Welcome Back
Viewers!!!!
Today I’m going
to give a small introduction about METASPLOIT framework.
What Is Metasploit?
Metasploit is
among the most widely used exploitation tools in the hacking/security field.
It's used by both novices and advanced professionals. Metasploit has
consistently ranked among the top ten since its inception and currently ranks
second. This should give you some idea of how important Metasploit is in the
security community.
Metasploit is a
self-described "framework" for cyber exploitation. As a framework, it
eases the effort to exploit known vulnerabilities in networks, operating
systems and applications, and to develop new exploits for new or unknown
vulnerabilities.
Metasploit has
developed a Meterpreter that when loaded into a target system, makes
maintaining access and controlling the target much easier. As such, every
self-respecting hacker (and even those without self-respect) should have some
basic knowledge of Metasploit. This series of articles will initially focus on
conferring at least a rudimentary understanding of how Metasploit works and how
it can be utilized by the hacker/penetration tester to own the box, download
data and cover your tracks.
Metasploit was
developed in 2003 as an open source project by H.D. Moore. Originally developed
in PERL, the developer team rewrote Metasploit in Ruby in 2007. This is
critical, because you need to have Ruby on your system in order to run Metasploit
and to develop your own exploits.
After many years
of success in the hacker/penetration tester community, it was purchased by
Rapid7 in 2009. After its purchase, the Metaspoloit framework was split into
three versions. Two are commercial versions; Metasploit Express and Metasploit
Professional, the latter selling for $1800. These two have nice GUIs and
numerous bells and whistles, including the automation of several attacks, but
there is still a free and open source community edition known as the Metasploit
Community.
Some independent
developers at Armitage have created a free and open source GUI for Metasploit
that is both beautiful and elegant, for those that prefer the point-and-click
mode of operation. There is a Windows version of Metasploit, but many of the
features (raw IP packet injection, wireless driver exploitation, SMB relaying
attacks, etc.) are unavailable in the Windows environment, though some of these
limitations can be overcome by using Cygwin or running Windows in a virtual environment
on Linux. I prefer LINUX because it is the mostly used operating system by
hackers.
Download and Install :
The first step in
our process is to download and install Metasploit. Although there is a Windows
version, I will focus on the Linux version because of its greater flexibility
and capability. Let's walk through the download and installation
Download it from
below links
for Windows(64-bit)
users .
Now you are ready
with the .exe or .run file.
Lets go further
and install.
Before you can
run the installer, you need to make it executable. In the terminal, you must
change the mode to execute (x) for Metasploit:
chmod
+x framework-4.*-linux-full.run
And now execute
the installer by getting root privileges by typing sudo and ./ with the name of
our package:
sudo
./framework-4.*-linux-full.run
You should then
be prompted for your root password. After entering that, you should get a
screen that looks something like this:
Click Forward
and accept Terms & Conditions.
You can choose to
install the Automatic Updates(not mandatory, but good to have it)
Here, Metasploit
is asking whether you want to insert a different service script. You can just
accept the default and hit Forward.
Be patient now;
it will take Metasploit a few minutes to install and build your database. After
it's done, you are ready to run Metasploit. Simply type:
msfconsole
Finally, you
should be greeted by this screen.
You have now
successfully installed the world’s best open source exploit framework and you
are ready to begin system/network exploitation and penetration testing!
Keep watching for
more tricks that can be performed with this tool.
Have a Good
Day..!!
Hi! I am Ajay Kumar Kalva, Currently serving as the CEO of this site, a tech geek by passion, and a chemical process engineer by profession, i'm interested in writing articles regarding technology, hacking and pharma technology. 
