Metasploit is one of the world’s most powerful exploitation frameworks. Begun as an open-source project by HD Moore, it is now owned by the information security company Rapid7. Every hacker/pentester MUST be proficient in the use of Metasploit. In this section, I will try to provide you with all the skills you need to become a Metasploit expert.
If you are new to Metasploit, take a look at these articles from my Metasploit Basics series.
For more information on Metasploit, check out these tutorials.
Metasploit Basics for Hackers, Part 01: Getting Started with Metasploit
Welcome back, my aspiring cyber warriors! In this series, I will introduce you to the world’s most popular hacking/pentesting platform, Metasploit! Metasploit is the world’s leading exploitation/hacker framework. It is used–to some extent–by nearly every hacker/pentester. As such, you really need to become familiar with it if you want
Metasploit Basics, Part 02: Metasploit Module Types
In my first article in this Metasploit series, I introduced you to some of the key commands you need to know before using Metasploit. In this second article in the series, I want to introduce you the different types of modules found in Metasploit. When you start Metasploit into the
Metasploit Basics, Part 03: Payloads
Welcome back, my tenderfoot hackers! As you know, Metasploit is an exploitation framework that every hacker should be knowledgeable of and skilled at. It is one of my favorite hacking tools. Metasploit enables us to use pre-written exploits against known vulnerabilities in operating systems, browsers and other applications and place
Metasploit Basics, Part 04: Connecting and Using the postgresql Database with Metasploit
Welcome back, my aspiring Metasploit Cyber Warriors! In this series, we are exploring the power and features of the world’s most popular and powerful exploitation framework, Metasploit. In this tutorial, we will be examining how to connect the postgresql database to Metasploit. In this way, we can speed up our
Metasploit Basics, Part 05: Using Metasploit for Reconnaissance (nmap, EternalBlue, SCADA, and MS SQL)
Welcome back, my rookie hackers! As you know, reconnaissance is a crucial part of the hacker/pentester’s job. Without good reconnaissance, it is likely that all your work and effort will go for naught. As Metasploit has evolved from strictly an exploitation framework to a multi-faceted, penetration testing tool, it has
Metasploit Basics, Part 06 :The Armitage Metasploit User Interface
Welcome back, my aspiring White Hat Hackers! In this series on the world’s most popular exploitation framework, Metasploit, we have looked at the many ways to get started, including; 1. Getting Started and Keywords 2. Modules 3. Payloads 4. Connecting the postgresql Database 5. Scanning and Reconnaissance Before we advance
Metasploit Basics, Part 07: Adding a New Module (EternalBlue)
Welcome back, my greenhorn hackers! Often, new modules are developed for Metasploit, but are not included in the base configuration or updates. In such cases, you will need to manually add the module to Metasploit. In reality, this is not difficult with a touch of basic information and a dash
Metasploit Basics, Part 08: Exploitation with EternalBlue
Welcome back, my aspiring hackers! The Metasploit framework has become a multipurpose pentesting tool–but at its heart–it’s an exploitation tool. Up to this point in this series on Metasploit, we have been getting familiar with the various aspects of this tool, but now we will get to the best part,
Metasploit Basics, Part 09: Using msfvenom to Create Custom Payloads
At times, we may want to create a custom payload (for more on Metasploit payloads, see Metasploit Basics, Part 3: Payloads). For instance, we may want to embed a payload/listener into an application or other malicious software that we hope the target clicks and we can take control of their
Metasploit Basics, Part 10: Pivoting to Compromise the Network
Welcome back, my Metasploit aficionados! In this series, we began with the Metasploit basics and have progressed through exploitation and creating our own custom payloads. In this tutorial, we will examine how we can proceed after having exploited a single system on a network to controlling the entire network.
Metasploit Basics, Part 11: Exploiting Fileformat Vulnerabilities in MS Office
Welcome back, my fledgling hackers! As the operating system developers become more and more security conscious, operating system exploits become rarer. Not so rare that we don’t see them anymore (see ExternalBlue and the .NET vulnerability CVE-2017-8759), but rare enough that hackers tend to focus their efforts on the applications
Metasploit Basics, Part 12: Creating RC Scripts
In this series, I have been trying to familiarize you with the many features of the world’s best framework for exploitation, hacking, and pentesting, Metasploit. There are so many features, and techniques for using those features, that few pentesters/hackers are aware of all of them. Many times, when doing a
Metasploit Basics, Part 13: Exploiting Android Mobile Devices (Updated)
Welcome back, my budding hackers! The growth of the mobile device market has been dramatic over the past 10 years. From its birth in 2007 with the advent of the Apple phone, mobile devices now comprise over 50% of all web traffic in 2020. There are 5B mobile devices on
Metasploit Basics, Part 14: Updating the msfconsole
Welcome back my novice hackers! Recently, I have received numerous questions regarding how to update the msfconsole built into Kali. Until recently that was an easy question to answer. You simply enter “msfupdate” at the command line. Now, Rapid7–the developers of Metasploit– have changed how we update Metasploit when it
Metasploit Basics, Part 15: Post- Exploitation Fun (Web Cam, Microphone, Passwords and more)
Welcome back, my fledgling hackers! As we have progressed through this series on Metasploit Basics, we have used numerous techniques to exploit your target system including; 1. SMB Exploits (EternalBlue and MS08_067, for instance); 2. File Format (ms14-0440_sandworm, office_word_hta); 3. Browser Exploits (autopwn, Abobe Flash and numerous others); 4. Social
Metasploit Basics, Part 16: Metasploit SCADA Hacking
Metasploit is widely recognized as a powerful tool to conduct penetration testing and hacking on traditional IT systems, but few people recognize that it also has capabilities within the more obscure–but increasingly important– SCADA/ICS sector. Information security for SCADA/ICS is the next great frontier in our industry! If you want
Metasploit Basics, Part 17: Automobile Hacking with Metasploit
Automobile or car hacking is the leading edge of the hacking/penetration testing field. With the arrival of self-driving cars in the very near future, this field will only become even more important. For some background on this field, read my articles on the CAN protocol and the SocketCAN to better understand the technologies involved.
Metasploit Basics, Part 18: Marrying the Power of Shodan with Metasploit
Welcome back my rookie hackers! Every so often, I run across a new hacking tool that really gets me excited. Autosploit is one of those! Autosploit combines the power of two of my favorite tools, Shodan and Metasploit! AutoSploit uses Shodan to find specific targets based upon their banners and
Metasploit Basics, Part 19: Web Delivery for Windows
Welcome back, my Metasploit aficianodos! In the previous part of this series, we looked at how to use Metasploit’s web delivery exploit to create a script to connect to a UNIX, Linux, or OS X machine using Python. Many members of the Hackers-Arise community have asked me, “Can we do
Metasploit Basics, Part 20: Creating a Fake SMB Server to Capture Credentials
In a previous tutorials in this Metasploit Basics series, we learned how to use hashdump to pull password hashes from a local system. In “Cracking Passwords with Hashcat”, you learned how to crack these hashes with hashcat. In each of these cases, the password hashes were the passwords of the
Learn more in the courses:
