Metasploit basics - Beginners guide to hacking and penetration testing (2017)

Beginners guide to hacking and penetration testing (2017)

Metasploit basics:

When it comes to hacking, Metasploit is one of many "must have" tools for your arsenal. Metasploit comes in both a Pro and Community edition and offered by Rapid7 (https://www.rapid7.com/products/metasploit/download). The tool is so popular it will typically come bundled with most, if not all pentesting OS' (Kali, Backtrack, Blackbox, Parrot, etc). With over 1500 exploits it's easy to see why Metasploit is so popular! When combined with things like Nmap scanning, Nessus, Google operators, and Google Hacking Database you have a very powerful toolset

Metasploit demo:

For this demonstration we will be using Kali Linux and Metaspoitable running in a VM.

On our Kali Linux machine, we start up a Zenmap scan. You can initiate a Zenmap scan by starting the Terminal then typing zenmap. From the scan we can see that it's running VNC. We will use this as our point of attack.

Next we want to start Metasploit by typing msfconsole into the Terminal. This will bring up the Metasploit terminal (the GUI version is armitage).

Next, let's make sure that our target is running VNC, we will do this with the following command: use

scanner/vnc/vnc_none_auth

Next we do: show options

This will show us the required options and settings. We can see the RHOSTS is missing, we need to add our target computer's IP

To set the target's IP we type: set RHOSTS 192.168.126.130

If we enter: help we can see the various commands

The first thing we want to do from here is check to see if our target is indeed running VNC.

Running exploit we can see VNC is running on the target.

Opening a new Terminal we enter vncviewer to launch the viewer and enter the target IP. For the password field we are going to try the VNC default password: password. We could also determine this by running a Nessus scan or we could have ran a Hydra scan.

Now we have VNC access into our target.