Metasploit - Ultimate Hacker Tool

Metasploit

I'm not actually going to go into detail on how to run Metasploint. A simple google search will give you an explosion of results on the many things you can do. I will however point you to the resources directly on the Metasploit site.

Documentation and Installation Instructions

To get Metasploit running on Ubuntu, I had to do the following.

apt-get install ruby libruby rdoc libyaml-ruby libzlib-ruby libopenssl-ruby libdl-ruby libreadline-ruby libiconv-ruby rubygems

These Directions can be found here.

I also had to install libgtk2-ruby and libglade2-ruby 

Then, download metasploit from here, untar it to your programs directory, or wherever you put your new programs. Then move into that directory.

cd /yourdirectory/framework-3.1/

Do an ls, you should see a lot of ms* flles. Go ahead and execute msfconsole, msfgui, and msfweb. All three of these do the same thing, and you can decide which graphical interface you like the best. Being that I am still learning the program, I chose msfgui. Here are some screenshots. It is pretty straightforward. Choose the exploint you want to try out, then pop in the IP of the machine you want to run the exploint against. Crazy!

 So, what if you don't have a machine on your network that you want to run exploits against? Yeah, its probably a good though. My recommendation is to run windows in a VM. In Vmware, I do this by running an XP vm and used "host only networking" rather then bridged. This isolates the network connection so that the virtual XP box can only speak to my computer, not to the rest of the world.

Keep in mind, you had to set up host only networking durring the vmware installation on linux machines. If you want to go back and set it up, you will need to run the vmware-config.pl script again and set up host only networking. You should choose a private subnet different then the one you are using. For instance, on my real network we use 10.1.1.1 private IPs, so for my virtual hosts, I'm going to use 192.168.1.1, so I do not get the two confused.

If you don't have an XP virtual machine, but you do have a box running XP at home, why not run the free Vmare converter found at vmware.com, and convert your physical box into a virtual machine!

Once you have all this set up, load up a vulnerable program on your machine. You should take a snapshot of the machine first, then run metasploit against it, and see if you can hack it. This is how we learn to hack, la la la la.