Getting Started with Metasploit
Key Takeaways
The video covers the basics of getting started with Metasploit, a framework used for exploiting vulnerabilities in systems, and demonstrates how to use it for vulnerability scanning, exploitation, and post-exploitation activities. It also covers the use of auxiliary modules, scanners, and meterpreter sessions.
Full Transcript
hello and welcome to a crash course on Metasploit mess plates a major topic and we could talk for a week on it you still wouldn't get it all however I'm gonna try to show you just let's get started with some basics show you some of the how the commands work how this whole thing gets set up and so I'm gonna go over this Metasploit cheat sheet along my way and this is over round tunnels up comm so head on over the air look for the cheat sheets find the Metasploit one and this is this is your notes okay you don't have to take notes I've already taken them for you just download that print it out so we've gotten a fresh instance of Callie over here I've we want to get started with mess plate so what do we do well I want to use the database in Metasploit so before I load mess why I want to load I'm gonna make sure the database works so service PostgreSQL start doesn't make sure is that the Postgres database is running and then msf DB and knit make sure that it's been initialized so this is going to go into the database and create users and tables and all that stuff it looks like it's already initialized so I don't need to do anything so it's time to load Metasploit MSF console so what is mass flight though that's why is a list of it's a framework that has a bunch of known vulnerabilities and like scripts for those vulnerabilities to go and try to execute those scripts on a system that is vulnerable to that vulnerability and look at this when it loads it has 1585 vulnerabilities and this grows weekly and so if if we have a system that's vulnerable to one of these things we can load it and then execute it and then we're in that system so we'll show you how that works but the first thing before you do anything you're gonna want to say MSF update every week there's a new update and Metasploit and it's best to stay on the latest update and well I'm already updated but if you have to do this update I recommend exiting out of Metasploit and loading it again because sometimes there's some funky behavior during it up after an upgrade and so just reload Metasploit okay so we're all set we're updated we've got our database running what do we do now let's take a look at help to help gonna have all our commands that are available for Metasploit and we've got all these things and so you can use this this is very helpful I'm gonna take a look at DB status just make sure and it says we're connected so if we're gonna be using the database you need to make sure DB status has connected now the database is entirely optional you don't have to use it but I'm gonna show you why it's super helpful and super cool so now we want to exploit something what are we gonna X well gotta have a system to exploit a target a victim got this server on 192 and 6856 102 I've downloaded Metasploit able so this is a server that rapid7 makes that is actually a vulnerable vm that lets you attack it and it's got vulnerabilities that you can practice medicine with so that's there but take notice I just did ping from the Metasploit command prompt and you can do like I have config and map and all sorts of other things from the command prompt if you want it you've got a lot of Linux goals here so keep in mind you don't have to exit out of mask plate just to check your IP or route or anything all right so from here we've got this system we want to try to exploit it so we could do an nmap but i'm gonna do step better I'm gonna do DB nmap and I'm gonna run a DB end map on this system know what's then map do it does a scan port scan on this system and actually - SS means it's gonna do a TCP scan and then - a is gonna run all sorts of scripts to say what are the versions of these applications what are the versions of the OS and all this kind of stuff so hopefully just gives us back a lot of information but this is only gonna tell us what ports are open in order to really know a vulnerability exists on a system or at least to have a better a better chance of knowing you're gonna want to run a vulnerability scanner and that's gonna be like Nessus or rapid7 never app itself it makes next beause scanner and so some kind of scanner like that is really powerful and it's gonna get into that system and it's gonna try doing default passwords and all kinds of basic passwords and it's gonna try sending some payload data to that host and try to exploit it and it's gonna come back and tell you what vulnerabilities it's you know vulnerable to you and then you can come into Metasploit and use those vulnerabilities in our case we're not gonna use necess and we're just gonna use n map and see what we can find so n map results came in it has a lot of information here and if you weren't using the database you'd probably be copying some of this stuff down and putting it in notepad and stuff but let me show you some cool stuff Hosts is a command to show us to the hosts that are in our database Services is a command to show us the services that are in our database and this is super cool so on this host and you can see it's all the same host all these ports are open they're all using TCP this is their service name they're all open and then any extra information that I was able to get and now this is really cool like we actually have versions of of applications so now what okay we've got all these and this is all the data out of the nmap scan it just got stuck in the database and this is gonna be super helpful to simply type services and see this anytime we want okay so we've got all these vulnerability or not vulnerabilities these are all just ports that are open but what could we do about this look as unreal IRC chat server seems to be open on 6 6 6 7 anyways so let's start with our exploits right so we want to see what exploits there are we could do show exploit and that's gonna show us all the exploits and you saw there was like over a thousand of them I don't want to show you a list of a thousand but wait but when you look at that you're gonna see that they're organizing like operating system application and then vulnerability so you might see Windows mssql TCP overload or something and so if you kind of know what you're searching for then you can search for that's particular string within within the all the exploits so that's the command search so we search for well let's just search for a vs FTP D and see if there's anything going on here and so this is like oh saying is the exploit Unix FTP and envious FTP daemon back and this is interesting it has a description and says version two point three point four command backdoor execution and that's exactly what this system is running two point three point four so we've got a pretty solid match let's try this so we'll say use and we'll paste that in so now we've got this here let's say show options and see what options are are for this particular exploit looks like the our host is the only option so we'll set our host 192 168 50 6.02 and yes 21 is where the FTP server is running if it was running on something else we'd just that there are targets we're just gonna leave as automatic and we'll say exploit now if you don't like typing X late we can type run it's the same exact command there's just an alias for it okay so it's a tempting bound shell command shell one session one opened now I tell you if you see this where it says session has been open you can jump up and celebrate you be you've just got shell access to a system pop - shell wait what's happening what's going on here not all shells are the same in this particular case this shell doesn't give us any sort of prompt but we can do a command like LS - la and we can see results so we're in the shell of something we could say PWD print working directory or ID tells me who I am I'm root holy cow so from here I can go into like root SSH and I don't know get into the authorized keys add my key to the my public key to the SSH the root folder and then everything if I try to SSH this I'll come in as root so that's kind of a really powerful stuff so you see that we're in the shell as root we've already got root access this is cool I'm gonna hit ctrl Z and that's gonna send this session to the background let me teach you about sessions real quick so if I type sessions - L you can see that we have one session and I can say a session - pi which is interact one and that gets us sessions and that gets us back into where we were and even shows us where we were this is back in that shell that you got so you can pop in and out of any shell you want in case you want to go back into mess ploy and do something else okay that's great we got into something I could stop there but let me show you some more cool things when we loaded miss Floyd I think you saw that it said there was some other kind of other things too so we had this many exploits but we also had this auxiliary stuff what's auxilary let me show you show we're gonna go back to services right and we're gonna see all this stuff we're gonna have all these things going on so maybe so auxilary is all sorts of extra information gathering tools it's not an exploit it might be something like a scanner or attempting to find specific things in the network so let's see I want to search for I want to search for I want to see if there's any Anana FTP anonymous FTP logins so here we go we've got exhilarate scanner FTP anonymous so we're gonna try this one whereas I use auxilary scanner FTP and show options and it's gonna try this username anonymous and this password so we'll set our hosts and in this case we can say more than one we can we can say the whole 24 subnet you know if we have a site or block or we can say let's just do 102 or we can do like another host if we want to well we'll just set our host to be this one but I want you to know that you know this kind of the auxilary stuff can be set to do multiple hosts at once and so this is really powerful if you have a whole subnet you can use an auxilary can to say do this against the whole subnet like it can pretty much do what nmap can as well as a lot more stuff so when we run this it says it's complete kind of it's not sure what's happening but if we go into the cred if we type creds this is gonna tell us in our database what credentials we have or we found and Metasploit found that you know this server has anonymous login for ftp and so now you now see that we have successfully done a anonymous connection to ftp server there so auxilary scanners and our auxiliary modules are really helpful at giving you an extra piece of information that you may be able to get off get into or use or something that you may not have spotted before or it's just you know extra information gathering so don't be afraid to use auxiliary modules all right so let's check out another another vulnerability see if we can find something else here so we can go down the line and try to do things like search for a lot of these things and see which ones are vulnerable or not I'm gonna search for PostgreSQL see if there's anything going on in here oh so there's a lot of stuffs all right so we've got some auxilary stuff and so maybe this is uh this will do a query see if we can do a query on this Postgres and maybe we have you know a login attempt auxilary can try some of these things right we can do all kinds of Postgres auxilary stuff but i'm curious what the exploits say so we're looking at stuff that starts with exploit well look it so this was exploit slash Linux this is exploit slash