INTRODUCTION-
Metasploit Framework or MSF is a famous 'penetration testing suite' which is used by 'pentesters' worldwide and it's almost their first choice to start a 'pentest'. This pentesting suite consists of thousands of 'exploits' which actually are scripts or codes written in some 'scripting languages' like python, perl, ruby etc.
SHORT DEFINATIONS-
Pentesting: A peneration test or pentesting is a typical 'test' the most effective way to detect and identify the vulnerabilities in programs, operating systems, networks etc. so that the system/network wouldn't get compromised by the BH (black hat) hackers and doing so will ensure the system/network is up-to-date in terms of 'security'.
Vulnerability: It's basically a weakness in programs, OS modules, and even human mind (in terms of 'social engineering' which isn't covered in this thread) which can be used to exploit a system and network etc.
Exploit: Exploit is a piece of 'code' which, when executed on a 'vulnerable' machine/system compromises that system. In general, that system would be in hands of the attacker/pentester.
DOWNLOADS AND INSTALLATIONS-
NOTE: All codes should be entered in TERMINAL.
Metasploit Framework (community edition)
To download it, you may need to goto the link provided below and select the appropiate download either Linux or Windows (Linux recommended) as this tutorial will focus on debian Linux i.e. . So download the '.run' file.
Once downloaded, move that file into this directory-
"/home/your_username_here/Downloads/"
So it'd look like-
"/home/your_username_here/Downloads/metasploit-4.x.x.run"
Then you need to move the file metasploit-4.x.x.run which is actually a GUI installer by the way, to the ROOT directory i.e. " / " (the forward slash) and also set the file's attributes to be executed by ROOT and THEN execute the installer. But you'll need to be ROOT user. To do that either use the 'sudo' or login as ROOT.
Login as ROOT-
Using SUDO-
You'll be greeted with the cool logo of Metasploit. Further, click forward. Accept the license agreement and click forward. Select the folder where you wanna install MSF and click forward. Recommended location is in the image.
Now, click yes on the next prompt to 'register Metasploit as a service' and add it to the startup and click forward. Select the desired SSL port (default: 3790 is recommended) and click forward Name your server e.g. "dante-pc" (you can pick any) and click forward.
Installation should start now. It wouldn't take much long, just stare at it and it'll complete.
Sooner you'll see installation is finalizing.
Make sure the checkbox is ticked and click finish-
Your browser should open a link i.e. " " and you'll see a warning page like shown below. Don't panic! Simply click proceed anyway (on chrome) or I understand the risks, add an exception (in firefox) and add this page's certificate to your exception list and you'll be good.
Then, you'll see a page like shown below. Just wait some seconds and you'll be redirected to another page.
Now, as you're installing MSF for the first time, you've to activate it by registering and making a personal-use account. Simply click on Create Account and follow on-screen instructions.
Fill-up this simple form-
Now, click on the get activation key and follow the on screen steps to get the key on your e-mail that you'd provide and login using the user-password you made-
After logging in, you'll be there which you can call ADMIN-CP of your own MSF. You can manage many things from here. Just explore, they're self explicit. Then logout and get ready to see more interesting things.
Open-up a terminal by CTRL+ALT+T or by any means then get ROOT and update the MSF by entering following commands in the terminal-
After the update is complete, you can launch the MSF by following command.
Wait for about 30 seconds or more to let MSF load all its exploits and scripts etc. into memory. After that, you shall see something what's called the text version of MSF with cool ASCII art banner. Enter the following command to check whether or not the database is connected to MSF-. B-)
If your output matches the image below then everything is fine. If not so, then read futher-
Now, if your database isn't connected by any cause then what you have to do is, connect MSF to the 'postgresql database'.
NOTE: Read the next section below on how to configure 'postgresql database'.
Further reading:
And you're done!
PostgreSQL 9.1
We need it as it's the only database which is supported by MSF as of now. We need database to store 'informations' on our pentests, IP scans, vulnerability scans, etc.
