Lab 11.1: The Metasploit Framework - morgan-hanrahan/Tech-Journal GitHub Wiki

Important Metasploit Commands

• sudo msfconsole: Start Metasploit
• search namegoeshere: Search for exploits
  • Example: search phpmyadmin
• use exploitpathhere or use exploitIDnum: Use exploit found
• show payloads: See available payloads
• set payload payloadNameorID: select specific payload
• exploit: Start a session using the exploit
• options: See syntax
• background: Get out of session, but leave it running
• sessions -i: Show active sessions
• sessions -i sessionIDnumhere: Return to active session

Setting Parameters

set RHOSTS targetIPhere 
set TARGETURI targetdirectoryhere 
set LHOST locallisteningIPhere 
set LPORT locallisteningporthere 
set username usernamehere 
set password passwordhere 

Reflection

This lab was one of my first experiences with Metasploit. I had used it briefly in the prior lab, which greatly aided me with the second section of this lab, as it was practically the same thing I had done previously. Aside from that, I found this lab to be quite beneficial, and I learnt a lot about the fundamentals of Metasploit and exploit discovery. Overall, the process was really simple and uncomplicated. After finishing this, I can clearly see the benefits of it over the long route we were taking earlier.