Metasploit
Metasploit, the great exploitation tool is included in Kali linux along with its powerful frontend armitage. Both are easy to run by clicking from the Kali Linux menu. Will show you the steps in this post, if you are new to it.
Metasploit has a command line interface called msfconsole, and a web interface too. To run msfconsole or armitage first start the metasploit pro service. To do that just click on the menu option Kali Linux > System Services > Metasploit > community / pro start. This will start the metasploit web and rpc servers and also setup the database and its users, when running for the first time.
The output would look something like this.
[ ok ] Starting PostgreSQL 9.1 database server: main. Configuring Metasploit... Creating metasploit database user 'msf3'... Creating metasploit database 'msf3'... insserv: warning: current start runlevel(s) (empty) of script `metasploit' overrides LSB defaults (2 3 4 5). insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `metasploit' overrides LSB defaults (0 1 6). [ ok ] Starting Metasploit rpc server: prosvc. [ ok ] Starting Metasploit web server: thin. root@kali:~#
On the first run, it would configure metasploit by creating the database and its users for metasploit. From next run onwards it will just start the postgresql server and the metasploit server.
So remember to start the metasploit pro service everytime before using msfconsole or armitage.
The database credentials are stored in the following file
/opt/metasploit/apps/pro/ui/config/database.yml
Launch msfconsole
Now start msfconsole by typing it in the terminal.
root@kali:~# msfconsole +-------------------------------------------------------+ | METASPLOIT by Rapid7 | +---------------------------+---------------------------+ | __________________ | | | ==c(______(o(______(_() | |""""""""""""|======[*** | | )=\ | | EXPLOIT \ | | // \\ | |_____________\_______ | | // \\ | |==[msf >]============\ | | // \\ | |______________________\ | | // RECON \\ | \(@)(@)(@)(@)(@)(@)(@)/ | | // \\ | ********************* | +---------------------------+---------------------------+ | o O o | \'\/\/\/'/ | | o O | )======( | | o | .' LOOT '. | | |^^^^^^^^^^^^^^|l___ | / _||__ \ | | | PAYLOAD |""\___, | / (_||_ \ | | |________________|__|)__| | | __||_) | | | |(@)(@)"""**|(@)(@)**|(@) | " || " | | = = = = = = = = = = = = | '--------------' | +---------------------------+---------------------------+ Frustrated with proxy pivoting? Upgrade to layer-2 VPN pivoting with Metasploit Pro -- type 'go_pro' to launch it now. =[ metasploit v4.6.0-dev [core:4.6 api:1.0] + -- --=[ 1068 exploits - 670 auxiliary - 179 post + -- --=[ 277 payloads - 29 encoders - 8 nops msf >
Check the database status by running 'db_status'.
msf > db_status [*] postgresql connected to msf3 msf >
Now that metasploit is connected to the database searches of all kind should be fast.
Metasploit web interface
Metasploit also got a web interface which runs on port 3790. It can be accessed at the following url
https://localhost:3790/The web interface requires you to register on metasploit website and get a product/license key. Two editions of the license are currently available, community and pro.
Armitage
Armitage is a java based gui frontend to metasploit that has a bunch of additional features too. Now that metasploit service is running, its easy to launch armitage as well. Just click from the menu Kali Linux > Exploitation Tools > Network Exploitation > armitage.
Or just type armitage in the terminal and hit enter.
It will popup a dialog box asking for the connection credentials. You do not need to change anything here unless you have configured things differently. Just click 'Connect'.
Next it would ask to start Metasploit RPC server. Click 'Yes'. The metasploit rpc server starts on port number 55553. Then a progress box would come up which will take a little bit of time, so just wait. Within a minute or two, armitage would start and the window would come up.
Make sure to first start metasploit pro service, because it starts postgresql database server. Without it armitage would not start.
I typed msfpayload but its shows command not found
Thank you for explaining that! This is my first time using armitage, so the login box really confused me.
i typed msfconsole in the terminal after starting postgresql and metasploit but I don’t see anything.it stays blank.plz help me with the issue
when i type in msfconsole , nothing happens.
just wait longer… it will start.