nonsense to you but we'll get to how to use the correct modules all right so as you can see it's given me some options and very very nicely there you you know these are the it's given us information about the the exploit or the module right so now what we can do is we've already show we have already shown what exists the information that exists now we can show options alright so the options will show us the options that we can change about the module all right So it'll give us, you know, the it'll give us options that we can change. So if I say show options, there we are, it's going to say what now these are things that you can customize depending on how you how and the method of exploitation. All right, so you have the server host, you have the local machine, the server port, whether it has SSL, the SSL certificate, you can change all of these options. All right.

Now, the other options that we have is the payloads show payloads. Alright, once we show the payloads, just give it a few seconds, it's going to take a few seconds, obviously. Right, so give it a few seconds.

And it should load up really, anytime now, again, please bear with me, guys. I'm running this on a laptop. There we are. Alright, so these are all the payloads that you can load.

Now these as we have looked at, you know, in previous videos with Metasploit, give us different different ways of approaching an attack all right so it will give you or you'll give you all the payloads that are compatible with this exploit all right now if we look at the other options so we will be looking at all of this if you look at the other options we have the show targets all right so show targets will show you the targets that you can change which in this case is just we have not set anything all right now the targets um we can it's going to display the targets that you're trying to target um and you know the thing is with a different exploits you can have a lot of different targets you can specify many many targets all right And it's really important that you get this right. Now, some other commands that we can use, you know, that can describe that can give us information about the module or the exploit that we're using is the show info. All right, the show info will give you information about it will give you information about the exploit. All right. So as you can see here, this module exploits a vulnerability found in the ActiveX component of the Adobe Flash player before all right so again it's for a specific version and will not work on the latest one we already knew that right that's the trick now uh there's a lot of other commands that you can look at and one of them is the msf search all right so you can use the search command and the search command will give you the ability uh to search and find the module that you need all right now you know metasploit has a lot of modules and finding one finding the right one is probably the you know the most important thing and it can also can be the most time consuming so you need to learn how to use the the search command all right now with the search command it comes with um with some very very important keywords the search command comes with the keywords like the platform all right so this is to target or to search for the platform specifically you then have the type right, this will give you the type of module for example, exploits payloads, as we already discussed, you then have the name and this is if you're searching for a specific name, right, so we can do this very, very nicely right now.

Alright, so what I'm going to do is, I'm just gonna, I'm just gonna control C, oops, let me just exit this. Alright, so I'm going to start the MSF console again, just to show you how this would work. Alright, so I'm going to start that up again.

And let's just give it a few seconds. And I'm going to show you how to do this. Alright.

So as I said, using the search command allows you to search for exploits. So that's great. And then we'll be looking at the other ones, right?

So let it start up. I really, really sorry about the slow startup times. Again, you know, just bear with me, it should start up there.

Yeah. Alright. So as I was saying, the most important one is the search, right? So if we search, it's very simple. So search type, alright, so that's the keyword type, the type is going to be an exploit, we're going to search for the same one.

So type exploit, it is an exploit, the platform was Windows. The platform was Windows and flash. Alright, so if we search for that, whoops, my bad.

Pardon me, guys, my typing today is is Thank you. There we are. All right, and it's going to give us all of these options. Now, the correct one that we want is the is probably the first one, it's going to lie up here. And there's a lot of them that you can use, or that we can use, you know, some of them are they're sorted with the their day, their date.

And this allows you to, you know, specify or to get one that works. Okay. So what we're going to do now is we need to set. All right.

Now, when I'm saying set you, that allows you to set a specific, it allows you to set the specific payload or the exploit that you're trying to use. In this case, we can you know, you can just use the first one because I don't want to go through all of these ones. There's a lot that you can use over here.

And as you can see, this is the one that we were using previously, the exploit, the AVM2 is very, very popular one at some given time so we're gonna say set all right and I'm just gonna paste that in there there we are and whoops set option oh sorry about that guys apologies apologies apologies all right so we have to use the use and whoops and I'm going to paste that in there use there we are so that's the module that we were using and then we use the set to set the options so we can say show options like so and we have the options here and then to set the specific options what you just do is you use things like let's if you wanted to set the server port so usually this would be set SRV server whoops server port right and we'll set that to 80 right and that will set it to 80 we can then say we can set other things like we can set a lot of other stuff and once you're all set so let's say we could say set the server host to something like set the server host then that's going to be the host IP so SRV host all right to something like of course this doesn't make any sense because I'm not really targeting a system and you will also set and then if you say show options again As you can see, it's going to show you the options that you did set, which we set were the server host and the server port. And once you're ready to exploit, once you've set all the options, all you have to do is just hit exploit and it will exploit it perfectly. Right.

So let's try that right now. And of course, it's not going to give us anything. Right.

Because we have not done anything. So if I hit exploit, it's going to hit exploit and it's probably not going to return anything important here. Right. so just give it a few seconds right again as you can see it's not displaying anything because there we are all right so it did start a reverse tcp handler uh on a specific on this ip using the port uh you know four four four four four all right but we're not gonna get anything out of that really right now i'm pretty pretty sure of that right all right so once that's done Once you're done exploiting or in this case as you can see we have not really exploited anything We can just let me just close this there We are and we're done now the last commands that I want to show you are the exit or the back command Which takes you a step back? you can use the exit command to exit the Metasploit or the MSF console framework all right and these are or that is all the basics that I needed to cover in the first video now in the next video we're going to be looking at some really really advanced stuff so we're going to be looking at the module types we'll be looking at performing reconnaissance the Armitage UI and we'll be looking at exploiting some Windows systems then finally we'll be building our own custom payloads with the MSF venom framework or interface alright so thank you so much for watching this video guys if you found value in this video please leave a like down below and you know if you have any questions or suggestions let me know in the comment section down below or you can hit me up on my social networks for the documented article or the documented version of this video check out my website hsploit.com Link will be in the description and you can also get this on my application.

So again, again, guys, thank you so much for watching. Merry Christmas, and I'll be seeing you in the next video. Peace

Transcript for:Metasploit Course Overview and Setup

Transcript for:
Metasploit Course Overview and Setup