Gaining access with Metasploit

Cracking password hashes (representations) saved in the database via built-in Metasploit functionality.

Using Metasploit to create malicious documents and using a social engineering attack to phish user credentials from unsuspecting Windows users.

How to use Metasploit to gain remote access to Linux targets, collect credentials and crack password hashes all within the framework.

How to use Metasploit to gain remote access to a Windows target, collect credentials and crack password hashes.

We cover how to use exploits to compromise a vulnerable system and how to collect password hashes and crack them to reveal the plain-text password, all within the Metasploit framework.

Welcome to Lab 3. Gaining access with Metasploit.In this lab, students will learn how to use the Metasploit Framework to compromise Windows and Linux systems by exploiting software vulnerabilities and system misconfigurations, all from within the framework.- We will set up our database by placing all the database setup commands in a script.- Create a workspace for lab3 to keep your data organized.- We will use db_nmap to portscan targets and automatically update our database of hosts, services, and vulnerabilities as we go.- We will enumerate our Linux and Windows targets and research potential avenues of attack based on the information added to the database.- We will identify a software vulnerability and search Metasploit for an exploit that we can use to compromise the target and obtain remote command shell access.- We will also gain access to Linux and Windows targets by exploiting weak password policies and gain access without the use of any remote code execution exploits, as in the real world, this is a far more likely scenario you will encounter.