Exploits & Vulnerabilities with Introduction to Metasploit

Exploits and Vulnerabilities

In computer security, a vulnerability is a weakness which can be exploited by a Threat Actor like an attacker, to perform unauthorized actions within a computer system. These vulnerabilities have to be managed to inform the developers to patch it. Vulnerability management involves identifying,classifying,remediation and mitigating vulnerabilites in computer systems. The well known CVE (Common Vulnerabilities and Exposures) system is used to record and maintain the system. It is a database of vulnerabilities found in software packages. CVEs come with their own identifier of the format > > CVE Prefix + Year of Discovery + Arbitrary Digits >


Metasploit is a popular penetration testing tool maintained by Rapid7. It has a collection of all the well known vulnerabilities and exploits in software packages with their PoCs(Proof Of Concepts). These PoC scripts can be directly used by Penetration Testers. Metasploit also has a graphical version called Armitage. Exploiting any system involves the following steps:

1.Reconnaissance of the system. (With tools like Nmap)

2.Choosing the appropriate exploit.

3.Choosing and configuring the payload. (Code that will be executed on the system after successful entry)

4.Encoding the payload to avoid detection by the system firewalls or antivirus softwares and to remove the bad characters that may cause the exploit to fail.

5.Executing the exploit.

You can get Metasploit’s Open Source version here.

Follow the instructions to install Metasploit. If you are on a Penetration Testing based OS like Kali Linux or Parrot OS, Metasploit comes pre-installed.

Start the Metasploit console with msfconsole. Metasploit downloads the exploits and vulnerabilites database from its servers and stores it offine. Make sure your offline Metasploit database is kept updated.

help will give you more information about using msfconsole.

show exploits will list out all the available exploits in the database. To search for a selected exploit use search software_package_name to get the list of available vulnerabilites and exploits.

Using the exploit is simple. (Ensure that you mention the exact path of the exploit while using it. )

For example: use exploit/linux/ssh/symantec_smg_ssh

show info will give information about what the exploit does,the author of the exploit,parameters required etc.

Type show options to know the parameters that are required for the exploit.

Using this for the above exploit produces:

      Module options (exploit/linux/ssh/symantec_smg_ssh):
       Name   Current Setting  Required  Description
       ----   ---------------  --------  -----------
       RHOST                   yes       The target address
       RPORT  22               yes       The target port
    Exploit target:
       Id  Name
       --  ----
       0   Symantec Messaging Gateway 9.5

(RHOST indicates the host on which the exploit will be executed)

We set the RHOST IP address by set RHOST (The IP address) For any exploit make sure that you necessarily fill in all the required parameters. To run the exploit enter run or exploit Metasploit will then give the status of the exploit. Here are some of the important commands in Metasploit

  • host website -> Gives the IP info

  • use exploit name -> Use the given exploit

  • search something -> Get exploit related information

  • show exploits-> Shows all the exploit related information

  • show options->Gives the exploit options

  • set SETTINGS -> Set the given exploit options

  • run->Runs the exploit

  • back->Go back

  • exploit-> Start the exploit

  • ?->help

  • show payloads -> Lists all the playloads

  • set payload name -> Sets the payload

  • mfsupdate-> Update metasploit

Chaitanya Rahalkar
Graduate Student

Masters in Cybersecurity student at Georgia Tech.