windows so since this is a Linux one let's try this vulnerability so we'll say use that and now I'll do show options and I don't know that ato is your password or our hosts will say oh I dunno our hosts so I'll do 192 168 56 102 that's what so it's saying our port is 5 4 3 2 so let's make sure that's right so we do services and we see Postgres is running on 5 4 3 2 so we don't have to change that the target is fine if you don't like that you could do show targets and you know these are our optional targets but we'll keep that as the same but then there's something that's not shown here and it's not showing because it's just gonna use the default and that's the payloads so you saw on our previous exploit our payload was a shell we got a shell access to that Linux server that was our payload so payload is something that is executed after we get our vulnerability so you know great you're vulnerable now what do you want to do and the payload is what you're gonna do after that so if we do if we show our options and this one to see what payloads we have there's a lot of options so first of all it's gonna say all of these are for Linux x86 at the end here you see there's the shell so we have we can do a shell if we want so if we wanted our payload to be a shell then here we go we get a shell but Metasploit has this really cool thing called meterpreter and we're gonna say we're gonna use an interpreter buying tcp shell so it's gonna be you know set payload this meterpreter buying tcp now when we do show options we should see that payload here and in fact it's even asking us for well it doesn't ask us for anything else so we're good to go so we've added this payload and what you'll see is what an interpreter can do so let's run this and see what happens all right so it sends this vulnerable file - it tried to execute it and sure enough it did because we see mr. meterpreter session 2 opened and if I do control Z and exit and do sessions - shall we now see that there are two sessions ones are meterpreter ones a linux shell so sessions - I - all right so once again once we get meterpreter session open we celebrate it's celebration time you just got a shell or you you know got into that server that's what does meterpreter do like there's a command prompt here what well now we're looking at the bottom of our cheat sheet here at all the different meterpreter commands so first it's this info this tells us the hostname of the system the you name output the architecture we're dealing with is great we could do LS and we can do a cat on a file so it's kind of like shell access right and we can even edit that file if we wanted so now we're in here editing things but there's also lots of really cool commands that meterpreter has it's got all kinds of scripts like for instance you could drop into a Python shell or Python interpreter and start writing your own Python script that you can execute on that system if you're in Windows you could probably take a screenshot of that system or do a you know whatever the users seeing or do a a keyboard logger and see whatever the users typing you can see what they're doing so meterpreter has a lot of really cool commands that you can do and you can even like get a file right so if I wanted to download this route CRT its downloaded now and now if I exit out a meterpreter and do LS we can see it's here on my local machine so this this makes things like you know easier to interact with with that system you know if you want to exhale data out of it then this is a way for you to do it so meterpreter has a ton of really cool commands including shell so you could just drop right into a shell and see what you're doing like where am i and all this stuff if you exit out of the shell you're back to the meterpreter prompt yeah so my turret is really powerful and I could go on and on and on about it so I'm just gonna leave it there as just something that's like it's a really good - about for you to use again you can do help at the meterpreter prompt and you can see all the different things you can look at the the ARP table on that host see you can look at the routing table on that host you can do all kinds of things IRB is the Ruby shell now we're doing now we can do stop we can execute things I don't know Ruby but you can execute things on that host it's a ruby you can execute Ruby commands it's incredible so meterpreter has all sorts of really powerful stuff and you can kill processes from here you can migrate to another process so maybe you got into a system using a browser exploit and then you think that person's gonna close the browser so you can migrate to another you know process ID or something like that so try to stay in there so meterpreter is super cool and super helpful and I think that brings us to the end of this crash course on Metasploit oh just one last thing so we're gonna go out of here so you saw that we have our services we have we've got our our database here right what we're dealing with here is workspace this is a workspace a default workspace and if I do workspace - eh I don't know we have a new workspace now when I type works but you see two of them and we're actually in the lab one now so if I do services there's there's nothing here so a workspace is kind of like a blank slate for working with your database so you can go back to workspace default and type services and you'll see it all there again so if you want a fresh new database and just you can either delete the default workspace and don't create a new one for you or make a new one just make a brand new workspace to work on all right so I think that's it for just getting your feet dirty and hands dirty with Metasploit I hope you learned something and thank you for watching
Original Description
Metasploit cheat sheet: https://www.tunnelsup.com/metasploit-cheat-sheet/
This video will teach you the basics on getting started with metasploit.
