Conducting a penetration test with Metasploit

Now that we've set up Metasploit 5, we are ready to perform our first penetration test. However, before we start the test, let's recall some of the essential functions and terminologies used in Metasploit Framework.

Recalling the basics of Metasploit

After we run Metasploit, we can list all the useful commands available by typing help or ? in the Metasploit console. Let's recall the basic terms used in Metasploit, which are as follows:

• Exploits: This is a piece of code that, when executed, will exploit the vulnerability of the target.
• Payload: This is a piece of code that runs on the target after successful exploitation. It defines the actions we want to perform on the target system.
• Auxiliary: These are modules that provide additional functionalities such as scanning, fuzzing, sniffing, and much more.
• Encoders: Encoders are used to obfuscate modules to avoid detection by a protection mechanism such as an antivirus or a firewall.
• Meterpreter: Meterpreter is a payload that uses in-memory DLL injection stagers. It provides a variety of functions we can perform on the target, which makes it a popular choice.

Now, let's recall some of the basic commands of Metasploit that we will use in this chapter. Let's see what they are supposed to do:

Let's have a look at the basic Meterpreter commands as well:

Since we have now recalled the basic Metasploit commands, let's have a look at the benefits of using Metasploit over traditional tools and scripts.

Important Note

If you are using Metasploit for the very first time, refer to https://github.com/rapid7/metasploit-framework/wiki for more information on the basic commands.