Study Record/Cybersecurity
[HTB Academy] Using The Metasploit Framework Notes (1)
Sungyeon Kim
2025. 2. 1. 14:20
1. Discipline
1) We will never have enough time to complete the assessment.
2) Credibility can be an issue even if we make our tools or manually exploit every service.
3) You only have to impress yourself, not the infosec community. As security researchers or penetration testers, we only must validate vulnerabilities, not validate our ego.
2. Metasploit Architecture
1) Modules
yeon0815@htb[/htb]$ ls /usr/share/metasploit-framework/modules
auxiliary encoders evasion exploits nops payloads post2) Plugins
yeon0815@htb[/htb]$ ls /usr/share/metasploit-framework/plugins/
aggregator.rb ips_filter.rb openvas.rb sounds.rb
alias.rb komand.rb pcap_log.rb sqlmap.rb
auto_add_route.rb lab.rb request.rb thread.rb
beholder.rb libnotify.rb rssfeed.rb token_adduser.rb
db_credcollect.rb msfd.rb sample.rb token_hunter.rb
db_tracker.rb msgrpc.rb session_notifier.rb wiki.rb
event_tester.rb nessus.rb session_tagger.rb wmap.rb
ffautoregen.rb nexpose.rb socket_logger.rb3) Scripts
yeon0815@htb[/htb]$ ls /usr/share/metasploit-framework/scripts/
meterpreter ps resource shell4) Tools
yeon0815@htb[/htb]$ ls /usr/share/metasploit-framework/tools/
context docs hardware modules payloads
dev exploit memdump password recon
3. Introduction to MSFconsole
1) Launching MSFconsole
- We can use -q option, which does not display the banner.
yeon0815@htb[/htb]$ msfconsole -q
msf6 >
2) Updating MSF
yeon0815@htb[/htb]$ sudo apt update && sudo apt install metasploit-framework
<SNIP>
(Reading database ... 414458 files and directories currently installed.)
Preparing to unpack .../metasploit-framework_6.0.2-0parrot1_amd64.deb ...
Unpacking metasploit-framework (6.0.2-0parrot1) over (5.0.88-0kali1) ...
Setting up metasploit-framework (6.0.2-0parrot1) ...
Processing triggers for man-db (2.9.1-1) ...
Scanning application launchers
Removing duplicate launchers from Debian
Launchers are updated