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from Jack Rhysider · Jack Rhysider · 5 of 60
1
2
3
4
▶
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
XBee Basics - Lesson 3 - API Mode: Digital Input from Remote Sensor
Jack Rhysider
XBee Basics - Lesson 4 - API mode: Reading analog data from remote XBee
Jack Rhysider
XBee Basics - Lesson 5 - API mode: Send Digital Output to a Rmote XBee
Jack Rhysider
Diamond Model of Intrusion Analysis - An Overview
Jack Rhysider
Getting Started with Metasploit
Jack Rhysider
Darknet Diaries - Ep 1: The Phreaky World of PBX Hacking
Jack Rhysider
Ep 2: The Peculiar Case of the VTech Hacker
Jack Rhysider
Ep 5: #ASUSGATE
Jack Rhysider
Ep 7: Manfred Part 1: Hacking Online Video Games for Fun
Jack Rhysider
Ep 8: Manfred Part 2: Hacking Online Video Games for Profit
Jack Rhysider
Ep 12: Crypto Wars
Jack Rhysider
Highlights from ToorCamp 2018
Jack Rhysider
XBee Basics - Lesson 2 - Simple Chat Between Two XBess in AT Mode
Jack Rhysider
What Lives Behind The Blue Screen | Human Readable
Jack Rhysider
Top 7 Most Elite Nation State Hackers
Jack Rhysider
The Raven by Edgar Allan Poe
Jack Rhysider
Podcast Promotion Strategies that Work
Jack Rhysider
Top 7 Most Notorious Video Game Hackers
Jack Rhysider
8 Biggest Cyber Heists Ever Pulled Off
Jack Rhysider
10 Biggest Exit Scams of All Time
Jack Rhysider
The Hack That Made Google Shut Down | Darknet Diaries Ep. 19: Operation Aurora
Jack Rhysider
AT&T Charged Him $900 So He Took Down Their Network | Darknet Diaries Ep. 20: mobman
Jack Rhysider
A Clipboard is All You Need to Break Into a Building | Darknet Diaries Ep. 22: Mini-Stories Vol. 1
Jack Rhysider
Darknet Diaries (Theme Music) - True Stories From the Dark Side of the Internet
Jack Rhysider
Why an Innocent Man Confessed to Medical Extortion Hacking🎙Darknet Diaries Ep. 25: Alberto
Jack Rhysider
How to Get Your Podcast to the Top of Apple for $5🎙Darknet Diaries Ep. 27: Chartbreakers
Jack Rhysider
The Secret Hacking Unit of the Israeli Military🎙Darknet Diaries Ep. 28: Unit 8200
Jack Rhysider
Jon's Spooky Job Interview🎙Darknet Diaries CLIP ✂ (Ep. 119 Hot Wallets)
Jack Rhysider
He Took Control of 50,000 Printers With 3 Lines of Code🎙Darknet Diaries Ep. 31: Hacker Giraffe
Jack Rhysider
Hacking Is Life-or-Death When You Target a Hospital🎙Darknet Diaries Ep. 121: Ed
Jack Rhysider
The Sewage Incident - When Operational Technology Isn't Secure
Jack Rhysider
The Cybergang That Stole $1 Billion From ATMs🎙Darknet Diaries Ep. 35: Carbanak
Jack Rhysider
The New Guy at the Office Is a Secret Super Hacker🎙Darknet Diaries Ep. 36: Jeremy From Marketing
Jack Rhysider
Why Was This Bitcoin Millionaire Digging Tunnels Under His House?🎙Darknet Diaries Ep. 39
Jack Rhysider
It Shouldn't Be THIS Easy to Break Into a Utility Company🎙Darknet Diaries Ep. 40: No Parking
Jack Rhysider
The $30 Million Stock Market Hack🎙Darknet Diaries Ep. 123: Newswires
