Linux Commands

Metasploit Installation and Basic Commands

“This tutorial explains how to install and get started with basic Metasploit commands in Linux with a real scenario example.

Metasploit is vulnerabilities and exploits collection for security audit and vulnerability exploitation. This tool helps system administrators to test network and device security. It also allows inexperienced users to execute attacks against targets easily.

All instructions described in this document include screenshots, making it easy for readers to understand and apply them.”

What is PostgreSQL, How it is Useful When Using Metasploit, and How to Install it

When a target is scanned to find vulnerabilities or exploited through a security hole, collected information is saved in a database to be imported and used by other pentesting tools. Of course, those who execute pentesting tasks can save the information manually, but keeping pentesting results properly ordered in a database is helpful for tracking the activity, increasing productivity, and easing pentesting tasks.

The database management system supported by Metasploit is PostgreSQL, and while it is not mandatory when using Metasploit, it is highly recommended to install it. Using Metasploit without a database management system is not a smart decision. Therefore this tutorial begins with instructions on how to install PostgreSQL prior to installing Metasploit.

Installing PostgreSQL on Debian Based Linux Distributions (CentOS below)

On Debian and its based Linux distributions like Ubuntu, you can easily install PostgreSQL using the apt packages manager as shown in the following screenshot.

Note: CentOS users can find instructions to install PostgreSQL on CentOS below.

On Debian/Ubuntu run the following command.

sudo apt install postgresql postgresql-contrib

sudo systemctl start postgresql

Instructions to Install PostgreSQL on CentOS

To install PostgreSQL on CentOS, run the command shown below.

sudo yum install postgresql-server postgresql-contrib

Then initialize the database by running the following command.

service postgresql initdb

Start the service using systemctl as shown below.

sudo systemctl start postgresql

Installing Metasploit in Linux

To install Metasploit in Linux, run the command shown below.

sudo curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && chmod 755 msfinstall && ./msfinstall

After installing Metasploit, you need to initialize it; the initialization process will create the database to connect to PostgreSQL. Run the following command to initialize Metasploit.

Note: When executing the command below, you will be asked if you want to initialize the Metasploit web service to interact with Metasploit through the REST API. Since it is not required and many users complain about problems when dealing with the webservice, which is not relevant to using Metasploit, I typed the “No” option.

msfdb init

Once Metasploit is initialized, start it by running the command shown in the image below.

msfconsole

Before starting with Metasploit, check if it was successfully connected to the database by executing the following command.

db_status

As you can see, Metasploit successfully connected to the database; we can proceed with Metasploit basic commands. If you get errors when trying to connect, read about Metasploit database troubleshooting commands here.

Getting Started With Metasploit Basic Commands

This section explains Metasploit basic commands, including a practical real scenario usage example.

The table below shows Metasploit most commonly used commands with a brief explanation. After the table, you can see how commands are applied in a real scenario.

Metasploit command Brief description
msfconsole This command executes Metasploit
search This command is used to find modules and exploits by name
use The use command is used to select modules and exploits
show options Show module or exploit options
set RHOSTS <Target(s)> This command is used to define targets
set PORTS <Ports> This command is used to define ports
set THREADS <Threads> This command is used to define threads
run The run command is used to execute modules
back The back command moves you back to the previous directory
db_nmap<Flags><Target(s)> The db_nmap command allows you to use integrated Nmap
set RPORT <Target> This command is used to define ports
info The info command prints module or exploit information
exploit The exploit command executes the selected exploit
exit The exit command closes the session from target or exits Metasploit
load The load command is used to load plugins
unload The unload command is used to unload plugins
cd This command is used to change the current selection
Help / ? Both help command and ? symbol explains commands usage

Metasploit Basic Commands Practical Example

This section shows a practical example of the first 14 Metasploit commands listed in the previous table.

The target assigned IP address in this example is 192.168.0.101.

To start, run Metasploit with the following command.

msfconsole

To begin, I will run a port scan against the target to discover open ports. Metasploit includes several port scanners as auxiliary modules we can choose to scan targets.

To find Metasploit available port scanners auxiliary modules, the search command is used, followed by the module type or keyword. In this case, we are looking for a portscan; therefore, we need to run the command shown in the image below.

search portscan

As you can see in the previous screenshot, we have different port scanners for different purposes. In this case, I want to run a TCP scan using the auxiliary/scanner/portscan/tcp module.

To select the chosen module, I will execute the use command, followed by the path to the module as shown below.

use auxiliary/scanner/portscan/tcp

Once the module is selected, we need to know its required or available options before using it, for which we will use the show options command as shown in the screenshot below.

show options

From the module options listed in the image above, I will use RHOSTS to define the target IP address, PORTS to define a ports range, and THREADS to define the number of simultaneous tasks. Then I will start the scan process by executing the run command.

Except for the run command used in this example, RHOSTS, PORTS, and THREADS options must be preceded by the set command depicted in the Metasploit basic commands table.

The RHOSTS option syntax to define a target is shown below, where <Target(s)> must be replaced with one or more target hosts or IP adresses. In my case, as shown in the following figure, the target IP address is 192.168.0.101.

set RHOSTS <Target(s)>

Below you can see the PORTS option syntax, where <Ports> must be replaced by the port or port range you want to scan. For this example, I defined a port range from 20 to 100.

set PORTS <Ports>

The THREADS option allows you to define the number of threads; I selected 10.

set THREADS <Threads>

After defining the previously mentioned options, I execute the scan using the run command. You can see the entire process in the following figure.

run

As you can see, ports 23, 21, 22, 25, 53, and 80 are open in the target. But I want to know the service versions listening on each open port, for which I will use Nmap within Metasploit.

I will use the back command to move back to the initial context for a more comfortable view.

back

As I said, the previous scan output reported open ports. But I want to learn more about the services behind these open ports using Nmap.

The db_nmap command executes Nmap from Metasploit. In the example below, I will launch a footprinting scan. In this tutorial, I won’t explain Nmap flags, but you can learn footprinting with Nmap in this article we have published at LinuxHint.

The syntax is simple, execute db_nmap followed by the desired flags and the target IP address as shown below.

db_nmap -sC -sV -O 192.168.0.101

As you can see in the previous figure, the FTP service version running in port 21 is vsftpd 2.3.4.

After learning our target is running vsftpd, we can use the search command to see available resources to execute an attack against the identified software.

search vsftp

Metasploit returned an available exploit (exploit/unix/ftp/vsftpd_234_backdoor) we can use against the FTP server vsftpd 2.3.4.

Previously I executed the use command to select a module. Now I will execute the use command to select the available exploit, as shown in the figure below. The syntax is the same; run the use command followed by the exploit full path.

use exploit/unix/ftp/vsftpd_234_backdoor

After selecting the exploit, I will execute the show options command to display the exploit options.

show options

As you can see in the previous figure, the options are RHOSTS to define the target and RPORT to define ports. Both target and port are already selected. The target is fetched from our previous activity, while the port is the default FTP port; if it were different, I would run the set RPORT <Port> option to change it.

The info command shows additional information about the selected exploit or module. Below you can see an example of the info command output.

info

If you wanted to define a different target, you would run the following command.

set RHOSTS 192.168.0.101

Once target and port are defined, run the exploit command to launch the exploit.

exploit

As you can see, I got a remote shell in the target. The ls command shows the main target directories. The target was successfully hacked.

To disconnect from the target, I run the exit command.

exit

To exit Metasploit, also use the exit command.

exit

That’s all for now; the example given above includes the most used commands for you to get started with Metasploit.

Metasploit and PostgreSQL Troubleshooting Commands

Many users complain about problems when connecting to the database. Here I list some commands you can use if problems arise when connecting Metasploit to the database.

msfdb troubleshooting commands Description
service postgresql restart Restart PostgreSQL
msfdbreinit Remove and reinitialize the database
msfdb delete Remove the database
msfdbinit Initialize the database (run after msfdb delete)
msfdb status Show the database status
msfdb run Start the database and execute Metasploit

If you have problems, try to use the commands in the table order. First, try to restart PostgreSQL. If that does not work, try to reinitialize the database. If the problem persists, remove the database and reinitialize it. Use the msfdb status command to check the status after each command.

Conclusion

Metasploit is one of the most popular pentesting tools for security auditing. Together with Nmap, it leads to multitasking security resources. Metasploit can be used both for defensive and offensive purposes. As you can see, using it is not difficult; users only need to incorporate a little practical knowledge if they are already familiar with networking and programming. Metasploit is also available for Mac OS and Microsoft Windows.

Thank you for reading this tutorial explaining the Metasploit installation and basic commands. Keep following us for more Linux professional tips and tutorials.

About the author

David Adams

David Adams is a System Admin and writer that is focused on open source technologies, security software, and computer systems.