WEBVTT 00:00.970 --> 00:04.810 Modules are the core components of the Metasploit framework. 00:05.050 --> 00:12.100 A module is a piece of software that can perform a specific action, such as scanning or exploiting 00:12.100 --> 00:12.700 a target. 00:13.180 --> 00:20.890 Each task that you perform using Metasploit is defined within a module to access the Metasploit framework. 00:21.070 --> 00:22.150 You need an interface. 00:22.990 --> 00:28.390 MSF console is the most popular interface to the Metasploit framework. 00:28.930 --> 00:37.510 It provides an all in one centralised console and allows you efficient access to virtually all the options 00:37.540 --> 00:39.250 available in Metasploit. 00:40.200 --> 00:47.990 By the way, MSF castle may seem intimidating at first, but once you learn the syntax, you'll appreciate 00:48.000 --> 00:48.660 its power. 00:49.140 --> 00:51.150 Let's see how to use it efficiently. 00:51.780 --> 00:57.990 To see a summary of its usage option execute MSF cancel minus H. 01:00.090 --> 01:01.440 These are its options. 01:03.190 --> 01:07.660 And to start it just execute MSF castle if a terminal. 01:15.880 --> 01:19.120 Once in MSF council we can run Linux. 01:19.120 --> 01:20.830 Cummings Like in a normal shell. 01:26.610 --> 01:32.910 For example, if we want to check the network connection to the target, it's not necessary to open 01:32.910 --> 01:36.030 a new technology because we can ping it from here. 01:40.460 --> 01:47.360 Let's check again the IP address, the Metasploit, the IP address and from within MSF console, I'm 01:47.360 --> 01:49.050 running ping minus C2. 01:49.070 --> 01:52.460 I'm sending only two being packets and the IP address. 01:56.150 --> 01:56.570 Great. 01:57.470 --> 02:05.390 The Metasploit Castle is designed to be fast and easy to use and one of its most useful feature step 02:05.390 --> 02:06.050 completion. 02:06.680 --> 02:14.750 There are lots of Metasploit modules available and it can be difficult to remember the exact name impact 02:15.050 --> 02:19.610 of the particular module you want to use as in the bash shell. 02:19.790 --> 02:27.140 Entering what you know and pressing tap twice will present you with a list of options available or will 02:27.140 --> 02:28.700 autocomplete the string? 02:28.880 --> 02:30.530 If there is only one option. 02:31.730 --> 02:33.110 For example, use. 02:34.460 --> 02:34.820 Yeah. 02:35.570 --> 02:37.550 And double taps. 02:43.760 --> 02:45.620 He's completing the path. 02:46.220 --> 02:53.570 Let's go ahead and talk about the MSF council commits to display a list of all available comings, along 02:53.570 --> 02:56.510 with a description of what they are used for. 02:56.750 --> 02:59.630 Type help or a question mark and hit enter. 03:03.160 --> 03:05.380 Let's take a look at some important comments. 03:05.830 --> 03:08.650 There are hundreds of modules incomings available. 03:09.070 --> 03:15.790 Once again, a module is a piece of software that can perform a specific action, such as scanning or 03:15.790 --> 03:19.040 exploiting each task that you can perform. 03:19.060 --> 03:21.880 Using Metasploit is defined within a module. 03:22.270 --> 03:23.200 Keep this in mind. 03:23.500 --> 03:26.740 To view a list of the exploits that are available. 03:26.920 --> 03:28.960 Execute show exploits. 03:29.830 --> 03:35.500 If you have a general idea of what you are looking for, you can search for it via the search command. 03:35.950 --> 03:40.870 The search comment will locate the string you are searching for. 03:41.050 --> 03:45.280 Within the module names, descriptions or references. 03:47.000 --> 03:48.370 Search ethics. 03:50.060 --> 03:51.350 Search windows. 03:52.720 --> 03:53.140 Sorry. 03:54.040 --> 03:55.330 Search windows. 03:59.280 --> 04:01.020 600. 04:02.500 --> 04:10.720 These payloads, exploits or auxiliaries are all related to Android devices. 04:11.590 --> 04:17.340 You can further narrow your search results by using other keywords or subcommittees. 04:18.100 --> 04:19.870 Lexi The Help for Search. 04:23.680 --> 04:28.510 For example, I am searching for windows exploits related to skill. 04:30.670 --> 04:32.110 Search platform. 04:34.030 --> 04:35.170 Colin Windows. 04:40.290 --> 04:40.740 Name? 04:40.950 --> 04:42.720 Colin Eskil. 04:44.200 --> 04:45.760 In Pipe Colon. 04:46.880 --> 04:47.450 Exploit. 04:53.870 --> 04:59.630 All of these are exploits related to a skill that runs on Windows. 05:01.220 --> 05:10.220 Platform narrows down the search to models that affect a specific platform and type Lexus filter by 05:10.220 --> 05:10.940 module type. 05:11.540 --> 05:18.980 There are more module types such as exploit payload, evasion, encoder or auxiliary. 05:19.940 --> 05:24.380 To dive deeper into an exploit, you can use the info command. 05:24.800 --> 05:30.950 It will provide you with detailed information about the particular module, including all options, 05:30.980 --> 05:32.750 targets and other information. 05:33.170 --> 05:37.670 For example info exploit windows. 05:38.690 --> 05:39.320 Postgres. 05:40.360 --> 05:41.950 And Postgres payload. 05:46.390 --> 05:50.920 And you see here detailed information about this particular exploit. 05:52.650 --> 05:53.610 Now pay attention. 05:53.790 --> 06:01.320 My advice is to always read the manual help before using it because not doing so could have bad results. 06:01.650 --> 06:03.450 You could simply break a running system. 06:03.750 --> 06:09.000 Metasploit is not just simulating the exploit, but actually running it. 06:10.330 --> 06:18.010 And remember, not all Metasploit modules are included in Metasploit update, but only those developed 06:18.010 --> 06:22.810 and approved by Rapid7, the company that develops Metasploit. 06:24.110 --> 06:30.500 If you have developed a new module or found one on GitHub, you will need to edit manually. 06:32.270 --> 06:32.780 All right. 06:32.930 --> 06:35.480 That was an overview of MSF canceled. 06:35.900 --> 06:41.990 In the next lecture will see how to use the modulus and what is the common Metasploit workflow? 06:42.590 --> 06:43.640 I'll see you right away.