paint-brush
Introducing Metasploitby@morpheuslord
342 reads
342 reads

Introducing Metasploit

by MorpheuslordMay 15th, 2021
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

The Metasploit Project is a computer security project written in ruby that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. The tool is great for pentesting and exploiting weaknesses in systems and if there is no weaknesses this helps in creating payloads which are used to hack other system. The tool now includes more than 1677 exploits organized over 25 platforms, including Android, PHP, Python, Java, Cisco, and more. The framework also carries nearly 500 payloads.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - Introducing Metasploit
Morpheuslord HackerNoon profile picture

The Metasploit Project is a computer security project written in ruby that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.

github link:

https://github.com/rapid7/metasploit-framework

Due to its wide range of applications and open-source availability, Metasploit is used by everyone White hat hackers and black hat hackers this tool is great for pentesting and exploiting weaknesses in systems and if there is no weaknesses this helps in creating payloads which are used to hack other system .

Payloads

Metasploit now includes more than 1677 exploits organized over 25 platforms, including Android, PHP, Python, Java, Cisco, and more. The framework also carries nearly 500 payloads
this includes:

  • Command shell payloads that enable users to run scripts or random commands against a host
  • Dynamic payloads that allow testers to generate unique payloads to evade antivirus software
  • Meterpreter payloads that allow users to commandeer device monitors using VMC and to take over sessions or upload and download files
  • Static payloads that enable port forwarding and communications between networks
Metasploit modules
  • Exploits: Tool used to take advantage of system weaknesses.
  • Payloads: Sets of malicious code.
  • Auxiliary functions: Supplementary tools and commands.
  • Encoders: Used to convert code or information.
  • Listeners: Malicious software that hides in order to gain access.
  • Shellcode: Code that is programmed to activate once inside the target.
  • Post-exploitation code: Helps test deeper penetration once inside.
  • Nope: An instruction to keep the payloads from crashing.
Installation and os supported

The os which are supporting metasploit are kali linux, debian, ubuntu & windows.

  • kali linux: kali comes pre installed with metasploit and it is preferred the most by pentesters and hackers as it has the best security features and as it is a linux distro it is safe from a lot of malware.
  • debian: debian does not come with metasploit but u can download it from the instructions from the docs of metasploit.
  • ubuntu: ubuntu not come with metasploit but u can download it from the instructions from the docs of metasploit.
  • windows: installing metasploit in windows is a difficult process u need to follow a lot of steps and things to get it and there is a risk of destroying ur pc in the process definitely u can do the same installation in the wsl2 debian virsion of windows and it works in it but u have to do it on ur own risk binary installer .
Hardware requirements
  • 2 GHz+ processor
  • Minimum 4 GB RAM, but 8 GB is recommended
  • Minimum 1 GB disk space, but 50 GB is recommended
Main tools included in metasploit
  • msfconsole : the main console or control program .
  • msfvenom : the payload generator.
  • the rest are the additional programs which helps to do the job.
Tutorial Videos
  • setup in ubuntu :-
    https://www.youtube.com/watch?v=q1ysYODliHo
  • setup in debian :-
    https://www.youtube.com/watch?v=ROKbKdiacuM
  • setup in kali wsl :-
    https://www.youtube.com/watch?v=9TVhEDv5MmA
  • complete using tutorial by hackersploit :-
    https://www.youtube.com/watch?v=8lR27r8Y_ik
Reference

thanks to JEFF PETTERS as i got many points from his article.

follow me

follow my twitter account for latest updates