Metasploit Framework is a powerful penetration tool used to probe for vulnerabilities in networks and servers. It hunts for weak points in servers and the information gathered is used to find solutions for protecting networks or servers. Metasploit come as open source and commercial fully supported versions. It can be used from the command line or the graphical interface. Below are Metasploit Framework interfaces:

  • msfconsole – an interactive command line interface (widely used)
  • msfcli – A literal Linux command line interface
  • Armitage – A Gui-based third party application
  • msfweb – browser based interface

Install Metasploit Framework on Linux Mint 20

Follow the below steps to install and use Metasploit Framework on Linux Mint 20

Step 1: Update your system packages

First ensure your Linux Mint packages are up to date by running the following commands:

sudo apt update
sudo apt dist-upgrade
sudo apt autoremove
sudo reboot

Step 2: Install Metasploit framework on Linux Mint 20

We are going to install in the /tmp directory.

cd /tmp
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall

Once downloaded, make the file executable

chmod +x msfinstall

Now run the executable file to install Metasploit framework on Linux Mint 20

sudo ./msfinstall

Once installation is complete create and initialize the msf database.

$ msfdb init

You should see an output as below:

Step 3: Launch Metasploit

Run the command as shown to launch msfconsole

$ msfconsole

Output

Step 4: Update Metasploit

To update Metasploit, run the below command on msfconsole

$ sudo msfupdate
Updating package cache..OK
Checking for and installing update..
Reading package lists… Done
Building dependency tree       
Reading state information… Done

Step 5: How to use Metasploit Framework

Next we are going to look some of the basic commands to get us started with Metasploit

msf6 > help

The ‘help’ commands outputs all the commands to be used with metasploit, some as shown below:

Note that this help menu can also be accessed with ‘?’

Check DB status

It is important to ensure the db status is connected to be able to use the database.

msf6 > db-status
[*] Connected to remote_data_service: (https://localhost 5443). Connection type: http. Connection name: local-https-data-service.

msf6 > use

‘Use’ command enable loading a module to use. For example if you wish to use exploit/windows/browser/adobe_flash_avm2 module, an exploit that takes advantage of one of the many vulnerabilities in the Adobe Flash plug-in, we run:

msf6 > use exploit/windows/browser/adobe_flash_avm2
msf6 exploit (exploit/windows/browser/adobe_flash_avm2) >

msf6 > show

The show commands helps in showing what is available for the loaded module as shown in the example below:

msf6 > show payloads

Shows all the payloads compatible with the chosen exploit.

To display all of the options that need to set before running the module. These options include such things as IP addresses, URI path, the port, etc.

msf6 > show options

Sample output

Display a list of targets that the exploit will work against.

msf6 > show target 

Example

msf6 > info

The ‘info’ command displays information about the exploit module as shown below:

msf6 > set

This is used to set options for the selected module. Example we are setting default SRV port from 8080 to 80.

msf6 > set SRVPORT 80

‘unset’ command does the opposite of set

msf6 > unset SRVPORT

msf6 > exploit

Once we have set the exploit and the necessary options, the last command is exploit. It sends an exploit to the target and installs payload.

msf6 > back

Used to take us back one step in our process

msf6 > exit

Used to exit msfconsole

I hope this guide is useful in getting started with Metasploit Framework on Linux mint 20. Enjoy your usage!

Security related courses:

$12.07
$144.78
in stock
Udemy.com
$21.72
$144.78
in stock
Udemy.com
$12.07
$120.65
in stock
Udemy.com
$12.07
$90.48
in stock
Udemy.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

twenty − 13 =