Quick Metasploit Guide

metasploit photoThese are some notes I find myself referring back to as I work through my studies for the OSCP exam. As I develop more of these, I’ll continue to post them here on my blog so that others might find them useful.

Use Kali Linux for all the following instructions.

Prep:
Ensure postgresql is running.

Set postgres to start on boot so you don’t have to worry about it again:

From the command line, fire up the Metasploit console:

Search for exploits related to what you are interested in:

Or, be more specific:

Or, in Kali, use searchsploit (from regular command line, outside of MSF):

Once you find an exploit you want to use, use it:

Then set a payload:

See what options are set:

Set options as needed:

LHOST is the IP of where the victim host will send info to (your Kali VM, ex.)

RHOST is the IP of the victim

Default port is 80, but choose one if you wish:

Run the exploit:

If trying to get a remote shell, beware that you may be looking at it if you see what you think is nothing happening. Just try executing a command and see what happens:

Photos by Christiaan008,

About Will Chatham

Will Chatham is a Cyber Security Analyst, Ethical Hacker, and Penetration Tester at a federal data center in Asheville, NC. Since Netscape 2.0, he has worked in a wide array of environments including non-profit, corporate, small business, and government. His varied background, from developer to search engine optimizer to security professional, has helped him build a wide range of skills that help those with whom he works and teaches.
Bookmark the permalink.

Leave a Reply