{"id":384,"date":"2025-11-17T20:00:52","date_gmt":"2025-11-17T20:00:52","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/isaac-huston\/?page_id=384"},"modified":"2025-11-17T20:11:19","modified_gmt":"2025-11-17T20:11:19","slug":"metasploit-framework-exploitation-guide","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/isaac-huston\/skills\/penetration-testing-and-exploitation\/metasploit-framework-exploitation-guide\/","title":{"rendered":"Metasploit Framework Exploitation Guide"},"content":{"rendered":"\n

Documents exploit module use, payload configuration, and validation of successful compromise. Reflects practical offensive testing ability.<\/p>\n\n\n\n

Metasploit is launched from the terminal using:\n\n```bash\nmsfconsole\n````\n\n---\n\n## 1. Key Metasploit Commands\n\n### Help Menu\n\nDisplays core commands and module usage:\n\n```bash\nhelp\n```\n\n### Search\n\nFinds modules by name, platform, service, or type:\n\n```bash\nsearch name:apple type:exploit\n```\n\n### Module Information\n\nShows details about a module, including description, platform, targets, required options, and references:\n\n```bash\ninfo exploit\/apple_ios\/browser\/safari_libtiff\n```\n\nMetasploit supports full tab completion for all module paths and commands.\n\n---\n\n## 2. Exploit and Auxiliary Module Structure\n\nModules are organized in a directory hierarchy such as:\n\n```\nexploit\/<platform>\/<service>\/<module>\nauxiliary\/<scanner>\/<protocol>\/<module>\n```\n\nExploits are ranked by reliability:\n\n* excellent\n* great\n* good\n* normal\n* average\n\nHigher-ranked modules are typically more stable and predictable.\n\n---\n\n## 3. Using Modules\n\n### Load a Module\n\n```bash\nuse <path\/to\/module>\n```\n\nExample:\n\n```bash\nuse auxiliary\/scanner\/ftp\/ftp_login\n```\n\n### Display Module Options\n\n```bash\nshow options\n```\n\nOptions marked as **required** must be set before running the module.\n\n### Set Module Options\n\n```bash\nset <OPTION> <value>\n```\n\nExample:\n\n```bash\nset RHOSTS 10.1.16.9\nset USER_FILE \/media\/cdrom0\/Lab14\/top13-bad-usernames.txt\nset PASS_FILE \/media\/cdrom0\/Lab14\/top13-bad-passwords.txt\n```\n\nUSER_FILE and PASS_FILE contain one username or password per line.\nUSERPASS_FILE can be used for paired credentials in `user:password` format.\n\n### Run the Module\n\n```bash\nrun\n```\n\nAfter execution, Metasploit reports:\n\n* successful logins\n* connection failures\n* authentication attempts\n\n---\n\n## 4. Example: FTP Login Scanner\n\nLoad the module:\n\n```bash\nuse auxiliary\/scanner\/ftp\/ftp_login\n```\n\nSet required options:\n\n```bash\nset RHOSTS 10.1.16.9\nset USER_FILE \/path\/to\/usernames.txt\nset PASS_FILE \/path\/to\/passwords.txt\n```\n\nVerify configuration:\n\n```bash\nshow options\n```\n\nExecute the scan:\n\n```bash\nrun\n```\n\nThis module attempts to authenticate to the target FTP service using supplied credentials and outputs any valid username\/password pairs.\n\n---\n\n## 5. Other Useful Scanners\n\nMetasploit includes additional authentication scanners that operate similarly:\n\n* SSH\n\n  ```bash\n  use auxiliary\/scanner\/ssh\/ssh_login\n  ```\n\n* Telnet\n\n  ```bash\n  use auxiliary\/scanner\/telnet\/telnet_login\n  ```\n\n* SMB\n\n  ```bash\n  use auxiliary\/scanner\/smb\/smb_login\n  ```\n\n* SMTP\n\n  ```bash\n  use auxiliary\/scanner\/smtp\/smtp_enum\n  ```\n\nEach scanner requires setting:\n\n* RHOSTS\n* USER_FILE and PASS_FILE (or USERPASS_FILE)\n* any protocol-specific fields shown in `show options`\n\n---\n\n## Metasploit Workflow\n\n1. Launch msfconsole\n2. Search for modules\n3. Load a module with `use`\n4. Set required options\n5. Run the module\n6. Review results\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Documents exploit module use, payload configuration, and validation of successful compromise. Reflects practical offensive testing ability.<\/p>\n","protected":false},"author":30346,"featured_media":0,"parent":328,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/isaac-huston\/wp-json\/wp\/v2\/pages\/384"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/isaac-huston\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/isaac-huston\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/isaac-huston\/wp-json\/wp\/v2\/users\/30346"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/isaac-huston\/wp-json\/wp\/v2\/comments?post=384"}],"version-history":[{"count":4,"href":"https:\/\/sites.wp.odu.edu\/isaac-huston\/wp-json\/wp\/v2\/pages\/384\/revisions"}],"predecessor-version":[{"id":389,"href":"https:\/\/sites.wp.odu.edu\/isaac-huston\/wp-json\/wp\/v2\/pages\/384\/revisions\/389"}],"up":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/isaac-huston\/wp-json\/wp\/v2\/pages\/328"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/isaac-huston\/wp-json\/wp\/v2\/media?parent=384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}