Premise

In this tutorial, I explained some basics of the prominent hacking tool Metasploit framework and how to use some of its syntaxes. I also explained how to use the Metasploit framework with Nmap to scan hosts and networks. I used Metasploitable as an example testing box for demonstration purposes. We scanned open ports, services, and their version.

Skills Learned

  • Metasploit Framework
  • Nmap

Getting Metasploit Up and Running

First things first, let’s get Metasploit started.

  • Launching Metasploit: The easiest way to fire it up is by typing msfconsole in your command line.
  • A Quick Prerequisite: If this is your first time using Metasploit, you need to make sure the PostgreSQL service is running. It’s a database that Metasploit relies on. You can start it with sudo systemctl start postgresql.
  • Make it Automatic: To save yourself a step next time, you can enable PostgreSQL to start automatically when you boot up your machine. Just use the command sudo systemctl enable postgresql.
  • Stay Updated: Metasploit is constantly being updated with new modules, so it’s a good idea to update it frequently. You can do this with sudo apt install metasploit-framework.

Scanning for Open Ports (The Metasploit Way)

For my first practical example, I’m going to show you how to scan for open ports on a target machine, just like you would with Nmap, but all from within Metasploit.

  • Using Modules: To use any of Metasploit’s tools, you need to activate a “module.” You do this with the use command. For a simple TCP port scan, the module is auxiliary/scanner/portscan/tcp.
  • Navigating: If you want to back out of a module, just type back. The previous command can also take you back to the last module you were using.
  • Checking the Options: Once you’re inside a module, you can type show options to see all the settings you need to configure.
  • Setting the Target: To tell Metasploit which machine to scan, you use the set command. For example, set RHOSTS is used to define the target’s IP address. In my demo, I quickly used Nmap to find the IP of my Metasploitable 2 machine and then set it in Metasploit.
  • Specifying Ports: You can also tell Metasploit which ports to scan using set PORTS.
  • Oops, Made a Mistake? If you mess up, you can clear a setting with the unset command.
  • Run the Scan! Once everything is set up, just type run to start the scan. The results will show you all the open ports, like 21 for FTP, 22 for SSH, and 80 for HTTP.

Bringing Nmap into the Fold

One of the coolest things about Metasploit is that it can integrate with Nmap. This means you can run Nmap scans directly from within Metasploit and have all the results saved to your PostgreSQL database.

  • The db_nmap Command: To do this, you use the db_nmap command. The syntax is almost identical to a regular Nmap command.
  • An Aggressive Scan: In my demo, I ran an aggressive Nmap scan using db_nmap -A [target_IP]. The results were super detailed, showing me open ports, the services running on them, and even version information. For example, I could see that the FTP server allowed anonymous logins.
  • Viewing Your Discoveries: After the scan is done, you can type hosts to see all the machines you’ve discovered. It will show you their IP addresses, operating systems, and what they’re being used for.

That’s it for this introduction! In my next video, I’ll be diving deeper into payloads, auxiliary modules, and how to create backdoors. Stay tuned! 🚀

Video Walk-through

Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles