A Ruby project that is filled with tons of exploits. It makes exploits easy. Allows you to find exploits for any vulnerabilities you may have found.

Manual Start

root@kali:~# service postgresql start
root@kali:~# msfd start 
root@kali:~# msfconsole
root@kali:~# db_status

Main Steps

1. Recon, finding your targets and their vulnerabilities
2. start msfconsole
3. select exploits
4. show options to configure exploit
5. select payload
6. show options and configure payload
7. exploit

Example Payload Tasks

• Software install
• Open connections
• Backdoors
• Create new users

Commands

use ~~~ msfconsole > use [Auxillary/Exploit/Payload] ~~~ show ~~~ msfconsole > show [exploits/payloads/encoder/auxillary] ~~~ set & run ~~~ msfconsole > set [options/payload]

msfconsole > run ~~~ exploit ~~~ msfconsole > exploit ~~~ search ~~~ msfconsole > search [exploit_keyword/CVE] ~~~

Meterpreter

• In order to escalate privileges in metasploit we can use Meterpreter.
• We can try and escalate by using the session command

msfconsole exploit(blah/blab/blah) > sessions
msfconsole exploit(blah/blab/blah) > sessions -u [session#]

• From Meterpreter we can do a few other things apart from the system manipulation.
• We can use getuid and getpid