Metasploit is a complete and a Ultimate Security tool that provides information about Computer Security Vulnerabilities and also use in penetration testing .It was develop by HD Moore in 2003 using Perl, In 2007 it was completely written in Ruby .Rapid7 in 2009 acquired it .Today it comes with two different version First is Professional and second one is Community version which is free of cost.
It’s Pro version has some Addition feature then Community version .Latest Metasploit 4.11 ,which is include on latest Kali Linux 1.1.0a for other linux or Unix (including Mac OSX) users can easily download it from Rapid7 website.Over a past few year several exploit framework has been developed like Core Impact, Immunity Canvas ,Metasploits and others. It provides dynamic shellcode capabilities i.e each exploit in the framework ,you can choose various shellcode payload such as bind shell, reverse shell . It’s best thing that frequently update with new exploit and consistantly improved and further developed by Rapid7 and Security communities.
The latest Kali version contain two default pakages : metasploit-freamwork which is open-source and metasploit which is also know as Metasploit-Pro ,It is a complete Security tool include pentration testing, active and passive information gathering , venerability research and development also provide client side attack and post exploit techniques with different functionality in msf .
Most common Metasploit’s Interface:
msfconsole :- This is also called interactive console interface ,this is commonly used to run regular task.
msfcli :- It is also an Interactive but not like msfconsole ,and msfcli is use in particular situation.
armitage :- Armitage is an third-party add-on which is provide GUI (Graphical User Interface ) using Metasploit-framewaork
To Start with it Download Metasploit from its Official Website (non-Kali User)
For kali not required to install because it is preloaded in Kali Linux
Setting up Metasploit’s Framework :
service of metasploit are not active initially to use msfconsole or other interface of metasploit, firstly active the service postgresql and metasploit.
root@kali:~# service postgresql start root@kali:~# service metasploit start
or
root@kali:~# /etc/init.d/postgresql start root@kali:~# /etc/init.d/metasploit start
To enable the postgresql and metasploit at boot time
root@kali:~# update-rc.d postgresql start root@kali:~# update-rc.d metasploit start
See Also:Exploit Development Process:Moving towards Real world Hacking
Exploring the Metasploit’s Framework :
Now when Every thing is setup, so it’s time to explore the various exploits, auxiliary modules , payloads and plugins that it has offer by using msfconsole interface.
Auxiliary modules:
Metasploit’s Framework has includes many modules that was provide a huge functionality ( Port scanning, Sniffing and other one ) show command is usefull to explore advanced option which we will use in future.
root@kali:~# show auxiliary
show auxiliary option or command which will display a long list of different auxiliary .
See Also: Exploiting buffer overflows using command line
Metasploit Exploit Module:
This Exploit is contain exploit code for service and vulnerable apps. It has large community have thousands of exploit and developer which make exploit code developed for a large variety or categories of vulnerable service (like BufferOverflow).
root@kali:~# show exploits
show exploits command use to explore all the currently available exploit into the console.
In the use of above Show Exploits command in Kali Linux display the all Exploit for different situation and also provide the rank of an exploit for better result.
for more information go to official website
See Also:Next step towards exploit : finding the return address
Follow us on Facebook, Google Plus and Twitter.