I. IntroductionMetasploit is a penetration testing tool used by penetration tester to test the integrity of operating system.Apart from pentesting,black hat hackers are using metasploit framework for hacking the target machine by obtaining meterpreter session.Metasploit is available for windows and linux. Its full name is called The Metasploit Framework,called MSF. It is the world's most popular Metasploit tool, not only because of its convenience and powerful, more important is its frame. It allows attacker to develop their own vulnerability scripts, for testing and hack victim system.In this tutorial,i will write detail article about
- What is metasploit?
- How to use metasploit framework?
- How to download metasploit pro?
- Metasploit tutorial for beginner(msfconsole).
II. RequirementBefore using Metasploit, we have to ensure that their equipment can achieve the following requirements, which include both hardware and software.
Hardware : Make sure your computer or VM has reached the following requirements.
Hard disk space : If you want to use Metasploit, first you have to make sure you have 10GB of storage space. Because Metasploit will use some large files. Make sure the time is not in the partition to FAT32 partition type. Because FAT32 does not support large files to run. My suggestion is NTFS, ext3 partitions or other types. My suggestion is that you have the best use of space 30GB.
Memory : Kali on the recommendations of memory to do a lot to explain, in fact, as long as your memory is equal to or greater than 2GB, you can use various versions of the Kali the system.
Processor : official system explained, as long as the processing speed of the processor is greater than or equal to 400MHz can use Kali system. However, I recommend a minimum of 500MHz
Network Equipment : You can use cat5 interface accessible. Please make sure your network equipment have DHCP, if not, then please assign IP for your own kali. Of course, you can also use a wireless network, but please for your wireless network card installed corresponding driver.
Software : It is recommended that users install two operating systems. One is a kali system, one is a victim of the system or test system. The reason for this is security personnel can easily do some testing.
VM : Our recommendation is to use a virtual machine to run kali system. VMware Player can be said to be the best choice. This software is free, users only need to register to be able to use. Of course, you can also select other virtual machines, but my advice is VMware.
Kali Linux : in front of me did not introduce kali system. Let us talk about this system now. Kali is a linux system package. Kali system is that this system is a little collection of a lot of good security tools, while these tools upgrade. Which also includes the Metasploit. You can download Kali Linux system at:
Metasploitable : Maybe you met a lot of linux systems, but do not know how to use those linux vulnerabilities. Fortunately, Metasploit development team is aware of this problem. They produced a Metasploitable system. This system contains a loophole large and small linux is very suitable as a test system. Both to improve technology, but also to "self-obscenity" look. Metasploitable now have second version, here is the download address.
III. Introduction Metasploit structure
Let's look at a picture below. Because professional terminology more, some key terms I will not translate, to prevent the impact of articles and academic correctness.
System files and librariesMSF system files via a very intuitive way arrangement, and unfolded the way through the catalog. Now I say it describes each directory.
data directory: inside the store some files can be edited, mainly to use Metasploit
documentation directory: MSF provide some introductory documentation, etc.
external directory: source files and third-party libraries
The main part of the MSF framework: lib directory
modules directory: MSF module storage location
plugins directory: storage Metasploit plugin
scripts directory: storage Meterpreter Code (shell code) or other script files
tools directory: Various useful command-line tool.
Storehouse1. Rex Library
1.1 The most basic form
1.2 network sockets, network application protocol client and server implementation, logging subsystem
1.3 SSL, SMB, HTTP, XOR, Base64, Unicode
2. Msf :: Core Library
2.1 provides some basis for comparison of the API interface
2.2 In order to define the framework of the MSF
3. Msf :: Base
3.1 provides some additional and simple API interface
Module and location
- The main Metasploit module position in the /usr/ share/metasploit-framework/modules/directory.
- Generally user settings ~/.msf4/modules/
Metasploit Object ModuleIn MSF inside, all the modules are conducted through written language ruby
The msfconsole is probably the most popular interface to the Metasploit Framework (MSF). It provides an “all-in-one” centralized console and allows you efficient access to virtually all of the options available in the MSF. Msfconsole may seem intimidating at first, but once you learn the syntax of the commands you will learn to appreciate the power of utilizing this interface.
With msfconsole, you can access and use all Metasploit plug-ins, payloads, the use exploit modules, post module and so on. MSFCONSOLE interface can integrate to third-party programs as well, such as nmap, sqlmap, etc., can be used directly in msfconsole inside.
To start MSFCONSOLE, you need only type msfconsole on your command prompt window.
- msfconsole -h -- displayed in msfconsole initialization
- msfconsole -help -- can be used after entering msfconsole display.
- banner -- view metasploit version information, view all modules
- back -- used to return
- check -- many of the modules do not support the use of this parameter
- color -- set some color command line
- connect -- used for remote connection to the host.
- edit -- edit the current module
- info -- view information, including the option to take advantage of the conditions, the vulnerability author, you can use the payload, and so on.
- irb -- enter irb script mode, and execute commands to create the script.
- jobs -- can be viewed on msfconsole, you can check which task currently exist, and can choose to end task unwanted.
- kill -- can terminate unwanted processes
- load/unload -- load/unload a number of plug-in from inside the plug metasploit library
- resource -- run some resource files, some tools, such as Karmetasploit very need this parameter.
- route -- the forwarding agent
- search -- find modules that you want to use
- set/unset -- setting/un-setting paramter of modules
- show -- show all of the payload, the ese of modules, post modules, plugins and so on
- use -- use module