Our social:

Introduction to Metasploit for penetration testing

Hello friends ..!! Welcome to HackHackers..!!

Introduction :

Metasploit Framework is a loophole. Its full name is called The Metasploit Framework, referred to is called MSF. As the world's most popular Metasploit tool, not only because of its convenience and powerful, more important is its frame. It allows users to develop their own vulnerability scripts, for testing.


Requirements :

Before using Metasploit, we have to ensure that their equipment can achieve the following requirements, which include both hardware and software.

Hardware : Make sure your computer or VM has reached the following requirements.

Hard disk space : If you want to use Metasploit, first you have to make sure you have 10GB of storage space. Because Metasploit will use some large files. Make sure the time is not in the partition to FAT32 partition type. Because FAT32 does not support large files to run. My suggestion is NTFS, ext3 partitions or other types. My suggestion is that you have the best use of space 30GB.

Memory : Kali on the recommendations of memory to do a lot to explain, in fact, as long as your memory is equal to or greater than 2GB, you can use various versions of the Kali the system.
Before using Metasploit, we have to ensure that their equipment can achieve the following requirements, which include both hardware and software.

Hardware : Make sure your computer or VM has reached the following requirements.

Hard disk space : If you want to use Metasploit, first you have to make sure you have 10GB of storage space. Because Metasploit will use some large files. Make sure the time is not in the partition to FAT32 partition type. Because FAT32 does not support large files to run. My suggestion is NTFS, ext3 partitions or other types. My suggestion is that you have the best use of space 30GB.

Memory : Kali on the recommendations of memory to do a lot to explain, in fact, as long as your memory is equal to or greater than 2GB, you can use various versions of the Kali the system.

Processor : official system explained, as long as the processing speed of the processor is greater than or equal to 400MHz can use Kali system. However, I recommend a minimum of 500MHz

Network Equipment : You can use cat5 interface accessible. Please make sure your network equipment have DHCP, if not, then please assign IP for your own kali. Of course, you can also use a wireless network, but please for your wireless network card installed corresponding driver.
Software : It is recommended that users install two operating systems. One is a kali system, one is a victim of the system or test system. The reason for this is security personnel can easily do some testing.

VM : Our recommendation is to use a virtual machine to run kali system. VMware Player can be said to be the best choice. This software is free, users only need to register to be able to use. Of course, you can also select other virtual machines, but my advice is VMware.

Kali Linux : in front of me did not introduce kali system. Let us talk about this system now. Kali is a linux system package. Kali system is that this system is a little collection of a lot of good security tools, while these tools upgrade. Which also includes the Metasploit. You can download Kali Linux system at:

https: //www.kali.org/downloads/.

Metasploitable  : Maybe you met a lot of linux systems, but do not know how to use those linux vulnerabilities. Fortunately, Metasploit development team is aware of this problem. They produced a Metasploitable system. This system contains a loophole large and small linux is very suitable as a test system. Both to improve technology, but also to "self-obscenity" look. Metasploitable now have second version, here is the download address.

Introduction to Metasploit structure : 

Let's look at a picture below. Because professional terminology more, some key terms I will not translate, to prevent the impact of articles and academic correctness.


System files and libraries

MSF system files via a very intuitive way arrangement, and unfolded the way through the catalog. Now I say it describes each directory.

data directory: inside the store some files can be edited, mainly to use Metasploit
documentation directory: MSF provide some introductory documentation, etc.
external directory: source files and third-party libraries
The main part of the MSF framework: lib directory
modules directory: MSF module storage location
plugins directory: storage Metasploit plugin
scripts directory: storage Meterpreter Code (shell code) or other script files
tools directory: Various useful command-line tool

Storehouse

 1.Rex Library
     - The most basic form
     - network sockets, network application protocol client and server implementation, logging                       subsystem
     - SSL, SMB, HTTP, XOR, Base64, Unicode
2. Msf :: Core Library
    - provides some basis for comparison of the API interface
    - In order to define the framework of the MSF
3. Msf :: Base
   -provides some additional and simple API interface

Module and location


  • The main Metasploit module position in the /usr/ share/metasploit-framework/modules/directory.
  •  Generally user settings   ~/.msf4/modules/

Metasploit Object Module

In MSF inside, all the modules are conducted through written language ruby
That's it friends..!! If you have any doubt then you can share your comments below ..!!