11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 1/51
Chapter 3: MetasploitComponents andEnvironmentConfigurationFor any tool that we use to perform a
particular task, it's always helpful to
know that tool inside out. A detailed un-
derstanding of the tool enables us to use
it appropriately, making it perform to the
fullest of its capability. Now that you
have learned some of the absolute basics
of the Metasploit Framework and how to
install it, in this chapter you will learn
how the Metasploit Framework is struc-
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 2/51
tured and the various components of the
Metasploit ecosystem.
The following topics will be covered in
this chapter:
Anatomy and structure of Metasploit
Metasploit components: auxiliaries, ex-
ploits, encoders, payloads, and post
Getting started with msfconsole and
common commands
Variables in Metasploit
Updating the Metasploit Framework
TechnicalrequirementsThe following software is required:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 3/51
Kali Linux
Metasploit Framework
Anatomy and structureof MetasploitThe simplest method to learn the struc-
ture of Metasploit Framework is to
browse and explore through its applica-
tion directory. In Kali Linux, the
Metasploit Framework can be located at
/usr/share/metasploit-framework, as
shown in the following screenshot:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 4/51
Figure 3.1 – Metasploit Framework
directory
At a broad level, the Metasploit
Framework structure is as shown in the
following screenshot:
Figure 3.2 – Metasploit Framework
Structure
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 5/51
We'll be using tools/utilities from each of
these categories as we progress through
the book.
In the next section, we'll have a brief
overview of all the Metasploit
components.
Metasploit componentsand environmentconfigurationThe Metasploit Framework has various
component categories based on their role
in the penetration testing phases. Each of
the component categories has various
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 6/51
modules and plugins that we can use in
the exploitation process.
The following sections will provide a de-
tailed understanding of what each com-
ponent category is responsible for.
Auxiliaries
You have learned so far that Metasploit is
a complete penetration testing frame-
work and not just a tool. When we call it
a framework, it means that it consists of
many useful tools and utilities. Auxiliary
modules in the Metasploit Framework
are nothing but small pieces of code that
are meant to perform a specific task (in
the scope of our penetration testing life
cycle). For example, you might need to
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 7/51
perform a simple task of verifying
whether a certificate of a particular
server has expired or not, or you might
want to scan your subnet and check
whether any of the FTP servers allow
anonymous access.
Such tasks can be very easily accom-
plished using the auxiliary modules
present in the Metasploit Framework.
There are more than 1,000 auxiliary
modules spread across 19 categories in
the Metasploit Framework.
The following table shows various cate-
gories of auxiliary modules present in
the Metasploit Framework:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 8/51
Don't get overwhelmed with the number
of auxiliary modules present in the
Metasploit Framework. You may not
need to know each and every module in-
dividually. You just need to search for the
right module in the required context and
use it accordingly. We will now see how
to use an auxiliary module.
During the course of this book, we will
use many different auxiliary modules as
and when required; however, let's get
started with a simple example:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 9/51
1. Open up a terminal window and start
Metasploit using the msfconsole
command.
2. Select the portscan/tcp auxiliary mod-
ule to perform a port scan against a tar-
get system.
3. Using the show command, list all the pa-
rameters that need to be configured in
order to run this auxiliary module.
4. Using the set RHOSTS command, set the
IP address of our target system.
5. Using the set PORTS command, select
the port range you want to scan on
your target system.
6. Using the run command, execute the
auxiliary module with the parameters
configured earlier.
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 10/51
You can see the use of all the previously
mentioned commands in the following
screenshot:
Figure 3.3 – Auxiliary TCP Port Scanner
Next, we will be covering payloads.
Payloads
To understand what a payload does, let's
consider a real-world example. A mili-
tary unit of a certain country develops a
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 11/51
new missile that can travel a range of 500
km at very high speed. Now, the missile is
of no use unless it's armed with the right
kind of ammunition. Now, the military
unit decided to load high explosive mate-
rial within the missile so that when the
missile hits the target, the explosive ma-
terial within the missile explodes and
causes the required damage to the en-
emy. In this case, the high explosive ma-
terial within the missile is the payload.
The payload can be changed based on the
severity of damage that is to be caused by
the missile.
Similarly, payloads in the Metasploit
Framework let us decide what action is
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 12/51
to be performed on the target system
once the exploit is successful.
Singles: These are sometimes also re-
ferred to as inline or non-staged pay-
loads. Payloads in this category are a
completely self-contained unit of the
exploit and require shellcode, which
means they have everything that is re-
quired to exploit the vulnerability on
the target. The disadvantage of such
payloads is their size. Since they con-
tain the complete exploit and shellcode,
they can be quite bulky at times, ren-
dering them useless in scenarios with
size restrictions.
Stagers: There are certain scenarios
where the size of the payload matters a
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 13/51
lot. A payload with even a single byte
extra may not function well on the tar-
get system. The stager's payload comes
in handy in such a situation. The
stager's payload simply sets up a con-
nection between the attacking system
and the target system. It doesn't have
the shellcode necessary to exploit the
vulnerability on the target system.
Being very small in size, it fits in well in
many scenarios.
Stages: Once the stager payload has set
up a connection between the attacking
system and the target system, the stages
payloads are then downloaded on the
target system. They contain the re-
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 14/51
quired shellcode to exploit the vulnera-
bility on the target system.
The following screenshot shows a sample
payload that can be used to obtain a re-
verse TCP shell from a compromised
Windows system:
Figure 3.4 – Reverse TCP Payload
You will be learning how to use various
payloads along with exploits, in the up-
coming chapters.
Exploits
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 15/51
Exploits are a crucial part of the
Metasploit Framework. An exploit is
nothing but the actual piece of code that
gives the required access to the target
system. There are more than 2,500 ex-
ploits spread across more than 19 cate-
gories based on platform supported by
exploit. Now, you might be thinking that,
out of so many available exploits, which
is the one that needs to be used? The de-
cision to use a particular exploit against a
target can be made only after extensive
enumeration and vulnerability assess-
ment of our target. (Refer to the section
penetration testing life cycle in Chapter 1,
Introduction to Metasploit and Supporting
Tools).
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 16/51
Proper enumeration and a vulnerability
assessment of the target will give us the
following information based on which
we can choose the correct exploit:
Operating system of the target system
(including exact version and
architecture)
Open ports on the target system
(Transmission Control Protocol (TCP)
and User Datagram Protocol (UDP)
Services along with versions running
on the target system
Probability of a particular service being
vulnerable
The following table shows the various
categories of exploits available in the
Metasploit Framework:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 17/51
In the upcoming chapters, we'll see how
to use an exploit against a vulnerable tar-
get. Now, we will move ahead to under-
stand the use of encoders during
exploitation.
Encoders
In any real-world penetration testing sce-
nario, it's quite possible that our attempt
to attack the target system would be de-
tected by some kind of security software
present on the target system. This may
jeopardize all our efforts to gain access to
the remote system. This is exactly when
encoders come to the rescue. The job of
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 18/51
the encoders is to obfuscate our exploit
and payload in such a way that, in the
target system, it goes unnoticed by all of
the security systems.
The following table shows the various en-
coder categories available in the
Metasploit Framework:
We'll be looking at encoders in more de-
tail in the upcoming chapters. We'll now
move ahead to understand use of NOPs
during exploitation.
NOPs
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 19/51
In the context of Assembly Language,
NOP means No Operation instruction.
NOPs can be useful at times while writ-
ing exploits or shellcodes. Adding NOPs
can significantly help in modifying the
payload signatures and thereby avoiding
detection.
The Metasploit Framework comes with
NOPs for various platforms, as shown in
the following table:
We'll see this in more detail in Chapter 6,
Client-Side Attacks with Metasploit, when
we generate custom payloads using
MSFPC.
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 20/51
We'll now move on to see various mod-
ules for post-exploitation techniques.
Post
The post modules contain various scripts
and utilities that help us to further infil-
trate our target system after a successful
exploitation. Once we successfully exploit
a vulnerability and get into our target
system, post-exploitation modules may
help us in the following ways:
Escalate user privileges
Dump OS credentials
Steal cookies and saved passwords
Get key logs from the target system
Execute PowerShell scripts
Make our access persistent
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 21/51
The following table shows the various
categories of post modules available in
the Metasploit Framework:
The Metasploit Framework has more
than 250 such post-exploitation utilities
and scripts. We'll be using some of them
when we discuss post-exploitation tech-
niques in more detail in the upcoming
chapters. We'll now move ahead to learn
more about the evasion modules.
Evasion
Most of the payloads and shellcodes that
are generated from the Metasploit
Framework get detected by anti-virus or
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 22/51
other security software. In order to avoid
detection, the payloads need to be modi-
fied. The latest version of the Metasploit
Framework offers special evasion mod-
ules that will help modify the payloads to
avoid detection.
We'll see more details on the evasion
modules in Chapter 8, Antivirus Evasion
and Anti-Forensics. Now, we will get
started with msfconsole.
Getting started withmsfconsoleNow that we have a basic understanding
of the structure of the Metasploit
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 23/51
Framework, let's get started with the ba-
sics of msfconsole practically.
msfconsole is nothing but a simple com-
mand-line interface of the Metasploit
Framework. Though msfconsole may ap-
pear a bit complex initially, it is the easi-
est and most flexible way to interact with
the Metasploit Framework. We'll use ms-
fconsole for interacting with the
Metasploit Framework throughout the
course of this book.
Information
Some of the Metasploit editions do offer a
GUI and a web-based interface. However,
from a learning perspective, it's always
recommended to master the command-
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 24/51
line console of the Metasploit Framework,
which is msfconsole.
Let's look at some of the msfconsole
commands:
The banner command: The banner com-
mand is a very simple command used
to display the Metasploit Framework
banner information. This information
typically includes its version details and
the number of exploits, auxiliaries, pay-
loads, encoders, and NOPs generators
available in the currently installed
version.
Its syntax is msf> banner.
The following screenshot shows the use
of the banner command:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 25/51
Figure 3.5 – Metasploit Framework
Banner
The version command: The version
command is used to check the version
of the current Metasploit Framework
installation. You can visit the following
site in order to check the latest version
officially released by Metasploit:
https://github.com/rapid7/metasploit-
framework/wiki/Downloads-by-Version.
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 26/51
Its syntax is msf> version.
The following screenshot shows the use
of the version command:
Figure 3.6 – Metasploit Framework ver-
sion check
The connect command: The connect
command in the Metasploit Framework
gives similar functionality to that of a
puTTY client or Netcat. You can use this
feature for a quick port scan or for port
banner grabbing.
Its syntax is msf> connect <ip:port>.
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 27/51
The following screenshot shows the use
of the connect command:
Figure 3.7 – Metasploit Framework 'con-
nect' command
The help command: As the name sug-
gests, the help command offers addi-
tional information on the usage of any
of the commands within the Metasploit
Framework.
Its syntax is msf> help.
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 28/51
The following screenshot shows the use
of the help command:
Figure 3.8 – Metasploit Framework 'help'
command
The route command: The route com-
mand is used to add, view, modify, or
delete the network routes. This is used
for pivoting in advanced scenarios,
which we will cover later in this book.
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 29/51
Its syntax is msf> route.
The following screenshot shows the use
of the route command:
Figure 3.9 – Metasploit Framework
'route' command
The save command: At times, when
performing a penetration test on a com-
plex target environment, a lot of config-
uration changes are made in the
Metasploit Framework. Now, if the pen-
etration test needs to be resumed again
at a later point of time, it would be re-
ally painful to configure the Metasploit
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 30/51
Framework again from scratch. The
save command saves all the configura-
tions to a file and it gets loaded upon
the next startup, saving all the reconfig-
uration efforts.
Its syntax is msf>save.
The following screenshot shows the use
of the save command:
Figure 3.10 – Metasploit Framework
'save' command
The sessions command: Once our tar-
get is exploited successfully, we nor-
mally get a shell session on the target
system. If we are working on multiple
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 31/51
targets simultaneously, then there
might be multiple sessions actively
open at the same time. The Metasploit
Framework allows us to switch be-
tween multiple sessions as and when
required. The sessions command lists
all the currently active sessions estab-
lished with various target systems.
Its syntax is msf>sessions.
The following screenshot shows the use
of the sessions command:
Figure 3.11 – Metasploit Framework 'ses-
sions' command
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 32/51
The spool command: Just as any appli-
cation has debug logs that help out in
debugging errors, the spool command
prints out all of the output to a user-de-
fined file along with the console. The
output file can later be analyzed if
needed.
Its syntax is msf>spool.
The following screenshot shows the use
of the spool command:
Figure 3.12 – Metasploit Framework
'spool' command
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 33/51
The show command: The show com-
mand is used to display the available
modules within the Metasploit
Framework or to display additional in-
formation while using a particular
module.
Its syntax is msf> show.
The following screenshot shows the use
of the show command:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 34/51
Figure 3.13 – Metasploit Framework
'show' command
The info command: The info com-
mand is used to display details about a
particular module within the
Metasploit Framework. For example,
you might want to view information on
the Meterpreter payload, such as what
the supported architecture is and the
options required in order to execute it:
Its syntax is msf> info.
The following screenshot shows the use
of the info command:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 35/51
Figure 3.14 – Metasploit Framework 'info'
command
The irb command: The irb command
invokes the interactive Ruby platform
from within the Metasploit Framework.
The interactive Ruby platform can be
used for creating and invoking custom
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 36/51
scripts typically during the post-ex-
ploitation phase.
Its syntax is msf>irb.
The following screenshot shows the use
of the irb command:
Figure 3.15 – Metasploit Framework 'irb'
shell
The makerc command: When we use
the Metasploit Framework for pen test-
ing a target, we fire many commands.
At end of the assignment or that partic-
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 37/51
ular session, we might want to review
the activities we performed through
Metasploit. The makerc command sim-
ply writes out the entire command his-
tory for a particular session to a user-
defined output file.
Its syntax is msf>makerc.
The following screenshot shows the use
of the makerc command:
Figure 3.16 – Metasploit Framework
'makerc' command
The search command: The Metasploit
Framework is a package of many ex-
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 38/51
ploits and payloads. At times, it can be
quite overwhelming to find the exact
exploit or module. This is when the
search command comes in handy. For
example, if we wish to check what ex-
ploits are available for VLC, then we
could use the search command.
Its syntax is msf>search <string>.
The following screenshot shows the use
of the search command:
Figure 3.17 – Searching for 'VLC' exploits
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 39/51
It is even possible to search based on au-
thor, Common Vulnerabilities and
Exposures (CVE), date, port, platform,
and so on. Just use the help search com-
mand as shown in the following screen-
shot for more search parameters:
Figure 3.18 – Metasploit Framework help
for 'search' command
We will be now moving ahead to under-
stand the variables in Metasploit.
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 40/51
Variables in MetasploitFor most exploits that we use within the
Metasploit Framework, we need to set
values to some of the variables. The fol-
lowing are some of the common and
most important variables in the
Metasploit Framework:
Now that we have seen different vari-
ables, let's have a look at some of the
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 41/51
common commands used for assigning
variable values.
The get command: The get command is
used to retrieve the value contained in
a particular local variable within the
Metasploit Framework. For example,
you might want to view the IP address
of the target system that you have set
for a particular exploit.
Its syntax is msf>get.
The following screenshot shows the use
of the msf> get command:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 42/51
Figure 3.19 – Metasploit Framework 'get'
command
The getg command: The getg com-
mand is very similar to the get com-
mand, except it returns the value con-
tained in the global variable.
Its syntax is msf> getg.
The following screenshot shows the use
of the msf> getg command:
Figure 3.20 – Metasploit Framework 'getg'
command
The set and setg commands: The set
command assigns a new value to one of
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 43/51
the (local) variables (such as RHOST,
RPORT, LHOST, and LPPORT) within the
Metasploit Framework. However, the
set command assigns a value to the
variable that is valid for a limited
session/instance. The setg command
assigns a new value to the (global) vari-
able on a permanent basis, so that it
can be used repeatedly whenever
required.
Its syntax is: msf> set <VARIABLE>
<VALUE>
msf> setg <VARIABLE> <VALUE>
We can see the set and setg commands
in the following screenshot:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 44/51
Figure 3.21 – Metasploit Framework 'set'
and 'setg' commands
The unset and unsetg commands: The
unset command simply clears the value
previously stored in a (local) variable
through the set command. The unsetg
command clears the value previously
stored in a (global) variable through the
setg command.
Its syntax is:
msf> unset<VARIABLE>
msf> unsetg <VARIABLE>
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 45/51
We can see the unset and unsetg com-
mands in the following screenshot:
Figure 3.22 – Metasploit Framework 'un-
set' and 'unsetg' commands
For using most modules within the
Metasploit Framework, remember the
following sequence:
1. Use the use command to select the re-
quired Metasploit module.
2. Use the show options command to list
what all variables that are required in
order to execute the selected module.
3. Use the set command to set the values
for required variables.
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 46/51
4. Use the run command to execute the
module with the variables configured
earlier.
We'll now move ahead to understand
how Metasploit Framework can be
updated.
Updating theMetasploit FrameworkThe Metasploit Framework is commer-
cially backed by Rapid 7 and has a very
active development community. New vul-
nerabilities are discovered on almost a
daily basis in various systems. For any
such newly discovered vulnerability, it's
quite likely that you'll get a ready-to-use
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 47/51
exploit in the Metasploit Framework.
However, in order to keep abreast of the
latest vulnerabilities and exploits, it's im-
portant to keep the Metasploit
Framework updated. You will not have to
re-equip the framework consistently (un-
less penetration testing is a part of your
daily work); having said that, you can al-
ways aim to update it on a weekly basis.
The Metasploit Framework offers a sim-
ple utility called msfupdate that connects
to the online repository and fetches the
updates:
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 48/51
Figure 3.23 – Metasploit Framework
Update
Alternatively, we can also use the apt
update; apt install metasploit-
framework command to update the
Metasploit Framework to the latest ver-
sion available.
Summary
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 49/51
We started this chapter with a brief over-
view of the anatomy and structure of the
Metasploit Framework including
Auxiliaries, Payloads, Exploits, NOPS,
POST, Encoders and Evasion. We then be-
gan using the msfconsole and the com-
mon commands like help, show, banner,
connect, and so on. We then learnt about
essential variables used in the frame-
work along with how to assign them val-
ues using commands such as set and setg.
We also had a look at how to keep our
Metasploit Framework up to date. In the
next chapter, we'll start using the
Metasploit Framework for performing in-
formation gathering and enumeration on
our target systems.
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 50/51
ExerciseYou can try the following exercises:
Browse through the directory structure
of the Metasploit Framework.
Try out some of the common console
commands discussed in this chapter.
Update the Metasploit Framework to
the latest available version.
Further readingMore information on the components of
the Metasploit Framework can be found
at https://www.offensive-
security.com/metasploit-
unleashed/metasploit-fundamentals/.
11/8/22, 8:03 PM Chapter 3: Metasploit Components and Environment Configuration | Metasploit 5.0 for Beginners – Second Edition
https://learning.oreilly.com/library/view/metasploit-5-0-for/9781838982669/B15240_03_Final_ASB_ePub.xhtml#_idParaDest-43 51/51
©2022 O'REILLY MEDIA, INC.
Support Sign Out
TERMS OF SERVICE PRIVACY POLICY
