LabEx
Log InJoin Free

Understand Metasploit Module Types

Kali LinuxBeginner
Practice Now

Introduction

The Metasploit Framework is a powerful open-source tool used for penetration testing and security research. It is built around the concept of modules, which are interchangeable pieces of code that perform specific tasks. Understanding the different types of modules is fundamental to using Metasploit effectively.

In this lab, you will explore the primary module types within Metasploit:

  • Exploits: Code that takes advantage of a system vulnerability.
  • Auxiliary: Modules for scanning, fuzzing, and other actions that are not direct exploits.
  • Post-Exploitation: Modules used after gaining access to a target system.
  • Payloads: Code that runs on the target system after a successful exploit.

You will learn how to list and identify these modules using the Metasploit console (msfconsole).

List available exploit modules

In this step, you will learn how to list all available exploit modules in the Metasploit Framework. Exploit modules are designed to take advantage of a specific flaw or vulnerability in a system, service, or application to gain unauthorized access.

First, you need to start the Metasploit Framework console. We will use the -q flag to suppress the startup banner for a cleaner interface. Once inside the console, you can use the show exploits command.

Open your terminal and run the following command to start msfconsole:

msfconsole -q

Once the msfconsole prompt (msf6 >) appears, type the following command to list all exploit modules:

show exploits

You will see a long list of available exploits, along with their disclosure date, rank, and a brief description. The rank indicates the reliability of the exploit.

msf6 > show exploits

Matching Modules
================

   ##   Name                                 Disclosure Date  Rank       Check  Description
   -   ----                                 ---------------  ----       -----  -----------
   0   exploit/aix/local/ibstat_exec        2009-07-27       excellent  No     AIX ibstat Command Execution
   1   exploit/aix/local/invscout_priv_esc  2012-03-30       excellent  Yes    AIX invscout Privilege Escalation
   2   exploit/aix/rpc_catd                 1995-01-01       great      No     AIX CDE ToolTalk rpc.catd Command Execution
...
   2300 exploit/windows/smb/ms17_010_psexec  2017-03-14       excellent  Yes    MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
...

After reviewing the list, you can exit the Metasploit console by typing exit:

exit

List available auxiliary modules

In this step, you will list the auxiliary modules. Unlike exploits, auxiliary modules do not directly result in gaining access to a system. Instead, they are used for a wide range of tasks such as scanning for open ports, identifying services, fuzzing, denial-of-service attacks, and information gathering.

Just like in the previous step, start the Metasploit console and then use the show command.

Start msfconsole again from your terminal:

msfconsole -q

At the msf6 > prompt, use the show auxiliary command to see all available auxiliary modules:

show auxiliary

The output will display a comprehensive list of modules used for reconnaissance and other non-exploit activities.

msf6 > show auxiliary

Matching Modules
================

   ##   Name                                                 Disclosure Date  Rank     Check  Description
   -   ----                                                 ---------------  ----     -----  -----------
   0   auxiliary/admin/2wire/xslt_password_reset                             normal   No     2Wire Cross-Site Scripting and Password Reset
   1   auxiliary/admin/appletv/appletv_display_image                         normal   No     AppleTV Display Image
...
   450 auxiliary/scanner/http/http_login                                     normal   No     HTTP Login Utility
   451 auxiliary/scanner/http/http_put                                       normal   Yes    HTTP PUT File Upload Utility
...

Once you are done, exit the console:

exit

List available post-exploitation modules

In this step, you will explore post-exploitation modules. These modules are used after you have successfully compromised a target system. Their purpose is to help you maintain access, gather sensitive information, escalate privileges, and pivot to other systems within the network.

The process for listing these modules is similar to the previous steps.

Launch the Metasploit console:

msfconsole -q

At the prompt, type show post to list all post-exploitation modules:

show post

You will see a list of modules categorized by the target operating system (e.g., Windows, Linux, OSX) and the function they perform (e.g., gather, manage, escalate).

msf6 > show post

Matching Modules
================

   ##   Name                                                 Disclosure Date  Rank    Check  Description
   -   ----                                                 ---------------  ----    -----  -----------
   0   post/android/capture/screen                                           normal  No     Android Screen Capture
   1   post/android/gather/contacts                                          normal  No     Android Gather Contacts
...
   250 post/linux/gather/enum_configs                                        normal  No     Linux Gather Configurations
   251 post/linux/gather/enum_protections                                    normal  No     Linux Gather Protection Mechanisms
...
   400 post/windows/gather/credentials/total_commander                       normal  No     Windows Gather Total Commander FTP Passwords
...

Remember to exit the console when you have finished exploring the list:

exit

List available payload modules

In this step, you will list the available payload modules. A payload is the code that an exploit delivers to the target system. Once the exploit successfully compromises the system, the payload is executed, giving the attacker control. Payloads can range from simple command shells to the highly advanced Meterpreter, which provides extensive control over the victim machine.

Let's list them using the msfconsole.

Start the Metasploit console:

msfconsole -q

At the msf6 > prompt, use the show payloads command:

show payloads

The output will show a variety of payloads, often categorized by the type of connection they establish (e.g., reverse shell, bind shell) and the target architecture.

msf6 > show payloads

Matching Modules
================

   ##   Name                                   Disclosure Date  Rank    Check  Description
   -   ----                                   ---------------  ----    -----  -----------
   0   payload/aix/ppc/shell_bind_tcp                          normal  No     AIX PowerPC Command Shell, Bind TCP Inline
   1   payload/aix/ppc/shell_find_port                         normal  No     AIX PowerPC Command Shell, Find Port Inline
...
   500 payload/linux/x86/meterpreter/reverse_tcp               normal  No     Linux Meterpreter, Reverse TCP Stager
...
   1000 payload/windows/x64/meterpreter/reverse_tcp             normal  No     Windows Meterpreter (Reflective Injection), Reverse TCP Stager (x64)
...

Finally, exit the console:

exit

Differentiate between an exploit and a payload

In this final step, we will solidify your understanding of the crucial difference between an exploit and a payload. While they work together, they serve distinct purposes.

  • Exploit: This is the "delivery vehicle." Its only job is to take advantage of a vulnerability to get the payload onto the target system. Think of it as the key that unlocks a door.
  • Payload: This is the "cargo." It's the code that runs after the exploit is successful. It defines what you can do on the compromised system. Think of it as what you do after you've unlocked the door and gone inside.

An exploit cannot function without a payload, and a payload cannot be delivered without an exploit.

To demonstrate your understanding, create a simple text file named difference.txt in your project directory that summarizes this concept.

Execute the following command in your terminal:

echo "Exploit: Gains access. Payload: Runs after access." > /home/labex/project/difference.txt

You can verify the file was created correctly with the cat command:

cat /home/labex/project/difference.txt

You should see the following output:

Exploit: Gains access. Payload: Runs after access.

This simple exercise helps reinforce the core relationship between these two fundamental Metasploit components.

Summary

Congratulations on completing this lab! You have successfully explored the fundamental module types within the Metasploit Framework.

You learned that:

  • Exploit modules are used to take advantage of vulnerabilities to gain initial access.
  • Auxiliary modules are used for scanning, reconnaissance, and other non-exploit actions.
  • Post-exploitation modules are run on a system after it has been compromised.
  • Payload modules are the code delivered by an exploit that executes on the target.

Most importantly, you now understand the critical distinction between an exploit (the method of entry) and a payload (the code that runs after entry). This foundational knowledge is essential for performing effective penetration tests with Metasploit.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux