Metasploit Tutorials From Beginner to Advance

Metasploit Tutorials From Beginner to Advance

February 10, 2012
-metaspoit


If you are active in the community of Penetration tester/ethical hacker than you have heard about metasploit, because it is the most famous tool and used by the most penetration tester as well as used by the hackers. Metasploit is an open source security (Computer) project that contain the information about vulnerabilities.
If you just put all the available exploit in a single place than the phenomena of metasploit occur.

Metasploit framework is a sub project and is use to execute exploit code against a machine and get the desire task done.

Before discussing how to do all the things, you need to understand some basic terms like, vulnerability, exploit and payload. Vulnerability is a weakness or a hole by which an attacker can compromise a machine. Exploit may be a piece of code is an attack that takes advantage of a vulnerabilityA payload is the piece of software that lets you control a computer system after it’s been exploited.

Metasploit project provides metasploit pro, metasploit express and metasploit framework. Metasploit framework is an open source and available for free for cross operating system platform (Windows, Linux).


How To Install Metaspolit 
 
In this tutorial we will discuss how to get and install metasploit framework for both Windows and for Linux (like ubuntu), if you are using backtrack than you can find metasploit over there.  
Install Metasploit on ubuntu:

We need some packages to install metasploit, open terminal and type exactly.
$ sudo apt-get install ruby libruby rdoc
$ sudo apt-get install libyaml-ruby
$ sudo apt-get install libzlib-ruby
$ sudo apt-get install libopenssl-ruby
$ sudo apt-get install libdl-ruby
$ sudo apt-get install libreadline-ruby
$ sudo apt-get install libiconv-ruby
$ sudo apt-get install rubygems
Click here to download metasploit, in this case we have downloaded Linux-full.run file. You need to become a root user to run this installation on the terminal type.
$ sudo su
Now locate the directory where you have downloaded metasploit before and type.
$ ./name_of_file.run


Now just forward it accept the agreement, after installation, to run metasploit on the terminal type.
$ msfconsole
Install Metasploit on Windows:
If you want to install metasploit on windows than you need to download the executable file of metasploit click here to download:  The installer includes the packages 
  • Console2
  • Ruby 1.9.2
  • PostgreSQL
  • Java JDK 6
  • Subversion
  • VNCViewer
  • WinVI32
  • Nmap 5.6
So you dont need to download any other file, just run the installer and you are done!


-armitageTechnology has no end, on the previous article we have discussed about metasploit framework, that has been changed the way of penetration testing, Armitage is a graphical cyber attack management tool for Metasploit that visualises your targets, recommends exploits, and exposes the advanced capabilities of the framework.




When metasploit and armitage meet to each other than they make a powerful cyber management tool for doing pen testing on the network(s). Armitage allow your team to use the same sessions, share data, and communicate through one Metasploit instance. It is very helpful tool to learn about the cyber security because it provides a graphical interface instead of command line.

Just like metasploit, Armitage is also available for different operating system like Linux, Windows and MAC. Below is the tutorial on how to get and install armitage.


Tutorial
Requirement
Install Armitage On Linux 
You can get install armitage by a simple command but before execute this application get command you need to be a root user to install armitage so open terminal and type exactly,
$ sudo su
# apt-get install armitage
We need to enable RPC daemon for metasploit use this command on the terminal,
root@bt:~# msfrpcd -f -U msf -P test -t Basic
Now start MYSQL server so that Armitage stores results 
root@bt:~# /etc/init.d/mysql start
Now its time to run Armitage, locate the directory and type 
root@bt:/pentest/exploits/armitage# ./armitage.sh
After this a new window must be appear, setup the default host name if you want to use SSL than tick on it,




-Integrate Nessus With Metasploit- Tutorial

There are so many tools but the importance of Nessus as a vulnerability scanner is not hidden, and the metasploit master of all the tools that contain the available exploit makes it so important for penetration testing and for hacking, as discussed before about integration of nmap into nessus click here to learn.


This time we have decided to write on to use metasploit on the basis of nessus result, you can use your Linux box (recommended) as well as windows box, backtrack5 is available so if you are doing practice on backtrack machine than it is good, while I am using ubuntu for this tutorial.

This tutorial is linked with the previous tutorial in which I have shown you how to use nessus now I am suppose that you have a result on your nessus, so start metasploit,
$ msfconsole
In this process we make Nessus Bridge for Metasploit, so on the metasploit type.
msf > load nessus

After successfully login the plugin you need to run and import the result of nessus into metasploit, so first of all we have to connect our nessus server with metasploit here is the command,
msf > nessus_connect username:password@hostname:port
msf > nessus_connect ehacking:irfan@127.0.0.1:8834
After successful authentication you can check the status of your nessus scan, you can check the policy, you can pause and resume the scan, you can view add and delete user and in general you can do anything that you can do with nessus window.
If you want to check the server status than type
msf > nessus_server_status
Now come to the main objective of the article, below command is for check all the reports
msf > nessus_report_list 
If you want to know about the host from the report, 
msf > nessus_report_hosts <report id>
msf > nessus_report_hosts a6656thy45ehacking
If there is a need to find out the information from a particular host use the command below.
msf > nessus_report_host_ports <hostname> <report id>
msf > nessus_report_host_ports 192.168.1.1 a6656thy45ehacking
You can do a lot of different things from Nessus Bridge for Metasploit just type the command to know more about it.
msf > nessus_help

 

 

How To Use Armitage In Backtrack 5- Tutorial

There is no need to introduce armitage, if you are related to the world of penetration testing so you have an idea about armitage and if you are new to the world of ethical hacking than click here to learn about Armitage and click here for Metasploit.



Backtrack 5 is on fire now after installation backtrack 5, you need to setup armitage to perform a effective pen testing, if you are using some older version of backtrack and if you are using other Linux distro like ubuntu than click here to learn how to install armitage.
You dont need to install armitage on backtrack5 because it is available on backtrack5, just follow the steps to run armitage on bt5.
Requirement
  • Backtrack 5 (Click here to learn)
  • Java
  • Metasploit
  • MySQL
All the requirement is available on backtrack5, so you need not to worry about it.

  • Open your backtrack and click on Application --> backtrack --> Exploitation tools --> Network exploitation tools --> Metasploit framework --> Armitage



  • On the next windows click on connect to start armitage, if it is your first time than it may take some time to start armitage.


  • Now you will see the window of armitage, now your armitage is ready to use, if you dont know how to use it than you have to wait of or next article in which we will surely teach you how to use armitage by different variance.





tuxbuntu

Share this

Related Posts

Next
« Prev Post
Previous
Next Post »

2 comments

comments
Penetration Tester
March 7, 2012 at 1:39 PM delete

Download SecurityTube Metasploit Framework Expert DVD FREE Enjoy ;)
securitytube-training.com/certifications/securitytube-metasploit-framework-expert/?id=download

Reply
avatar

Subscribe to: Post Comments (Atom)