View Feed
group-icon
Hacking and Computer Security
Community for every ethical hacker and computer security enthusiast to discuss latest and the best concepts and ideas.
414 Members
Join this group to post and comment.

Is it possible to hack any system with metasploit only?

I am just a script kiddie who request you all to explain what metasploit is and how can i master on it with having some basic stuff about working with pen-test tools.

Kaustubh Katdare
Kaustubh Katdare • Feb 11, 2019

Tagging our security expert @Rahul Jamgade . Sir, could you please help? 

In general hackers or crackers aim to install their own payload on the compromised machine. With Metasploit you can do that without having any networking or security knowledge. Simply run a few commands and you will be cracking into remote machines. My friends used it to create APKs that were distributed over file sharing websites. People are so stupid that they download anything that's labelled FREE. Once the user has downloaded the APK you can literally own their phone. I won't go into details; but I know it works because I saw it with my eyes. 

Just a word of caution though. Be careful to not cause any damage to the client machine. The bigger problem is dealing with police who won't understand the difference between cracking and safe-hacking. 

Kaustubh Katdare
Kaustubh Katdare • Feb 12, 2019

@Naveen Sunil - you might have worked on this? 

Naveen Sunil
Naveen Sunil • Feb 12, 2019

I wouldn't say that you can hack into any system with metasploit. But what you can get is atleast a basic connection with the target through vulnerabilities present in the machine. Metasploit can get you a shell in quick time if you have all detailed report about the target system. 

Now what is hard part in Metasploit is getting your payload to the target successfully. There are numerous ways to do that.

But just using metasploit you cannot do any miracle. If you have all info about your target then Metasploit makes thing easy for you.

Thank you, @Naveen Sunil . It is difficult to get the access to the root account of the remote system. @Weed Guy - What's your use case for using it? Try it first on your college network.

Rahul Jamgade
Rahul Jamgade • Jun 3, 2019

Sorry for the very long delay in answering it. Metasploit is a framework for hacking and pen testing in a layman's language. That essentially means that all the components necessary for exploiting and compromising a system are available in a procedural method or way. This means the steps are generally well defined and you just follow the procedure and one can get hold of the system under attack. 

However saying that "Any system can be hacked into" is bit exaggeration. Reasons are simple and straight forward. Important to understand that the system under attack should be vulnerable. Also, do metasploit has a  scanning module that can scan and identify a particular vulnerability is the targeted system is important. There are other vulnerability scanners that can be deployed to do the job. Nessus and Openvas are two such vulnerability scanners that are used world wide. 

As said , it has multiple  components or modules, such as 

Auxiliary

Exploits 

Payloads

Encoders

Each has different roles to pay and has  to follow particular hierarchy to be successful.

No doubt that it is a very easy way to compromise a targeted system under attack. 

  To learn the metasploit , one should have understanding of topics like 

1. What is encoder, why it is used

2. Which components of the targeted system should be scanned for vulnerability so that it can be exploited (such as web, application, protocol,OS etc.)

 3. Can I use other ways to exploit the system, of the system does not seems to be vulnerable (Like using social engineering techniques) 

4. What kind of payload needs to be used 

Once  you have this understanding it be easy to master the metasploit framework.

Caution: Hacking is a criminal offence. There are severe punishments for such crimes . In India it is   monetary  as well as Imprisonment up to life term for any serious offences. Please practice on your own system to which you are authorised to.


Share this content on your social channels -