Getting Familiar with Metasploit

21.1.1 Setup and work with MSF

Start a msf database service

sudo msfdb init

Enable the database at boottime

sudo systemctl enable postgresql

We can check the db with msf

db_status

We can create a workspace

workspace

workspace -a pen200

We can populate a workspace with some basic nmap data for example

db_nmap

db_nmap -A 192.168.50.202

We can use the workspace to discover hosts

hosts

services

services -p 8000

21.1.2 - Auxiliary modules

The Metasploit Framework includes hundreds of auxiliary modules that provide functionality such as protocol enumeration, port scanning, fuzzing, sniffing, and more.

show auxiliary

search type:auxiliary smb

Check auto-detected vulns after running auxiliary modules

vulns

Display all valid creds

creds

21.1.3 - Exploit modules
Exploit modules most commonly contain exploit code for vulnerable applications and services.

We can create a new workspace specifically for exploits

workspace -a exploits