Metasploit Basics

Introduction

Metasploit is a hacking framework written in ruby. It is designed to help make writing and executing exploits as simple as possible. This tutorial will walk you through using Metasploit to write a custom exploit.

Running Metasploit

Before launching Metasploit for the first time, there is a little setup you must do in order to write custom exploits. Metasploit automatically loads exploits from ~/.msf3/modules/exploits. You should create all exploits in this directory. Create this directory by issuing the following command:

mkdir -p ~/.msf3/modules/exploits/

There is an example exploit provided at http://hamsa.cs.northwestern.edu/media/handouts/example.rb which you should use as a template for creating exploits. Download the file and place it in your exploits directory with the following commands:

cd ~/.msf3/modules/exploits/
wget http://hamsa.cs.northwestern.edu/media/handouts/example.rb

Now you're ready to launch Metasploit and use your exploit. Metasploit should already be installed on the machine that you're using, so to start the console, simply run msfconsole.

Before executing your exploit, it is useful to understand what some Metasploit commands do. Below are some of the command that you will use most.

All that's left is to issue a series of simple commands. The commands below use the example exploit to attack netsec-demos on port 3000 with the shell_bind_tcp payload. When it is successful it will open port 9485 on the target machine and Metasploit will show you a shell.

use example
set RHOST netsec-demos.cs.northwestern.edu
set RPORT 3000
set PAYLOAD linux/x86/shell/bind_tcp
set LPORT 9485
exploit

The following two commands will allow you to interact with a shell. The first prints all active sessions, the second interacts with a session with id 1.:

sessions -l
sessions -i 1