So I've been using some of my spare time to experiment with and learn
how to use Metasploit. I've been familiar with Metasploit for a while
now, so this isn't really about learning something new so much as it is
finally getting familiar with a tool that I've messed with only a little
in the past. Part of this is because I have no programming projects to
occupy myself with since I have a real problem finding an interesting
problem or project that I can code a solution for. Metasploit is also
something I feel I should know how to use, if I ever want to run a quick
pentest against my own network, etc.
Metasploit, to be really simple is a "free"
suite of penetration testing software. It gives you a framework full of
tools needed to scan networks, find their vulnerabilites, exploit them,
and keep track of what you find. Running it requires all the skill of
your average skiddie, which is good, because I'm mainly a sysadmin who
dabbles in infosec.
The best way to learn any piece of software is to use it, but with
something like Metasploit, you kind of need a target network, and you
don't necessarily want to exploit your own production boxes, and even if
you did, assuming you've "hardened" and patched your services reasonably
well, it will be difficult to get very far with Metasploit knowing very
little about it. Thankfully, the community has provided a solution
aptly named Metasploitable. Metasploitable
is a virtual machine image that runs in VirtualBox
(also "free") which contains a preconfigured Ubuntu Server that is
intentionally unpatched or has "vulnerablities included". This allows
you to practice against the target host through multiple vectors to try
and gain full root access or compromise it some other way.
So you you have a machine to target, now you just need Metasploit, you
of course could just download and install it, but I have found the best
way is to run BackTrack Linux which
comes with Metasploit and other tools preinstalled. I personally also
run this in a virtual box instance, although you could simply run it
natively off the liveCD or install it on a computer you have available.
You have Metasploit, and you have a machine to practice using it
against, now you just need a guide to use it all. Well, MetaSploit is
pretty well documented by itself, but what was recommended to me is the
course provided by Offensive Security that guides you through the
various features of MetaSploit and later exercises you can use. The only
caveat I've found is that many of the Windows examples obviously don't
work well against Metasploitable, being Linux, although I suppose you
could spin up an unpatched Windows XP or 2000 instance to mess with as
I'm only partially through a few chapters of the Metasploit Unleashed
course and have already learned quite a bit. Maybe later I'll share some
of what I've learned that I've found very useful here.