Metasploit Framework is a powerful penetration tool used to probe for vulnerabilities in networks and servers. It hunts for weak points in servers and the information gathered is used to find solutions for protecting networks or servers. Metasploit come as open source and commercial fully supported versions. It can be used from the command line or the graphical interface. Below are Metasploit Framework interfaces:
- msfconsole – an interactive command line interface (widely used)
- msfcli – A literal Linux command line interface
- Armitage – A Gui-based third party application
- msfweb – browser based interface
Install Metasploit Framework on Linux Mint 20
Follow the below steps to install and use Metasploit Framework on Linux Mint 20
Step 1: Update your system packages
First ensure your Linux Mint packages are up to date by running the following commands:
sudo apt update sudo apt dist-upgrade sudo apt autoremove sudo reboot
Step 2: Install Metasploit framework on Linux Mint 20
We are going to install in the /tmp directory.
cd /tmp curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
Once downloaded, make the file executable
chmod +x msfinstall
Now run the executable file to install Metasploit framework on Linux Mint 20
Once installation is complete create and initialize the msf database.
$ msfdb init
You should see an output as below:
Step 3: Launch Metasploit
Run the command as shown to launch msfconsole
Step 4: Update Metasploit
To update Metasploit, run the below command on msfconsole
$ sudo msfupdate Updating package cache..OK Checking for and installing update.. Reading package lists… Done Building dependency tree Reading state information… Done
Step 5: How to use Metasploit Framework
Next we are going to look some of the basic commands to get us started with Metasploit
msf6 > help
The ‘help’ commands outputs all the commands to be used with metasploit, some as shown below:
Note that this help menu can also be accessed with ‘?’
Check DB status
It is important to ensure the db status is connected to be able to use the database.
msf6 > db-status [*] Connected to remote_data_service: (https://localhost 5443). Connection type: http. Connection name: local-https-data-service.
msf6 > use
‘Use’ command enable loading a module to use. For example if you wish to use exploit/windows/browser/adobe_flash_avm2 module, an exploit that takes advantage of one of the many vulnerabilities in the Adobe Flash plug-in, we run:
msf6 > use exploit/windows/browser/adobe_flash_avm2 msf6 exploit (exploit/windows/browser/adobe_flash_avm2) >
msf6 > show
The show commands helps in showing what is available for the loaded module as shown in the example below:
msf6 > show payloads
Shows all the payloads compatible with the chosen exploit.
To display all of the options that need to set before running the module. These options include such things as IP addresses, URI path, the port, etc.
msf6 > show options
Display a list of targets that the exploit will work against.
msf6 > show target
msf6 > info
The ‘info’ command displays information about the exploit module as shown below:
msf6 > set
This is used to set options for the selected module. Example we are setting default SRV port from 8080 to 80.
msf6 > set SRVPORT 80
‘unset’ command does the opposite of set
msf6 > unset SRVPORT
msf6 > exploit
Once we have set the exploit and the necessary options, the last command is exploit. It sends an exploit to the target and installs payload.
msf6 > back
Used to take us back one step in our process
msf6 > exit
Used to exit msfconsole
I hope this guide is useful in getting started with Metasploit Framework on Linux mint 20. Enjoy your usage!
Security related courses: