Friday, 27 January 2017

Metasploit Tutorial - 1 (basics and introduction)

Steps and instructions -
Hey whats up guys.

This is Metasploit Tutorial 1

I have made a complete set of metasploit tutorial from the beginners level

You don't want to miss this one because its the introduction and basic part.

So what is this Metasploit ??

It is a set of tools(framework) which is used in all types of penetration testing.

It is the mother and father of all exploit framework.

Used by every white hats and blacks hats (even the epic black hats)

So it is inbuilt in Kali Linux.

* Just open a terminal and type in "service postgresql start"

This will load the metsploit database. This will make metasploit run smoothly

This is the main problem that people don't use this command and complain that metasploit is not stable.

* Now we will open metasploit by saying "msfconsole"

This will give you the metasploit console. In which you can run metasploit framework using commands.

This can take time because the tool has lots of exploits, modules and auxiliaries.

Nice banner right??? you can change the banner by tying "banner". Just for fun.

There are alternate ways to go to msfconsole. Like shortcut on Kali desktop menu

Or in the application menu

Now, we want to see the help menu which shows us the usage commands and options.

Say '?' and hit enter without the quotes

You will get set of commands, options and other stuff to explore more of this tool.

You may want to clear the screen by saying "clear"

Now we want to take a look at some exploits. There are several exploits inbuilt in Metasploit.

Follow this tutorial to know what is an exploit ??

We can type in "show exploit" to see the available modules in this tool.

Available exploits

You can download and run exploits from other sources like exploit-db. But that we will cover in the upcoming tutorials. 

If you want to search for a particular exploit, like mysql or something,

You can type "search mysql"

You will get some exploits

We can see the information about these exploits by typing "info windows/misc/bigant_server"

Here I wanted to see the info about windows/misc/bigant_server exploit

Here you will get details about the exploit

If you want to use this exploit for hacking something, you should type "use (name of the exploit)"

When you are using that exploit, if you want to know how to set the exploit for further process you should say "options" and it will display you the options need to be setup. Here when I said options I got a few of them like RHOST, RPORT.

Here RHOST is the target IP address and RPORT is the port which we will listen to.

We will explore these options in the next tutorial.

At any time if you wish to leave the exploit, say "back"

And if you want to exit the msfconsole say "exit"

We will be doing some awesome things with this in the next tutorial.

Thank you guys for reading this.

So here are the next tutorials you should be going through.

You may want to see these tutorials -