Introduction
Welcome to the world of Metasploit! The Metasploit Framework is an incredibly powerful open-source tool used by cybersecurity professionals for developing, testing, and executing exploits. It contains a vast database of modules, which are pieces of code that can be used for various penetration testing tasks. These modules include exploits, payloads, and auxiliary tools.
In this lab, you will learn the fundamental workflow for working with Metasploit modules. You will start by launching the Metasploit console, then learn how to search for specific modules, select one for use, and configure its basic options. This is the foundational skill set for any aspiring penetration tester.
Search for Exploits with search type:exploit
In this step, you will learn how to use the search command to find modules within the Metasploit Framework. The search command is your primary tool for navigating the thousands of available modules.
First, let's launch the Metasploit Framework console. This may take a moment to start up.
msfconsole
You will see a banner and the Metasploit command prompt, which looks like msf >. All subsequent commands in this lab will be run inside this console.
To make your search more effective, you can use keywords to filter the results. One of the most common keywords is type, which allows you to specify the kind of module you're looking for (e.g., exploit, payload, auxiliary).
Let's search for all modules that are classified as exploits. Type the following command into the Metasploit console:
search type:exploit
You will see a long list of available exploits. The output is organized into columns:
- #: The index number of the search result.
- Name: The full path and name of the module.
- Disclosure Date: When the vulnerability was publicly disclosed.
- Rank: The reliability of the exploit, from
lowtoexcellent. - Check: Indicates if the module can check if a target is vulnerable without exploiting it.
- Description: A brief summary of what the module does.
msf > search type:exploit
Matching Modules
================
## Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/windows/local/adobe_sandbox_esc 2011-04-15 excellent No Adobe Reader/Acrobat "Movie" Annotation Sandbox Escape
1 exploit/windows/fileformat/acdsee_pica 2011-01-12 good No ACDSee PicaView 2.0 EML File Parsing Buffer Overflow
... (output truncated) ...
This gives you a general idea of the exploits available, but the list is too large to be practical. In the next step, we'll narrow it down.
Filter Search by Platform with search platform:linux
In this step, you'll learn to refine your search results. The previous search returned thousands of exploits for many different operating systems. To find a relevant exploit, you need to add more filters.
The platform keyword allows you to filter modules based on the target operating system, such as windows, linux, osx, or android. You can combine multiple keywords in a single search command to create a highly specific query.
Let's search for exploits that are specifically designed for the Linux platform.
search type:exploit platform:linux
The output will now be a much shorter, more manageable list of exploits that are relevant to Linux systems.
msf > search type:exploit platform:linux
Matching Modules
================
## Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/linux/http/advantech_switch_bash_env_exec 2014-09-24 excellent Yes Advantech Switch Bash Environment Variable Code Injection (Shellshock)
1 exploit/linux/http/airties_login_cgi_bof 2012-01-17 excellent No AirTies login.cgi Buffer Overflow
... (output truncated) ...
By combining keywords, you can quickly zero in on the exact module you need for a specific target.
Use Exploit Module with use exploit/multi/handler
In this step, you will select a module to work with. After finding a module with the search command, you need to load it into the framework's context using the use command.
The use command takes the full name of the module as its argument. You can copy the name directly from the search results.
For this lab, we will select a special and very common module: exploit/multi/handler. This module is not a typical exploit that targets a specific vulnerability. Instead, it's a generic listener that waits for an incoming connection from a payload that has been executed on a target machine. It's a fundamental tool for catching reverse shells.
Load the handler module with the following command:
use exploit/multi/handler
After you run the command, you'll notice that your command prompt changes.
msf > use exploit/multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf exploit(multi/handler) >
The prompt msf exploit(multi/handler) > indicates that you are now in the context of the exploit/multi/handler module. Any commands you issue now, such as setting options, will apply to this specific module.
Check Module Options with show options
In this step, you will learn how to view the configurable parameters for the module you have selected. Every module has a set of options that you may need to configure before it can be run. These options define the module's behavior, such as the target's IP address or the port to listen on.
The show options command displays all the available options for the currently loaded module.
Now that you are in the context of exploit/multi/handler, run the following command:
show options
The output will list the module's options, along with their current settings and descriptions.
msf exploit(multi/handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (generic/shell_reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
Pay close attention to the Required column. Any option marked as yes must be set before you can run the module. For multi/handler, the LHOST (Listen Host) and LPORT (Listen Port) are required. LHOST is the IP address your machine will listen on, and LPORT is the port.
Set Basic Options with set LHOST
In this step, you will learn how to configure a module's options using the set command. This command allows you to assign values to the parameters you saw with show options.
The general syntax is set <OPTION_NAME> <VALUE>.
For the multi/handler module, the most important option to configure is LHOST, which stands for "Listen Host". This specifies the IP address that the handler will listen on for incoming connections from payloads.
Let's set the LHOST option to the loopback address, 127.0.0.1, so the handler will listen on the local machine.
set LHOST 127.0.0.1
Metasploit will confirm the change:
LHOST => 127.0.0.1
You can verify that the option has been updated by running show options again. You will see 127.0.0.1 listed as the Current Setting for LHOST. This simple set command is how you will configure all modules before launching an attack.
To exit the Metasploit console, you can type exit.
exit
Summary
Congratulations on completing this lab! You have learned the essential first steps for working with the Metasploit Framework.
You now know how to:
- Launch the Metasploit console (
msfconsole). - Search for modules using the
searchcommand and filter them bytypeandplatform. - Select a specific module for use with the
usecommand. - View a module's configurable parameters with
show options. - Configure a module's parameters using the
setcommand (e.g., setting LHOST for listeners).
These commands form the core workflow for any task you will perform in Metasploit. Mastering them is the key to effectively using this powerful penetration testing tool.
