Metasploit is a powerful framework for penetration testing and vulnerability assessment. It can be used to test the security of networks, servers, and applications. Kali Linux is a popular distribution of Linux that comes pre-installed with many security tools, including Metasploit. In this tutorial, I will provide a step-by-step guide on how to use Metasploit in Kali Linux.
What Is msfconsole?
msfconsole is the most commonly used shell-like all-in-one interface that allows you to access all features of Metasploit. It has Linux-like command-line support as it offers command auto-completion, tabbing, and other bash shortcuts.
It’s the main interface that’ll allow you to work with Metasploit modules for scanning and launching an attack on the target machine. Consider checking the Mastering Metasploit: The Ultimate Cheat Sheet
Metasploit Modules
Metasploit has small code snippets that enable its main functionality. However, before explaining the modules, you must be clear about the following recurring concepts:
- Vulnerability: It is a flaw in the design or code of the target that makes it vulnerable to exploitation leading to the disclosure of confidential information.
- Exploit: A code that exploits the found vulnerability.
- Payload: It’s a code that helps you achieve the goal of exploiting a vulnerability. It runs inside the target system to access the target data, like maintaining access via Meterpreter or a reverse shell.
Now moving towards the five main modules of Metasploit:
- Auxiliary: The auxiliary module contains a set of programs such as fuzzers, scanners, and SQL injection tools to gather information and get a deeper understanding of the target system.
- Encoders: Encoders encrypt the payloads/exploits to protect them against signature-based antivirus solutions. As payloads or exploits contain null or bad characters, there are high chances for them to be detected by an antivirus solution.
- Exploit: As discussed earlier, an exploit is a code that leverages the target vulnerabilities to ensure system access via payloads.
- Payload: As mentioned before, payloads help you achieve the desired goal of attacking the target system. That means they will either help you get an interactive shell or help you maintain a backdoor, run a command or load malware, etc. Metasploit offers two types of payloads: stageless payloads and staged payloads.
- Post: The post-exploitation module will help you gather further information about the system. For instance, it can help you dump the password hashes and look for user credentials for lateral movement or privilege escalation.
You can use the following commands to view each module and its categories:
cd /usr/share/metasploit-framework/modules
ls
tree -L 1 module-name/Why Learn and Use Metasploit?
Before tools like Metasploit came along, penetration testers had to carry out all tasks manually using various tools, some not even supported by the target system. They had to code their tools and scripts from scratch before deploying them manually on the target system or network. A term like ‘Remote testing’ used today was uncommon. However, that has changed with Metasploit.
This framework comes with more than 1677 exploits (regularly updated) for over 25 platforms. That includes Android, Windows, Linux, PHP, Java, Cisco, etc. It also comes with more than 500 payloads which include:
- Dynamic payloads that enable users to generate payloads and scripts that are undetectable by antiviruses.
- Command shell payloads that enable users to gain access and execute commands/ scripts on the target machine.
- Meterpreter payloads provide users with an interactive command-line shell that you can use to explore and exploit the target machine.
Minimum System Requirements for Metasploit
Kali Linux (in its barebones state) can run on as little as 128MB of RAM and 2GB of disk space, but this isn’t sufficient to run Metasploit Framework. For that, the minimum system requirements are:
- Processor: 2GHz+ processing power
- Memory: 4GB of RAM (8GB is recommended)
- Storage: 1GB of disk space (50GB is recommended)
Note: If you are installing Metasploit Framework as a stand-alone application on Windows, Linux, or OSX, you should disable your antivirus software and firewall as these can interfere with installation and operation!
Setup Your Virtual Lab
If you don’t want to install Kali Linux as Dual Boot in Windows then you can Install VMware or Virtual Box in Windows. VMware helps you to run Kali Linux inside Windows. VMware or Virtual Box are easy to use. You can setup your virtual penetration testing lab by following this tutorial:
Kali Linux Basics
You need a basic Kali Linux usage knowledge to use Metasploit for Hacking. If you don’t have any experience of using Kali Linux, Don’t Worry. You can get the free training from Offensive Security from the following link:
https://kali.training/lessons/introduction/
Basic Python Programming and Bash Scripting
You must have a basic programming language knowledge in Python. Hackers mostly used Python for hacking purposes. Bash Scripting is used for the automation of tasks and you can learn Python and Bash Scripting in Free from Udemy:
https://www.udemy.com/python-programming-beginners/
https://www.udemy.com/bash-shell-scripting-tutorial-for-beginners/
How to Use Metasploit’s Interface: msfconsole
To begin using the Metasploit interface, open the Kali Linux terminal and type msfconsole.
