Open In App

What is Metasploit?

Improve
Improve
Like Article
Like
Save
Share
Report

Metasploit is not just a single tool. It is a complete framework. It is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code, it is flexible and extremely robust and has tons of tools to perform various simple and complex tasks. 

Metasploit has three editions available.

  • Metasploit Pro
  • Metasploit Community
  • Metasploit Framework

For this article, we’ll be using the Metasploit Framework edition.

Various components of Metasploit

1. Auxiliaries

Auxiliaries are the modules that make Metasploit so easy to work with. A Metasploit auxiliary is nothing but a specific piece of code written to perform a particular task. For example, it can be used to check if we can access an FTP server anonymously or to check if the webserver is vulnerable to a heart bleed attack. In fact, Metasploit has more than 1,000 auxiliary modules that perform various tasks like scanning, fuzzing, sniffing, and much more. These auxiliary modules are classified into 19 categories. Following are the categories of auxiliary modules that are available in Metasploit :

Auxiliaries

2. Payloads

You have already learned in the above topic that an exploit is a piece of code that will be used against the component that is vulnerable. The exploit code may run successfully, but what do you want to do once the exploit is successfully defined by the payload. In simple terms, a payload can be defined as the action that needs to be performed after the complete execution of an exploit. Metasploit has around 42 payloads that can be classified into the following categories:

3. Exploits

Exploits are an extremely important part of Metasploit. The whole purpose of the framework is to offer exploits that you can use for various vulnerabilities. An exploit is a code that takes advantage of a software vulnerability or security flaw and you will use this code on the target system to take advantage of the vulnerabilities present in the target system. Metasploit has more than 1,800 exploits that can be classified into 17 categories. Following are the categories of exploits that are available in Metasploit:

Exploits

4. Encoders

Metasploit helps you in generating a wide variety of payloads that you can send to the target in multiple ways to perform any task. In the process, it is quite possible that your payload gets detected by any of the security software present on the target system or antivirus software. This is where encoders came into work. Encoders use various algorithms and techniques to obscure the payload in a way that it doesn’t get detected by antivirus software. Metasploit has about 40 encoders that can be categorized into ten major categories, as shown here:

Encoders

5. Post-Exploitation Activities (Post)

Once you have gained access to your target system using any of the available exploits and here we are talking about basic access, you can make use of the post modules to further infiltrate the target system. These operations are mostly done in Cyber Events with complete permissions and must be done in an Ethical way.  With the help of these modules you can perform the following Post-exploitation activities :

  • Escalating user privileges to administrator or root.
  • Retrieving the system credentials
  • Stealing cookies and saved credentials
  • Capturing keystrokes on the target system
  • Executing custom Power Shell scripts for performing

Additional tasks: Making the Access persistent

Metasploit has around 300 post-exploitation modules that can be classified into the following 11 categories:

Post-Exploitation Activities (Post)

6. Evasion: this module allow users to generate a Windows EXE that evades against Microsoft Windows Defender. Multiple techniques such as shellcode encryption, source code obfuscation, Metsam, and anti-emulation are used to achieve this. To get the best output in use user should always try to use payloads that uses more secure channels such as HTTPS, or RC4 in order to avoid the payload network traffic getting caught by antivirus better.

 

Features:

At first, the Metasploit framework was only a set of exploits. Later, it evolved into a tool for the creation of payloads, exploits, and penetration testing. Some characteristics of this framework are:

  • It enables the creation of payloads and exploits by security researchers.
  • It offers more than 592 payloads and, 2074 groups of exploits.
  • It is open-source.
  • Simple to use
  • A user-friendly GUI setting.
  • Extra add-ons.
  • Offers both a Bind Shell and a Reverse Shell.
  • Deletes the infected system automatically.
  • It is simple for researchers to swap between payloads.
  • Offers a range of instruments for forensic examination of the affected systems.
  • It offers the MSFconsole, MSF command-line interface, and Armitage as its three main interfaces.

 

Installation of Metasploit Framework:

As an Ethical Hacker or a Pen-Tester, if you’re running Windows or a normal Linux distribution like Ubuntu. It is recommended to switch to a penetration testing distribution like Kali-Linux or Parrot Security OS. Because these tools would already come pre-installed with the distribution. We can also run it in a virtualized environment. But if we want to install Metasploit as a separate tool, we can easily do so on systems that run on Linux, Windows, or Mac OS X.

Metasploit-Framework Kali-Linux

Step by Step installation (Debian-based Ubuntu Linux 22.04LTS) :

Step 1: Getting the Root privileges

On Ubuntu root is a particular user account that has access to all commands, files, and services. It is the most privileged account with complete access to everything. We use sudo su command to become a root or superuser on any Linux. On running the command it will ask for the current account password for confirmation.

Step 2: Updating and Upgrading the system

We use the apt-get update command to resynchronize the package index files from their sources on Linux via the Internet. Now we run apt-get upgrade to install the newest versions of all packages currently installed on the Ubuntu system. In other words, get security updates for your machine. We can also do this in a single line by using the syntax:

apt-get update && apt-get upgrade

Step 3: Installing Required Dependencies

We need to install a lot of dependencies that are required to run Metasploit. Below is the command that we’re going to be running to install the dependencies :

apt install -y ruby ruby-dev build-essential zlib1g zlib1g-dev libpq-dev libpcap-dev libsqlite3-dev

After running the above command the output screen will be :

Installing Required Dependencies

Step 4: Cloning the Metasploit repository

We need to clone the Metasploit GitHub repository, we use the git clone command and the repository link and go back to our terminal and paste and run that will download the repository into our home directory. It will take a little bit of time because it’s quite a large repository there are a lot of things in it.

git clone https://github.com/rapid7/metasploit-framework.git

After running the above command the output screen will be :

Cloning the Metasploit repository

If the output screen shows “Command ‘git’ not found” then we need to install the git first and then run the above command. To install git use:

apt install git

Step 5: Installing Ruby’s Bundler Package Manager

After we finish cloning the Metasploit GitHub repository into our home directory the next thing we need to do is install Ruby’s bundler package manager we can do this by doing :

gem install bundler

Step 6: Installing Ruby packages for Metasploit

Now we need to install the ruby packages for Metasploit. We first move to the Metasploit framework directory using the cd command that we just cloned into that directory.

cd metasploit-framework

Inside this directory, we need to go and finish installing the rest of the packages for Metasploit and we can do this by doing :

bundle install

After running the above command the output screen will be :

Installing Ruby packages for Metasploit

Once the installation gets completed the output screen will be like this

Installation completed output screen

Once it’s over we can start the Metasploit framework by just doing ./msfconsole.

Metasploit-Framework console

Limitations:

Although Metasploit includes a tonne of tools for identifying vulnerabilities, evaluating them, and creating exploits, it also has certain restrictions and drawbacks like anything else. Some of them include:

  • Little support for GUI. The majority of tasks should be completed utilizing CLI.
  • It must be treated carefully, failing to do so risks crashing our own system.
  • It is challenging to install Metasploit on a machine that has a firewall or antivirus software.
  • Difficult to learn.


Last Updated : 29 Nov, 2022
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads