Shellfish Systems and Security

Share this post

Shellfish Systems and Security
Shellfish Systems and Security
Metasploit
Copy link
Facebook
Email
Notes
More

Metasploit

By the power of Grayskull...

BowTiedCrawfish
Mar 07, 2022

Share this post

Shellfish Systems and Security
Shellfish Systems and Security
Metasploit
Copy link
Facebook
Email
Notes
More
Share

Hello all! It’s been quite a while since my last post. I have been on vacation since finishing up my finals which has kept me from posting, but it’s time to get back into rhythm.

This week we’re gonna take a break from Sec+ and go over a fun tool called Metasploit. Metasploit is an exploitation framework designed for penetration testing. Its job is to automate tasks and integrate itself with preexisting tools (e.g. Nmap).

Metasploit should come free with any Kali install, but if you don’t have it then you can sudo apt install metasploit-framework.

There is a GUI option called Armitage, but if I catch you using it I will make fun of you publicly. You are a cybersecurity pro, so use a terminal!

Modules

Metasploit contains a hierarchy of tools branched into modules. As mentioned before, Metasploit is a framework. Therefore, it is the manager of all of the tools found in these modules.

There are four main/root modules:

  • Auxiliary

    • Used for enumeration and information gathering.

    • Examples include man-in-the-middle attacks, port scanning such as Nmap.

  • Exploit

    • Deliver exploited code to the target system.

    • These are usually a list of previously found exploits that can be used maliciously such as EternalBlue.

  • Payload

    • The malicious payload that is bundled with an exploit.

    • Examples include reverse TCP shells (like Meterpreter) or reverse HTTP shells.

  • Post

    • Post-exploitation modules such as SSH tunneling or SQL injections.

TLDR: Modules = tools.

For example’s sake, let’s try out a module.

Launch Metasploit either through your toolset on your GUI or with sudo msfconsole in your terminal. If it’s your first time running it, you may need to run sudo msfdb init.

You should be prompted with a terminal, and you can use modules from here.

msf6 > use auxiliary/scanner/portscan/tcp

This preps you for using the port scanning tool. Every tool has options or settings which you can view with show options.

Notice how RHOSTS does not have a current setting. We can adjust this using set.

You can scan one of my VPSs at 45.33.25.169. I don’t mind, but my VPS provider might get upset.

msf6 auxiliary(scanner/portscan/tcp) > set RHOSTS 45.33.25.169

You can type show options one more time to see that this option is now set.

There are a lot of ports that are being scanned, so let’s shorten that up to a sane number.

msf6 auxiliary(scanner/portscan/tcp) > set PORTS 21,22,80-3306,8080

If you want to go back to an option’s default value, you can use unset.

To execute the module, simply insert run. (exploit is also synonymous).

msf6 auxiliary(scanner/portscan/tcp) > run                                                                                                                                                                                                      [+] 45.33.25.169:         - 45.33.25.169:21 - TCP OPEN                                                                  [+] 45.33.25.169:         - 45.33.25.169:22 - TCP OPEN                                                                  [+] 45.33.25.169:         - 45.33.25.169:1720 - TCP OPEN                                                                [*] 45.33.25.169:         - Scanned 1 of 1 hosts (100% complete)                                                        [*] Auxiliary module execution completed

This was just a simple port scan, but there are thousands of tools that exist within Metasploit. You can even write your own!

Exploitation is a 3-step process.

  • Executing the appropriate exploit.

  • Uploading the appropriate payload.

  • Running post-exploitation modules.

Metasploit gives you the framework to do each of these.

This should be obvious, but the listed exploits under the msfconsole will only work on machines that aren’t patched yet. I’m not saying that you should figure out what machines at your local library are unpatched, but you can try.

Another thing you should know; the example above was a long arduous process. Let’s spice it up with some one-liners (everyone loves those, right?).

msfconsole -x "use auxiliary/scanner/portscan/tcp; set RHOSTS 45.33.25.169; set PORTS 21,22,80-3306,8080; run"

You can even write a .pc script file to have your own exploitation scripts.

use exploit/windows/smb/psexec
set RHOST 192.168.0.15
set SMBUser user
set SMBPass password
run

That’s about it for this post. I thought that I would hash this out before I drive back home and continue back on the graduation grind. I encourage you all to try things and play around with Metasploit. You learn best by doing, so have some fun (but don’t break any laws!).

Go!

-BowTiedCrawfish

Share this post

Shellfish Systems and Security
Shellfish Systems and Security
Metasploit
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 BowTiedCrawfish
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More