Penetration Testing: Phase 3- Exploitation: Part 2:
Ethical hacker uses Metasploit Framework for Security Testing
Security is a big concern for an organization, So most of companies hires Pen tester or Ethical hacker to secure data an organization. They use Penetration testing tools and different type of techniques to find out vulnerabilities in website, application or database. Metasploit is a big framework used for Testing, managed by Rapid7. There are two editions of Metasploit, one is Metasploit Pro has price and another is Metasploit Community is free.
Are you using Ubuntu Download Metasploit?
It is simple question, and if the answer Yes, and still want to use Metasploit on ubuntu you have to download from Rapid7
If you are using Kali Linux. Then you dont need to download metasploit It comes with Kali Linux by default you should follow given instructions.
Start, Restart, and Stop Metasploit services:
Before the launch Metasploit it is necessary to start Metasploit service. Before start the Metasploit service first check the status of service. Then the tester can start, restart and stop Metasploit by following commands.
#service metasploit status
#service metasploit start
#service metasploit restart
#service metasploit stop
If the User start the Metasploit service first time, He have to start postgresql service first similar metasploit postgresql service can be start, restart, and stop by following commands
#service postgresql start
#service postgresql restart
#service postgresql stop
#service postgresql status.
Launching Metasploit in Kali Linux
Metasploit has four working interface for the user, Pentester can use variety of ways to access Metasploit. For the learner who don’t have solid command over control of Metasploit, It is recommended to use graphical interface. The Graphical User Interface is accessed by selecting “Measploit Community/Pro” from the main menu:
Applications > Kali Linux > Exploitation > Metasploit > Metasploit Community/Pro
By default the user will used a web browser with URL address: https://localhost:3790/ . When the Metasploit runs in to browser, the tester will be prompt with an error message “Connection is Untrusted”. It happens because Metasploit don’t have a valid security certification. Click on “I Understand the Risks”, Click on the next option “Add Exception”. When new screen will be opened, click on the “Confirm Security Exception” to continue process.
Update the Database for Metasploit:
Metasploit is developed by Rapid7, There are limited updates for community users. It is necessary to update the Metasploit database before use every time. Metasploit database can be updated by using following command.
User can update metasploit by GUI interface. If a pentester running web interface, Select “software Update” option from the upper right-hand side of Web page of Metasploit. Next screen will be displayed select “Check for Updates”. Metasploit will start download and install updates on the system if available. It is recommended that service of Metasploit be restarted. Restart the browser then reopen the Metasploit Web Intrface.