Overview
This room introduces the Metasploit Framework, its main module categories, and the basic concepts you need before using it in practical exploitation. The focus is not deep exploitation yet, but understanding how Metasploit is organized and how msfconsole is used during an engagement.
Core idea: Metasploit is not just an exploit launcher. It is a framework for scanning, exploitation, payload delivery, and post-exploitation, all through a consistent interface.
1) Metasploit Versions
The room distinguishes between two versions of Metasploit:
- Metasploit Pro: commercial version with more automation and a GUI.
- Metasploit Framework: the open-source command-line version used in AttackBox and common pentesting distributions.
For PT1 and most hands-on learning, the important one is Metasploit Framework.
2) Core Terms
Before using modules, you need the three key terms clear:
- Vulnerability: the flaw in the target.
- Exploit: code or logic that abuses that flaw.
- Payload: what runs on the target after exploitation succeeds.
Practical distinction: the exploit gets you in; the payload decides what you can do once you are in.
3) Main Components of the Framework
The room highlights three major pieces:
msfconsole: the main interactive interface.- Modules: exploits, scanners, payloads, post modules, and more.
- Tools: standalone utilities such as
msfvenom, with some exploit-development tools also bundled.
This structure makes Metasploit useful across the full attack chain, from information gathering through post-exploitation.
4) Module Categories
The framework organizes modules by purpose. The room introduces the most important ones:
- Auxiliary: scanners, crawlers, fuzzers, and other support functions.
- Exploits: modules designed to abuse vulnerabilities on target systems.
- Payloads: code that executes after successful exploitation.
- Post: modules used after access is gained.
- Encoders: re-encode payloads, historically used to try to avoid simple signature detections.
- Evasion: modules intended to help bypass defensive controls.
- NOPs: no-operation components often used as padding in payload workflows.
5) Payload Types
The payload section is especially important because Metasploit splits payloads into several types:
- Singles: self-contained payloads that do not need to fetch anything else.
- Stagers: establish the connection and prepare for the full payload.
- Stages: larger secondary components delivered after the stager.
- Adapters: wrappers that repackage payloads in different formats such as PowerShell.
The room also shows the naming convention difference between single and staged payloads.
generic/shell_reverse_tcp uses an underscore and represents a single payload.windows/x64/shell/reverse_tcp uses a slash and represents a staged payload.
6) Msfconsole Basics
msfconsole is the primary way you interact with the framework.
- Launch it with
msfconsole.
- It provides access to all module searching, configuration, and execution.
- It also allows you to run some normal system commands from inside the console.
Useful point: Metasploit behaves a bit like a shell, but the real value is the module workflow: search, select, configure, and run.
7) Why This Matters for PT1
This room is foundational rather than exploit-heavy. Its value is in making the framework less opaque before later rooms use it more directly.
- Understand where scanners live.
- Know the difference between an exploit and a payload.
- Recognize staged vs single payload notation.
- Be comfortable launching and navigating
msfconsole.
Exam Notes (PT1)
msfconsole is the main command-line interface for the Metasploit Framework.- Exploit, vulnerability, and payload are different concepts and should not be mixed up.
- Auxiliary modules handle support tasks like scanning; post modules are used after compromise.
- Single payloads use an underscore naming pattern; staged payloads use a slash-separated pattern.
- Metasploit is useful beyond exploitation alone and can support recon, scanning, payload delivery, and post-exploitation.