Metasploit is one among the foremost powerful exploit tools. Most of its resources are often found at: https://www.metasploit.com. It comes in two versions − commercial and free edition. There are not any major differences within the two versions, so during this tutorial, we’ll be mostly using the Community version (free) of Metasploit.

As an Ethical Hacker, you’ll be using “Kali Distribution” which has the Metasploit community version embedded in it alongside other ethical hacking tools. But if you would like to put in Metasploit as a separate tool, you’ll easily do so on systems that run on Linux, Windows, or Mac OS X.

The hardware requirements to put in Metasploit are −

2 GHz+ processor
1 GB RAM available
1 GB+ available disc space

Matasploit are often used either with prompt or with Web UI.

To open in Kali, attend Applications → Exploitation Tools → metasploit.

After Metasploit starts, you’ll see the subsequent screen. Highlighted in red underline is that the version of Metasploit.

Exploits of Metasploit

From Vulnerability Scanner, we found that the Linux machine that we’ve for test is susceptible to FTP service. Now, we’ll use the exploit which will work for us. The command is −

use “exploit path”

The screen will appear as follows −

Then type mfs> show options so as to ascertain what parameters you’ve got to line so as to form it functional. As shown within the following screenshot, we’ve to line RHOST because the “target IP”.

We type msf> set RHOST 192.168.1.101 and msf>set RPORT 21

Then, type mfs>run. If the exploit is successful, then it’ll open one session that you simply can interact with, as shown within the following screenshot.

Metasploit Payloads

Payload, in simple terms, are simple scripts that the hackers utilize to interact with a hacked system. Using payloads, they will transfer data to a victim system.

Metasploit payloads are often of three types −

Singles − Singles are very small and designed to make some quite communication, then move to subsequent stage. for instance , just creating a user.
Staged − it’s a payload that an attacker can use to upload a much bigger file onto a victim system.
Stages − Stages are payload components that are downloaded by Stagers modules. the varied payload stages provide adva
nced features with no size limits like Meterpreter and VNC Injection.

Payload Usage − Example

We use the command show payloads. With this exploit, we will see the payloads that we will use, and it’ll also show the payloads which will help us upload /execute files onto a victim system.

To set the payload that we would like , we’ll use the subsequent command −

set PAYLOAD payload/path

Set the listen host and listen port (LHOST, LPORT) which are the attacker IP and port. Then set remote host and port (RPORT, LHOST) which are the victim IP and port.

Type “exploit”. it’ll create a session as shown below −

Now we will play with the system consistent with the settings that this payload offers.

So, this brings us to the end of blog. This Tecklearn ‘Metasploit in Ethical Hacking’ blog helps you with commonly asked questions if you are looking out for a job in Cyber Security. If you wish to learn Ethical Hacking and build a career in Cyber Security domain, then check out our interactive, Certified Ethical Hacker Training, that comes with 24*7 support to guide you throughout your learning period. Please find the link for course details:

https://www.tecklearn.com/course/certified-ethical-hacker-training/

Certified Ethical Hacker Training

About the Course

Tecklearn’s CEH certification training course provides you the hands-on training required to master the techniques hackers use to penetrate network systems and fortify your system against it. In this training, you will master how to identify security vulnerabilities by inspecting network infrastructures and defend the malicious hacker with essential tools and techniques, advanced network packet analysis and system penetration testing techniques to build your network security skill-set and prevent hackers. We will train you on the advanced step-by-step methodologies that hackers actually use such as writing virus codes and reverse engineering so you can better protect corporate infrastructure from data breaches.

Why Should you take Certified Ethical Hacker Training?

The average salary for a Cybersecurity Specialist is $110,881 per year in the United States and INR 900,000 per year in India – Indeed.com
Global Cybersecurity industry is estimated to cross US$ 220 billion by 2021.
Today cyber security is one of the most important aspects for any organization. In today’s digitally-driven world every organization needs professionals who can keep the hackers at bay. Hence the salaries for certified ethical hackers are among the best in the industry.

What you will Learn in this Course?

Introduction to Ethical hacking

Scope of ethical hacking
Enterprise information security architecture
Introduction and PCI Data Security Standard Overview
Role of Security and Penetration Testers
Vulnerability assessment
Various cyber security laws
Penetration testing

Various aspects of Information Security

Information security attacks
OS attacks
Application level attacks
Phases and Concepts of Hacking
Information Security Law and Standards

System Hacking

What is System Hacking
Goals of System Hacking
Understanding the certified ethical hacker methodology
About Kali Linux
Hands On

Technology Standards

Introduction to F5 Technology and Terms
POS (Point of Sale ) , mPoS
What is GLBA Compliance
OWASP
Site monitoring Tools
Introduction to PCI DSS Standard

Semantics and Introduction to Footprinting

What is Semantics
Fuzzy Logic
Footprinting

Threats

Types of Threats
Threats against the Application
Threat modelling
Hands on

Threat modelling

Threat modelling with STRIDE model
Ways to Find Security Issues
Penetration Testing Tools
Modelling Models – Whiteboard Diagrams, Brainstorming, Structured Diagrams etc.
Trust Boundaries
Threat Trees
DREAD Model

Example of Attack

Vulnerability Scanning Tools

OpenVAS
Wapiti
Burp Suite Community
Metasploit

Threat Modelling with Different models

Various Threat Models
PASTA Model in Depth

Advanced concepts like network packet analysis

Network scanning
How to scan the network, overview of scanning
WireShark
Sniffing attacks
File Signature

Got a question for us? Please mention it in the comments section and we will get back to you.

588