Jack Rhysider
How to Protect Your Crypto Assets From Thieves
Jack Rhysider
Sometimes the Best Hacking Tool Is Confidence🎙Darknet Diaries Ep. 41: Just Visiting
Jack Rhysider
The Scammer Who Got Rich Invoicing Facebook & Google for $100 Million🎙Darknet Diaries Ep. 124
Jack Rhysider
The Secret Signals Hiding at Hacking's Biggest Conferences🎙Darknet Diaries Ep. 43: PPP
Jack Rhysider
If You Don't Want to Get Hacked, Try Locking Your Doors🎙Darknet Diaries Ep. 125: Jeremiah
Jack Rhysider
The Most Epic Xbox Hacker Story You'll Ever Hear🎙Darknet Diaries Ep: 45 Xbox Underground (Part 1)
Jack Rhysider
How Hacking an Xbox Destroyed These Teens' Lives🎙Darknet Diaries Ep. 46: Xbox Underground (Part 2)
Jack Rhysider
The Ransomware Group That Went Too Far 🎙️ Darknet Diaries Ep. 126: REvil
Jack Rhysider
This Text Can Hack Your Phone, Even If You Never Open It🎙Darknet Diaries Ep. 47: Project Raven
Jack Rhysider
Her Never-Ending Quest to Make Zero Days Hard🎙Darknet Diaries Ep. 127: Maddie
Jack Rhysider
Rare Interview Where US Cyber Command Reveals Their Ops🎙Darknet Diaries Ep. 50: Op Glowing Symphony
Jack Rhysider
Inside the Cyber War for Kashmir🎙Darknet Diaries Ep. 51: The Indo-Pak Conflict
Jack Rhysider
How Hackers Jack Your Credit Card When You Shop Online🎙Darknet Diaries Ep. 52: Magecart
Jack Rhysider
Jammer! He Just Wanted Privacy, But This Little Device Caused Big Trouble
Jack Rhysider
Who Stole the NSA's Top Secret Hacking Tools?🎙Darknet Diaries Ep. 53: Shadow Brokers
Jack Rhysider
How a Blow-Up Doll Can Be Used To Break Into Buildings🎙Darknet Diaries Ep. 130: Jason's Pen Test
Jack Rhysider
How Bitcoin Tracers Rescued 23 Kids From Sex Abuse🎙Darknet Diaries Ep. 131: Welcome to Video
Jack Rhysider
The Dangerous Flaw in Windows XP's 45 Million Lines of Code🎙Darknet Diaries Ep. 57: MS08-067
Jack Rhysider
They Had Permission to Break In, So Why Are They In Jail?🎙Darknet Diaries Ep. 59: The Courthouse
Jack Rhysider
This Hacker Makes $160K a Day — After He Got Out of Federal Prison🎙Darknet Diaries Ep. 60: dawgyg
Jack Rhysider
He Fell Asleep Hacking Sea World and Woke Up in a World of Trouble🎙 Darknet Diaries Ep. 62: Cam
Jack Rhysider
"I rob banks for a living," but it's all totally legal🎙Darknet Diaries Ep. 66: Freakyclown
Jack Rhysider
Mom Hacked a Prison With a Clipboard & USB Stick🎙Darknet Diaries Ep. 67: The Big House
Jack Rhysider
Cyber Terror: Who Sabotaged This Saudi Chemical Plant?🎙Darknet Diaries Ep. 68: Triton
Jack Rhysider
More on: Security Basics
View skill →Related Reads
📰
📰
📰
📰
Why I built Contextia: stopping secrets before they reach AI chats
Dev.to AI
The Complete Web Application Penetration Testing Guide (2026)— Part 2
Medium · Cybersecurity
The Networking Problem Nobody Talks About (Until It’s Too Late)
Medium · Cybersecurity
Built an AI-Powered WAF for PHP/Laravel Apps in Africa — Here’s What It Catches
Medium · Programming
🎓
Tutor Explanation
DeepCamp AI