Installing PostgreSQL
Metasploit depends on PostgreSQL for database connection, to install it on Debian/Ubuntu based systems run:
To download and install metasploit run:
templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall &&
chmod 755 msfinstall &&
./msfinstall
After installation ends to create the database run:
During the process you will be asked for a username or password, you can ignore the password, at the end you’ll see the username you assigned to the database, the password and token and below a URL https://localhost:5443/api/v1/auth/account , access it and login using the username and password.
To create the database and then run:
After launching metasploit type “db_status” to make sure the connection is working properly as shown in the image above.
Note: In case you find problems with the database, try the following commands:
service postgresql status
msfdb reinit
msfconsole
Make sure postgresql is running when checking it’s status.
Getting started with metasploit, basic commands:
search
use
back
host
info
show options
set
exit
The command help will print the man page for metasploit, this command does not need description.
The command search is useful to find exploits, let’s search for exploits against Microsoft, type “search ms”
It will show a list of Auxiliary Modules and Exploits helpful against Microsoft running devices.
An Auxiliary Module in Metasploit is an aiding tool, it adds features to metasploit such as brute force, scanning for specific vulnerabilities, target localization within a network, etc.
For this tutorial we don’t have a real target for testing but we’ll use an auxiliary module to detect camera devices and take snapshots. Type:
As you see the module was chosen, now let’s go back by typing “back” and type “hosts” to see the list of available targets.
The hosts list is empty, you can add one by typing:
hosts -a linuxhint.com
Replace linuxhint.com for the host you want to target.
Type hosts again and you’ll see a new target added.
To get information on an exploit or module, select it and type “info”, run the following commands:
info
The command info will provide information on the exploit and how to use it, additionally you can run the command “show options”, which will only show usage instructions, run:
Type back and select a remote exploit, run:
show options
set RHOSTS linuxhint.com
set target 0
exploit
Use the command set as in the image to define remote hosts (RHOSTS) , local hosts(LOCALHOSTS) and targets, each exploit and module has different information requirements.
Type exit to leave the program getting the terminal back.
Obviously the exploit won’t work because we are not targeting a vulnerable server, but that’s the way in which metasploit works to carry out an attack. By following the steps above you can understand how basic commands are used.
You can also merge Metasploit with vulnerability scanners such as OpenVas, Nessus, Nexpose and Nmap. Just export the resuts of these scanners as XML and on Metasploit type
Type “hosts” and you’ll see the hosts of the report loaded into metasploit.
This tutorial was a first introduction to Metasploit console use and it’s basic commands. I hope you found it helpful to getting started with this potent software.
Keep following LinuxHint for more tips and updates on Linux.