Metasploit installation and basic commands

Chưa phân loại
Metasploit has an up to date collection of vulnerability exploits and allows a user to execute them automatically without the need of programming knowledge. It comes by default on Kali Linux. With metasploit any attacker with basic knowledge can compromise any computer or mobile device in relatively easy way.  This can be used for knowledge of how to defend a linux system from hacking attacks.

Installing PostgreSQL

Metasploit depends on PostgreSQL for database connection, to install it on Debian/Ubuntu based systems run:

apt install postgresql

To download and install metasploit run:

templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall &&

chmod 755 msfinstall &&


After installation ends  to create the database run:

msfdb init

During the process you will be asked for a username or password, you can ignore the password, at the end you’ll see the username you  assigned to the database, the password and token and below a URL https://localhost:5443/api/v1/auth/account , access it and login using the username and password.

To create the database and then run:


After launching metasploit type “db_status” to make sure the connection is working properly as shown in the image above.

Note: In case you find problems with the database, try the following commands:

service postgresql restart
service postgresql status
msfdb reinit

Make sure postgresql is running when checking it’s status.

Getting started with metasploit, basic commands:

show options

The command help will print the man page for metasploit, this command does not need description.

The command search is useful to find exploits, let’s search for exploits against Microsoft, type “search ms

It will show a list of Auxiliary Modules and Exploits helpful against Microsoft running devices.

An Auxiliary Module in Metasploit is an aiding tool, it adds features to metasploit such as brute force, scanning for specific vulnerabilities, target localization within a network, etc.

For this tutorial we don’t have a real target for testing but we’ll use an auxiliary module to detect camera devices and take snapshots. Type:

use post/windows/manage/webcam

As you see the module was chosen, now let’s go back by typing “back” and type “hosts” to see the list of available targets.

The hosts list is empty, you can add one by typing:

hosts -a

Replace for the host you want to target.

Type hosts again and you’ll see a new target added.

To get information on an exploit or module, select it and type “info”, run the following commands:

use exploit/windows/ssh/putty_msg_debug

The command info will provide information on the exploit and how to use it, additionally you can run the command “show options”, which will only show usage instructions, run:

show options

Type back and select a remote exploit, run:

use exploit/windows/smtp/njstar_smtp_bof
show options
set target 0


Use the command set as in the image to define remote hosts (RHOSTS) , local hosts(LOCALHOSTS) and targets, each exploit and module has different information requirements.


Type exit  to leave the program getting the terminal back.

Obviously the exploit won’t work because we are not targeting a vulnerable server, but that’s the way in which metasploit works to carry out an attack. By following the steps above you can understand how basic commands are used.

You can also merge Metasploit with vulnerability scanners such as OpenVas, Nessus, Nexpose and Nmap. Just export the resuts of these scanners as XML and on Metasploit type

db_import  reporttoimport.XML

Type “hosts” and you’ll see the hosts of the report loaded into metasploit.

This tutorial was a first introduction to Metasploit console use and it’s basic commands. I hope you found it helpful to getting started with this potent software.

Keep following LinuxHint for more tips and updates on Linux.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Install JetBrains IntelliJ IDEA Java IDE on Ubuntu

IntelliJ IDEA is a very powerful Java IDE from JetBrains. You can develop Java apps, Java Swing GUI apps, Android apps...

Setting up Kali Linux on AWS EC2

A penetration tester can quickly set up a Kali Linux instance on the Amazon Cloud and access it at any time for any kind...

How to Install and Configure DHCP Server on Ubuntu 18.04 LTS

The full form of DHCP is Dynamic Host Configuration Protocol. It is used to automatically assign IP addresses, routing...
Bài Viết

Bài Viết Mới Cập Nhật

Sử dụng Proxy để Quản Lý Tài Khoản Quảng Cáo Ads Một Cách An Toàn

Hướng Dẫn Sử Dụng Socks5 Trên Trình Duyệt Chrome

Các tiện ích và công cụ để quản lý proxy.

Tác động của việc sử dụng proxy đến tốc độ kết nối internet của bạn.

Các cách để kiểm tra tốc độ và độ ổn định của proxy.