Open In App

What is the Metasploit Framework in Linux?

Last Updated : 07 Nov, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

A Metasploit framework is a tool that is used by ethical hackers, security researchers, and pentester to testing of the vulnerability. It helps us to find vulnerabilities in networks, systems, and IoT. It’s an open-source tool. It can be customized with the operating system. It’s a bunch of exploits for various platforms. This Framework is written in a ruby programming language. A user may set up an exploit module, combine it with a payload, aim at a target, and fire it against the target system using the different tools, libraries, user interfaces, and modules of Metasploit. Hundreds of exploits and different payload choices are contained in the vast and comprehensive database of Metasploit. 

Let’s understand the Metasploit Framework through various types of examples.

Example 1: Hack FTP Server Using Metasploit

Here we will be using a vulnerable machine called Metasploitable 2. Follow the below steps to Hack FTP Server.

Step 1: Scanning all the open ports and services using Nmap (Nmap is a network scanning tool)

nmap -Pn -sV 192.168.29.94

 

Command Explanation 

  • nmap:- Tool
  • -Pn:- Treat all hosts as online — skip host discovery
  • -sV:- Probe open ports to determine service/version info

Step 2: Exploit with Metasploit Framework.

msfconsole

In the below screenshot, we are stating the Metasploit console using the msfconsole command.

 

Step 3: Here we can see the FTPftp service is open called vsftpd (Very Secure FTP Daemon) is an FTP server for Unix-like systems, including Linux, and the port number is 21. Let’s get into the server. Search for Version which is FTP server used on it. Here I’m Searching for vsftpd. Here We use the search option for the search exploit.

search vsftpd

 

Command Explanation

  • search:- for searching any exploit by name or keyword.

Step 4: Now, we will be selecting the exploit by using the use command.

use 0

 

Command Explanation

  • use: we use this option because we can use the exploit by using their index number. 

Step 5: Now we will see what are the requirements of run this exploit.

show options

 

Command Explanation:- 

  • show options:- for knowing what are the requirements of run this exploit.
  • Set RHOSTS:- set the target IP.
  • exploit:- for running this exploit

Step 6: Now we will run the exploit and get access to the FTP server.

exploit

We have got access to the FTP server of the target machine Metasploitable 2

 

Example 2: Using Metasploit for DOS attack

Step 1: Type Command msfconsole for entering Metasploit Framework

msfconsole

 

Step 2: Use the payload auxiliary/dos/http/slowloris to perform DOS attack on victim.

use auxiliary/dos/http/slowloris

 

Slowloris tries for many connections to the target machine or web server open and holds them open as long as possible. This accomplishes by opening connections to the target web server and sending requests. Periodically, it will send HTTP request headers. Eventually denying additional connection attempts from client.

Command Explanation:

  • use: for using payload 

Step 3: Show the requirements to run the exploit.

show options

 

Command Explanation:

  • show options:- use to show the requirements for running the exploit. We can see this in the image.

Step 4: Set the target IP to run this exploit.

set rhost 192.168.29.94

 

Command Explanation:

  • set host:- set the target IP for exploit.

Step 5: Run this Exploit to run the dos attack.

exploit

Multiple requests are been hit to the victim machine.

 

Command Explanation:

  • exploit:- run the attack.

Example 3: Using Metasploit to hack through Samba Usermap Script vulnerability 

Step 1: Enter the Metasploit Framework using the following command.

msfconsole

 

Command Explanation:- 

  • msfconsole:- enter the metasploitable framework.

Step 2: Use exploit for the Samba Usermap Script vulnerability.

use exploit/multi/samba/usermap_script

 

Command Explanation:

  • use: use the exploit by name or by the index of the exploit.

Step 3: Show the requirements of the exploit.

show options

 

Command Explanation:-

  • show options: show the requirements for the exploit.

Step 4: Set the credentials to run the exploit.

set RHOSTS 192.168.29.47

 

Command Explanation : 

  • set:- set the required things.

Step 4: Exploit the vulnerability by running the payload.

exploit

 

We have successfully hacked the Samba Usermap Script vulnerability .


Like Article
Suggest improvement
Previous
Linux - Metasploit Command
Next
Footprinting with Nmap in Kali Linux
Share your thoughts in the comments

Similar Reads

Find Vulnerable Webcams with Shodan [Metasploit Framework]
Adding a third party Module into Metasploit Framework
Linux - Metasploit Command
How to use a Reverse Shell in Metasploit in Kali Linux
Using Metasploit and Nmap to Scan for Vulnerabilities in Kali Linux
Working with Payload Metasploit in Kali Linux
Deploying a Payload with Metasploit in Kali Linux
Creating a Persistent Reverse Shell with Metasploit in Kali Linux
Validating a Vulnerability Metasploit in Kali Linux
Katana Framework - Hacking Framework in Kali Linux
author
rajnandi5045
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox