I’ve blogged about Metasploit before. Metasploit is a framework for exploits and comes with tools like port scanners, password crackers and more.
These days you can learn a lot of skills on Youtube, and tutorials about Metasploit are among them. For example, I follow the Hak5 channel and they have a series of 37 videos called Metasploit Minute, hosted by Mubix (aka Rob Fuller). This series of videos take you from installation of Metasploit (on Windows, Linux and Mac) to .. hacking with it.
(Youtube’s playlist plays the newest videos first, so it’s best to go to the bottom of the list and work your way up.)
To work with Metasploit I had two approaches:
- Download a Kali Linux VirtualBox. It’s got Metasploit Community edition on it.
- Follow Mubix’ example to setup Metasploit Framework.
The big advantage of Kali Linux is that it’s already installed for you. Metasploit Community edition is an entry level version of Metasploit however. There are more Metasploit editions.
If you want to use Metasploit Community edition however, you need an activation code. Now if you are a US or Canadian citizen, you’ll get that immediately after you’ve left your personal information. But if you are a non-US citizen, they want to check first if you’re not falling under export regulations. You’ll receive the activation code within about a day (Pacific times), if you are granted access. I was called afterwards by a salesperson of Rapid7, and we had a nice chat of what I intend to do with Metasploit.
Now I think Metasploit Framework does not require an activation code. I’ve followed Mubix’ example of installing it:
And unfortunately I hit a snag and I’m still working on that. At one point I need something called bundler, but I can only get a version that’s too old for Metasploit Framework. To be continued.