Metasploit Framework Database
Metasploit's back end is a PostgreSQL database and an essential part of using Metasploit, especially on Kali Linux is to make sure the database running. To run the database, use the following command:
Once the service has been started the database needs to be initialised with Metasploit:
To check that Metasploit is connected to the database, load up Metasploit and use the below:
There should be the response of: [*] postgresql connected to msf
Metasploit Workspaces
Workspaces as it sounds are spacing in where you can work from within Metasploit, in this context, it relates to the results of scans or he use of module output to be stored in the same place.
Using the "workspace" command form within Metasploit will display the workspaces that are active and have been created. The default one of:
The wildcard "*" presents the default workspace.
Interacting With Workspaces
To use a workspace, simply use the command "workspace" along with the workspace name:
Creating & Deleting Workspaces
To create a new workspace we can add the flags for "-a" for adding a new workspace or "-d" for deleting a workspace.
workspace -a ngs
Adding a workspace
workspace -d ngs
Deleting a workspace
Importing & Scanning
To utilise workspaces to their full potential, we can import scans from other tools to continue to have that centralised location of all of our results. For example we can import Nmap scans. To import an Nmap scan we use the db_import command:
<insert screenshot>
The other possibility is to run the scan directly from Metasploit itself by using the "db_nmap" command. Once you have specified the "db_nmap" flag you can continue to use it like you would with Nmap normally. For example:
When using Metasploit with Nmap we have the ability to use built-in command line like "hosts" that can interpret the scan results and pull out key information about the hosts identified during the scan. Like so:
<insert screenshot>
Backing Up Test Data
Creating output and backups of testing data is absolutely crucial for day-to-day activities as a Cyber Security Professional, especially within penetration testing.
To create a backup or to create an export of a workspace from Metasploit, we can use the following command:
<insert screenshot>
Using Built in Modules
One of the key commands within Metasploit when utilising the workspace functionality is "hosts". We can use the hosts command to pull very specific information, to add new hosts or delete hosts from the scope of testing. Or even, to import and use within other modules for Metasploit and set our target.
Pulling Information with Hosts
Metasploit will insert information into columns, and with the "hosts" command we can pull back very specific columns to obtain the information we need. For example, we may only be interested in the IP address and the OS version or, as Metasploit calls it "os_flavor".
<insert screenshot>
Using Hosts for RHOSTS
RHOSTS is Metasploit's way of saying targets, it stand for Remote Hosts (RHOSTS). If we want to use our hosts we have already gathered information from like before we use a command to input the
Creds Metasploit Command
As you will see later on in the course, Metasploit has certain modules that allow us as the end user to login into services, when using workspaces, Metasploit will automatically save those credential for us. To access the saved credentials we can use the command "creds".
<insert screenshots>
During the post-exploitation phase of a penetration test, we will naturally gather credentials, and if we wanted to add them into workspace we can use "-a" along with the credential parameters to add the credentials to the workspace.
Loot Command
When compromising targets, there are few commonly known objectives, such as:
Performing a password hash dump, within a Metasploit workspace will automatically save the contents in what is referred to as "loot". When running the "loot" command all of the post exploit modules we have run and have been successful the output will be saved within the loot area of Metasploit.
<insert screenshot>