By default, msfconsole opens up with a banner; to remove that and start the interface in quiet mode, use the msfconsole command with the -q flag.
The interface looks like a Linux command-line shell. Some Linux Bash commands it supports are ls, clear, grep, history, jobs, kill, cd, exit, etc.
Type help or a question mark “?” to see the list of all available commands you can use inside msfconsole. Some of the most important ones that we will use in this article are:
| Command | Description |
|---|---|
| search | Allows you to search from the Metasploit database based on the given protocol/application/parameter |
| use | Allows you to choose a particular module and changes the context to module-specific commands |
| info | Provides information about the selected module |
| show | Displays information about the given module name and options for the current module |
| check | Checks if the target system has a vulnerability |
| set | It’s a context-specific variable that configures options for the current module |
| unset | Removes previously set parameters |
| run | Executes the current module |
Before beginning, set up the Metasploit database by starting the PostgreSQL server and initialize msfconsole database as follows:
systemctl start postgresql
msfdb initNow check the database status by initializing msfconsole and running the db_status command.
MySQL Exploitation Using Metasploit
For demonstration purposes, set up the open-source vulnerable Linux machine Metasploitable2.
MySQL Reconnaissance With msfconsole
Find the IP address of the Metasploitable machine first. Then, use the db_nmap command in msfconsole with Nmap flags to scan the MySQL database at 3306 port.
db_nmap -sV -sC -p 3306 <metasploitable_ip_address>You can run the regular nmap -p- <metasploitable_ip_address> command to confirm MySQL database’s port number.
Use the search option to look for an auxiliary module to scan and enumerate the MySQL database.
search type:auxiliary mysqlFrom the above list, you can use the auxiliary/scanner/mysql/mysql_version module by typing the module name or associated number to scan MySQL version details.
use 11Or:
use auxiliary/scanner/mysql/mysql_versionNow use the show options command to display the necessary parameters required for executing the current module:
The output displays that the only required and unset option is RHOSTS which is the IP address of the target machine. Use the set rhosts command to set the parameter and run the module, as follows:
The output displays the similar MySQL version details as the db_nmap function.
Bruteforce MySQL Root Account With msfconsole
After scanning, you can also brute force MySQL root account via Metasploit’s auxiliary(scanner/mysql/mysql_login) module.
You’ll need to set the PASS_FILE parameter to the wordlist path available inside /usr/share/wordlists:
set PASS_FILE /usr/share/wordlistss/rockyou.txtThen, specify the IP address of the target machine with the RHOSTS command.
set RHOSTS <metasploitable-ip-address>Set BLANK_PASSWORDS to true in case there is no password set for the root account.
set BLANK_PASSWORDS trueFinally, run the module by typing run in the terminal.
MySQL Enumeration With msfconsole
msfconsole also allows you to enumerate the database with the help of the auxiliary(admin/mysql/mysql_enum) module. It returns all the accounts with details such as associated privileges and password hashes.
To do that, you’ll have to specify the password, username, and rhosts variable.
set password ""
set username root
set rhosts <metasploitable-ip-address>Finally, run the module by typing:
runMySQL Exploitation With msfconsole
From the enumeration phase, it’s clear that the root account has file privileges that enable an attacker to execute the load_file() function. The function allows you to exploit the MySQL database by loading all data from the /etc/password file via the auxiliary(/admin/mysql/mysql_sql) module:
Again, set the username, password, and rhosts variable. Then, execute a query that invokes the load_file() function and loads the /etc/passwd file.
set sql select load_file(\"/etc/password\")Learn Metasploit for Penetration Testing on Linux
Metasploit modules help in all phases of penetration testing. Metasploit also enables users to create their own modules.
This article summarizes some main modules of the Metasploit framework and demonstrates how to scan, enumerate, and exploit a MySQL database on the Metasploitable 2 machine.
Metasploit isn’t the only penetration testing tool that you’ll use as a cybersecurity professional. There are several other utilities that you’ll need to familiarize yourself with if you want to become a security expert.
Conclusion
Congratulations!!!.. You have successfully learned “How to Use Metasploit for Hacking in Kali Linux”. I hope now you have good knowledge of using Metasploit in Kali Linux.
