Introduction
The Metasploit Framework is a powerful open-source tool used by security professionals for penetration testing, exploit development, and vulnerability research. Its primary interface is the Metasploit Console, or msfconsole, a command-line interface that provides efficient access to all of the framework's features.
In this lab, you will learn the basic but essential skills of launching and navigating the msfconsole. We will cover starting the necessary background services, launching the console, exploring its interface, using the help system, and exiting gracefully. Mastering these fundamentals is the first step toward effectively using Metasploit for security assessments.
Start the Required PostgreSQL Service
Before launching Metasploit, it's best practice to start the PostgreSQL database service. Metasploit uses this database to store information about your projects, hosts, discovered vulnerabilities, and collected evidence (loot). While msfconsole can run without a database, connecting it to one enables many of its powerful data management features.
In this step, you will start the PostgreSQL service and verify that it is running correctly. We will use the service command because this environment does not support systemctl.
First, open a terminal and use the following command to start the PostgreSQL service. You will need sudo because managing system services requires administrative privileges.
sudo service postgresql start
You should see output indicating that the service is starting:
* Starting PostgreSQL 14 database server [ OK ]
Next, to confirm that the service has started successfully, you can check its status:
sudo service postgresql status
A successful start will show that the service is online:
14/main (port 5432): online
Now that the database is running, you are ready to launch the Metasploit console.
Launch the Metasploit Console using the msfconsole command
With the database service running, you can now launch the main Metasploit interface, msfconsole. This command initializes the framework, loads all the modules (exploits, payloads, auxiliary, etc.), and connects to the database.
In this step, you will execute the msfconsole command from your terminal. The first launch may take a few moments as it sets up the environment.
Type the following command into your terminal and press Enter:
msfconsole
After a brief loading period, you will be greeted with a randomly selected welcome banner (ASCII art) and the msfconsole command prompt. The prompt typically looks like msf6 >, where 6 indicates the version of the Metasploit Framework.
`s`
`h`
`o`
`y`
`s`
`s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s`
`o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o`
`y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y`
`s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s`
`o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o`
`y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y`
`s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s`
`o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o`
`y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y` `y`
`s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s` `s`
`o` `o` `o` `o` `o` `o` `o` `o` `o` `o` `o`
`y` `y` `y` `y` `y` `y` `y` `y` `y` `y`
`s` `s` `s` `s` `s` `s` `s` `s` `s`
`o` `o` `o` `o` `o` `o` `o` `o`
`y` `y` `y` `y` `y` `y` `y`
`s` `s` `s` `s` `s` `s`
`o` `o` `o` `o` `o`
`y` `y` `y` `y`
`s` `s` `s`
`o` `o`
`y`
=[ metasploit v6.x.x-dev-xxxxxxxx ]
+ -- --=[ 23xx exploits - 12xx auxiliary - 4xx post ]
+ -- --=[ 14xx payloads - 4x encoders - 1x nops ]
+ -- --=[ 9 evasion ]
Metasploit tip: View advanced options for a module by using
advanced
msf6 >
You are now inside the Metasploit console and can begin using its commands.
Explore the msfconsole Welcome Banner and Version
Now that you are inside the msfconsole, let's take a moment to look at the information presented. The welcome banner, besides showing some creative ASCII art, provides a quick summary of the framework's capabilities. It tells you the number of available exploits, auxiliary modules, payloads, and more.
The banner also displays the Metasploit version. However, if you need to check the version at any time while working in the console, you can use the version command.
At the msf6 > prompt, type the version command and press Enter:
version
The output will show you the specific versions of the Metasploit Framework and the Console library you are currently running.
msf6 > version
Framework: 6.x.x-dev-xxxxxxxx
Console : 6.x.x-dev-xxxxxxxx
This command is useful for verifying your installation and ensuring you are running a specific version required for a particular task or tutorial.
Use the help command to list available commands
The msfconsole has a large number of commands, and it's impossible to remember them all. The built-in help command is your most valuable tool for navigating the console. It provides a comprehensive list of all available commands, grouped by function.
In this step, you will use the help command to explore the available options.
At the msf6 > prompt, type help and press Enter:
help
The console will display a long list of commands. Below is a truncated example of the output you will see:
msf6 > help
Core Commands
=============
Command Description
------- -----------
? Help menu
banner Display an awesome metasploit banner
cd Change the current working directory
color Toggle color
connect Communicate with a host
exit Exit the console
...
Module Commands
===============
Command Description
------- -----------
advanced Displays advanced options for a module
back Move back from the current context
info Displays information about a module
load Load a framework plugin
...
Take a moment to scroll through the list to get a feel for the different types of commands available. You can also get help for a specific command by typing help followed by the command name. For example, help search would give you detailed information on how to use the search command.
Exit the msfconsole using the exit command
Once you have finished your work within the Metasploit Framework, it's important to exit the console properly. This ensures that any running jobs are terminated cleanly and you are returned to your standard command-line shell.
The command to leave msfconsole is simple and intuitive.
At the msf6 > prompt, type exit and press Enter:
exit
The console will perform a brief shutdown sequence and then return you to the regular terminal prompt in your ~/project directory.
msf6 > exit
labex@instance:~/project$
You have now successfully launched, navigated, and exited the Metasploit console.
Summary
Congratulations! In this lab, you have learned the essential first steps for working with the Metasploit Framework.
You successfully:
- Started the PostgreSQL database service, which is crucial for data management in Metasploit.
- Launched the
msfconsoleinterface. - Examined the welcome banner and used the
versioncommand. - Used the
helpcommand to discover the available functionality. - Exited the console cleanly using the
exitcommand.
These fundamental skills form the foundation for all future work you will do in Metasploit. You are now prepared to move on to more advanced topics, such as searching for modules, configuring exploits, and launching attacks.