After installing it, you've to make sure of two settings in the "postgresql.conf" as below-
If not so, change them by editing the configuration file-
Now we need to create a postgresql user, password, database and set the ownership of the postgresql database to the user we created. While this part is kinda not needed to be configured as the latest version of MSF i.e. 4.5 comes preconfigured with postgresql database so whenever you run MSF, you can always check the status of 'driver' being used and the database is connected to it (that'd be postgresql for sure) by the entering the following command in MSFCONSOLE terminal-
If, by any cause, the output of these two commands shown above is like- database not connected, or no driver specified or something like that; then you need to continue with the next piece of code written below. But, if everything seems fine, then you can completely skip this 'postgresql' part and head towards 'git'.
Now we need to set password authentication to access the postgres on localhost (127.0.0.1). For that, we need to edit the configuration file located in "/etc/postgresql/9.1/main/pg_hba.conf"
Now press CTRL+W and enter 'IPv4 local connections:' without quotes and press 'enter' to search where it is. When you get to that line, you have to change the two fields JUST below this line 'IPv4 local connections:'. Change:
Commands when you're a postgres user-
Commands to manage postgresql server-
And you're done with postgresql!
GIT
It's a program which will be used to update the MSF database as well as SET too so we need it.
SET (Social Engineering Toolkit) *optional*
It's a set of techniques and exploits of MSF which mainly targets the human mind to exploit and compromise a system/network. It isn't used in MSF but SET itself uses exploits of MSF.
NOTE:Mind the SPACE before set
Now move that downloaded directory named set to "/opt/pentest/set/"
and then UPDATE theset-
You can RUN the set in terminal by moving into the set folder and then running it as-
Noticed the warning? Sure you do. So what we've to do is simply edit the configuration file located at "/opt/pentest/set/config/set_config". Issue the command as ROOT (sudo su)-
Goto line highlighted in the image below and edit as it's in the image. Then press CTRL+O (to save) and CTRL+X (to exit) and your're done.
You may need to update it as well by command-
But you must not be running set when you update it.
Try running it again-
And we're done with set too!
And that's it! That's it for now guys.
More tutorials are coming. Stay tuned and do post your feedback, I'd love to see that.
Metasploit Framework or MSF is a famous 'penetration testing suite' which is used by 'pentesters' worldwide and it's almost their first choice to start a 'pentest'. This pentesting suite consists of thousands of 'exploits' which actually are scripts or codes written in some 'scripting languages' like python, perl, ruby etc.
SHORT DEFINATIONS-
Pentesting: A peneration test or pentesting is a typical 'test' the most effective way to detect and identify the vulnerabilities in programs, operating systems, networks etc. so that the system/network wouldn't get compromised by the BH (black hat) hackers and doing so will ensure the system/network is up-to-date in terms of 'security'.
Vulnerability: It's basically a weakness in programs, OS modules, and even human mind (in terms of 'social engineering' which isn't covered in this thread) which can be used to exploit a system and network etc.
Exploit: Exploit is a piece of 'code' which, when executed on a 'vulnerable' machine/system compromises that system. In general, that system would be in hands of the attacker/pentester.
DOWNLOADS AND INSTALLATIONS-
NOTE: All codes should be entered in TERMINAL.
Metasploit Framework (community edition)
To download it, you may need to goto the link provided below and select the appropiate download either Linux or Windows (Linux recommended) as this tutorial will focus on debian Linux i.e. . So download the '.run' file.
Once downloaded, move that file into this directory-
"/home/your_username_here/Downloads/"
So it'd look like-
"/home/your_username_here/Downloads/metasploit-4.x.x.run"
Then you need to move the file metasploit-4.x.x.run which is actually a GUI installer by the way, to the ROOT directory i.e. " / " (the forward slash) and also set the file's attributes to be executed by ROOT and THEN execute the installer. But you'll need to be ROOT user. To do that either use the 'sudo' or login as ROOT.
Login as ROOT-
Using SUDO-
You'll be greeted with the cool logo of Metasploit. Further, click forward. Accept the license agreement and click forward. Select the folder where you wanna install MSF and click forward. Recommended location is in the image.
Now, click yes on the next prompt to 'register Metasploit as a service' and add it to the startup and click forward. Select the desired SSL port (default: 3790 is recommended) and click forward Name your server e.g. "dante-pc" (you can pick any) and click forward.
Installation should start now. It wouldn't take much long, just stare at it and it'll complete.
Sooner you'll see installation is finalizing.
Make sure the checkbox is ticked and click finish-
Your browser should open a link i.e. " " and you'll see a warning page like shown below. Don't panic! Simply click proceed anyway (on chrome) or I understand the risks, add an exception (in firefox) and add this page's certificate to your exception list and you'll be good.
Then, you'll see a page like shown below. Just wait some seconds and you'll be redirected to another page.
Now, as you're installing MSF for the first time, you've to activate it by registering and making a personal-use account. Simply click on Create Account and follow on-screen instructions.
Fill-up this simple form-
Now, click on the get activation key and follow the on screen steps to get the key on your e-mail that you'd provide and login using the user-password you made-
After logging in, you'll be there which you can call ADMIN-CP of your own MSF.
You can manage many things from here. Just explore, they're self explicit. Then logout and get ready to see more interesting things.
Open-up a terminal by CTRL+ALT+T or by any means then get ROOT and update the MSF by entering following commands in the terminal-
After the update is complete, you can launch the MSF by following command.
Wait for about 30 seconds or more to let MSF load all its exploits and scripts etc. into memory. After that, you shall see something what's called the text version of MSF
with cool ASCII art banner. Enter the following command to check whether or not the database is connected to MSF-. B-)If your output matches the image below then everything is fine. If not so, then read futher-
Now, if your database isn't connected by any cause then what you have to do is, connect MSF to the 'postgresql database'.
NOTE: Read the next section below on how to configure 'postgresql database'.
Further reading:
And you're done!
PostgreSQL 9.1
We need it as it's the only database which is supported by MSF as of now. We need database to store 'informations' on our pentests, IP scans, vulnerability scans, etc.
After installing it, you've to make sure of two settings in the "postgresql.conf" as below-
If not so, change them by editing the configuration file-
Now we need to create a postgresql user, password, database and set the ownership of the postgresql database to the user we created. While this part is kinda not needed to be configured as the latest version of MSF i.e. 4.5 comes preconfigured with postgresql database so whenever you run MSF, you can always check the status of 'driver' being used and the database is connected to it (that'd be postgresql for sure) by the entering the following command in MSFCONSOLE terminal-
If, by any cause, the output of these two commands shown above is like- database not connected, or no driver specified or something like that; then you need to continue with the next piece of code written below. But, if everything seems fine, then you can completely skip this 'postgresql' part and head towards 'git'.
Now we need to set password authentication to access the postgres on localhost (127.0.0.1). For that, we need to edit the configuration file located in "/etc/postgresql/9.1/main/pg_hba.conf"
Now press CTRL+W and enter 'IPv4 local connections:' without quotes and press 'enter' to search where it is. When you get to that line, you have to change the two fields JUST below this line 'IPv4 local connections:'. Change:
Commands when you're a postgres user-
Commands to manage postgresql server-
And you're done with postgresql!
GIT
It's a program which will be used to update the MSF database as well as SET too so we need it.
SET (Social Engineering Toolkit) *optional*
It's a set of techniques and exploits of MSF which mainly targets the human mind to exploit and compromise a system/network. It isn't used in MSF but SET itself uses exploits of MSF.
NOTE:Mind the SPACE before set
Now move that downloaded directory named set to "/opt/pentest/set/"
and then UPDATE theset-
You can RUN the set in terminal by moving into the set folder and then running it as-
Noticed the warning? Sure you do. So what we've to do is simply edit the configuration file located at "/opt/pentest/set/config/set_config". Issue the command as ROOT (sudo su)-
Goto line highlighted in the image below and edit as it's in the image. Then press CTRL+O (to save) and CTRL+X (to exit) and your're done.
You may need to update it as well by command-
But you must not be running set when you update it.
Try running it again-
And we're done with set too!
And that's it! That's it for now guys.
More tutorials are coming.
Stay tuned and do post your feedback, I'd love to see that. 
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding