This is the third in a five part series on the fundamentals of Metasploit that I wrote back in 2014.  While some of the specifics have changed over time, the series still provides a good overview for the new user of Metasploit.

Links to all of the articles are listed below:

• Part 1: Metasploit Overview and Tools
• Part 2: The Metasploit Console
• Part 3: Pivoting with Metasploit
• Part 4: Metasploit Dynamic Shellcode Generation
• Part 5: Scripting Metasploit

Overview

If you’ve been following along so far with these articles you have learned about the tools and features that are included with the Metasploit Framework, and possibly even compromised a test system and opened a Meterpreter session.  This article will discuss a common next step after the initial compromise: pivoting to an internal network.

Continue reading “Metasploit Fundamentals (3 of 5) – Pivoting with Metasploit” →

This is the first in a five part series on the fundamentals of Metasploit that I wrote back in 2014.  While some of the specifics have changed over time, the series still provides a good overview for the new user of Metasploit.

Links to all of the articles are listed below:

• Part 1: Metasploit Overview and Tools
• Part 2: The Metasploit Console
• Part 3: Pivoting with Metasploit
• Part 4: Metasploit Dynamic Shellcode Generation
• Part 5: Scripting Metasploit

Overview

In this article we are going to take a look at the most frequently used component of the Metasploit Framework: the Metasploit Console.  While you can certainly get to everything in the console from direct command line access, when you are first starting up you’ll likely want something to help you navigate through all the options that Metasploit has, find settings, configure exploits, manage sessions.  If you haven’t read Part 1 of this series, Metasploit Overview and Tools, it is highly recommended that you do so at this time to get a base familiarity with the terms and concepts that we will be discussing here.

Continue reading “Metasploit Fundamentals (2 of 5) – The Metasploit Console” →

This is the first in a five part series on the fundamentals of Metasploit that I wrote back in 2014.  While some of the specifics have changed over time, the series still provides a good overview for the new user of Metasploit.

Links to all of the articles are listed below:

• Part 1: Metasploit Overview and Tools
• Part 2: The Metasploit Console
• Part 3: Pivoting with Metasploit
• Part 4: Metasploit Dynamic Shellcode Generation
• Part 5: Scripting Metasploit

Overview

This series of articles is written for the novice hacker or information security professional who is just getting started with Metasploit.  Odds are that you’ve heard about it previously; every news article that talks about a new exploit invariably mentions something along the lines of “… and there is already a module for it in Metasploit, the hacker’s tool of choice.”  Maybe you’re not sure exactly what Metasploit really can do though, or why it has become a must-have tool to those in our industry.  This article will help you gain that knowledge, and provide the baseline for the remaining four articles in the series.

Continue reading “Metasploit Fundamentals (1 of 5) – Metasploit Overview and Tools” →