Metasploit For Beginners


Metasploit remains huge. It’s the “go-to” penetration testing tool that all Cybersecurity Professionals ought to be familiar with!

Posted by Henry Dalziel  |  December 16, 2019  |   Questions / Comments 2

Metasploit For Beginners

Cyber Hack Tool Cybersecurity Hacker Tool
Henry Dalziel
Henry Dalziel | December 16, 2019

- C|EH, Security+, MSc Marketing Management;
- Based in Hong Kong for the last five years;
- Cybersecurity Pro & Growth Hacker

TL;DR
We list out a basic tutorial on how to use Metasploit.

Metasploit for beginners – a concise introduction

Having recently blogged about the world’s most scary pentest tools we thought we should write something about the importance of learning the Metasploit Framework for penetration testers.

Metasploit is an incredibly good framework and if your new to the world of penetration testing then we’d certainly recommend this tool. The reason for this is because Metasploit is a framework and not a specific application. That basically means that as a framework the user can build their own specific tools that can be used for specific tasks. For example, if you wanted to test for vulnerabilities in particular operating systems, then that would work just fine using Metasploit Framework.

There are several versions of Metasploit – both free and paid (which I guess is the freemium and premium model). The free version works just great – which you can get here (although the framework is also available in Windows we’d recommend that you learn the program within a Linux environment, or better still, a Linux penetration testing distro). The reason that Metasploit is free is presumably to give users a taste for what is obtainable in the feature-packed Metasploit Express which costs a whopping $5,000. Metasploit Express is obviously aimed at the professional pentester (by the way that $5,000 fee is price per user per year).

Windows and Metasploit
If you are using Windows, don’t forget to turn off your anti-virus and firewall software because Metasploit will resemble a virus to your firewall. Also, if you are using Metasploit within a virtual machine environment make sure that the network connection is bridged to the outside network. Metasploit grabs and scans everything you ask it to on your, and others network, so it needs to be allowed to access the correct network.

Here are some terms that you need to understand if you are using Metasploit:
Term 1 – System exploitation – the root term behind meta ‘sploit’ – i.e. exploitation
This term means that you are trying to exploit a vulnerability in a system, machine or network. This means that basically you are trying to look in a network and find a computer that has a hole (backdoor) which could be compromised.

Term 2 – Payload – think of this like a fighter jet unleashing a weapon with a payload!
A big thing about Metasploit is that it not only scans but it also collects information regarding systems that can be exploited – and then – executes code within a compromised system. In summary, this term implies injecting code that is bundled within a payload. Once a payload has been unleashed then the hacker or penetration tester can run commands and actions. The objective should be to plant a big enough payload that can facilitate the creation of a a shell code. A shell is a command interface which essentially gives the user complete control over a compromised machine.

Since Metasploit is a framework the user can create their own code and scripts but – don’t worry if you don’t know how to code since many modules have already been created. All Metasploit modules are very specific to perform specific tasks , so to run network scanning, ARP poisoning, packet sniffing etc, a module has very likely already been created.

Term 3 – Listening – get in touch with your female side and be a good listener!
Metasploit is patient and a great listener. Metasploit, like Wireshark in fact, is very good at listening to incoming connections. Worth noting that in the hacking world, things don’t move very fast, a dedicated hacker can spend months working out their best strategy and attack vectors. Research is obviously vital to any attack. PunkSPIDER and SHODAN would be two examples of services that a penetration tester could use prior to opening up Metasploit. Both PunkSPIDER and SHODAN act almost like search engines with the difference in that these engines look for server information and vulnerabilities. Metasploit could be deployed to open any half closed doors.

Metasploit Interfaces
There are a couple of interfaces that can be used. The first option is the the MSFconsole which is the hackers preferred method or most puritanical way of using Metasploit. The other more friendly approach to using Metasploit is to use Armitage.

Metasploit Database – specific to the user’s requirements
One of the things that makes Metasploit unique, and a must for anyone interested in learning the skills of pentesting or hacking, is that the program/ framework can record data in its’ own internal database, i.e. on your system. Why is this good? Simply said it just organizes your work flow. You can set up the system so that tasks are spread as thin as possible to minimize the chances of being detected.

Let us know what you think. Do you agree with us on the above main points about using Metasploit? We have blogged about nmap and offer an nmap training course if you are interested.

2 responses to “Metasploit For Beginners”

  1. aditya says:

    It’s a really helpful post, Thanks.

    Sir,
    I want to be a cyber security expert but I don’t know what courses should I join.
    Please tell me how do I become cyber security expert.I am currently pursuing B.E. in electronic and computer engineering.thanks again

  2. TryHarder says:

    Try Harder!

Leave a Question or Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Some Of Our Other Content

You may also like...

USB Keyloggers
USB Keyloggers

Some of these USB Keyloggers work over WiFi and others even email you the keystrokes! Require NO drivers. Just plant and forget.

Blog Post

N00b Hacking
WiFi Hacking Hardware Devices
WiFi Hacking Hardware Devices

We take a look at hardware used by the pro's to hack into Wireless Networks! (Keyloggers, Deauth Tools, Alfa Scanner etc.)

Blog Post

WiFi Hacking
Mobile Encryption Apps
Mobile Encryption Apps

Is WhatsApp safe? What about Telegram? There are dozens of mobile encryption apps...

List Review

Cyber Hacking
Password Cracking Tools
Password Cracking Tools

John The Ripper, Crowbar, L0phtcrack, Medusa, Rainbowcrack, THC Hydra and more!

List Review

Cyber Hacking
Kali Linux Developers
Meet The Kali Linux Developers

Meet the folks behind the Hacking Tools that make Kali Linux so damn awesome

Blog Post

N00b Hacking
OSCP Advice
How Difficult is OSCP? Get expert advice from those that passed!

We've interviewed over 25 Cybersecurity Professionals to ask them that exact question...

Blog Post

N00b Hacking
How To Hack WordPress 2020
How To Hack WordPress 2020

In this (constantly updated) resource we investigate ways to Hack WordPress

Blog Post

N00b Hacking
Pass CEH First Time
Pass CEH First Time: we ask experts in the field

Are you interested in passing CEH? If yes, read on, we have a ton of advice to share

Blog Post

N00b Hacking