Tryhackme - Metasploit: Introduction

Tryhackme – Metasploit: Introduction

In this walk through, we will be going through the Metasploit Introduction room from Tryhackme. This room will cover the fundamentals of one of the most popular exploitation framework out there, namely Metasploit. We will cover the components of the framework and how we can use it in exploitation part of our hacking methodology. So, let’s get started without any delay.

Tryhackme - Metasploit: Introduction

Task 1 – Introduction to Metasploit

Metasploit is the most widely used exploitation framework. Metasploit is a powerful tool that can support all phases of a penetration testing engagement, from information gathering to post-exploitation.

Metasploit has two main versions:

  • Metasploit Pro: The commercial version that facilitates the automation and management of tasks. This version has a graphical user interface (GUI).

  • Metasploit Framework: The open-source version that works from the command line. This room will focus on this version, installed on the AttackBox and most commonly used penetration testing Linux distributions.

The Metasploit Framework is a set of tools that allow information gathering, scanning, exploitation, exploit development, post-exploitation, and more. While the primary usage of the Metasploit Framework focuses on the penetration testing domain, it is also useful for vulnerability research and exploit development.

The main components of the Metasploit Framework can be summarized as follows:

  • msfconsole: The main command-line interface.

  • Modules: supporting modules such as exploits, scanners, payloads, etc.

  • Tools: Stand-alone tools that will help vulnerability research, vulnerability assessment, or penetration testing. Some of these tools are msfvenom, pattern_create and pattern_offset. We will cover msfvenom within this module, but pattern_create and pattern_offset are tools useful in exploit development which is beyond the scope of this module.

Task 2 – Main Components of Metasploit

Question 1 – What is the name of the code taking advantage of a flaw on the target system?


Question 2 – What is the name of the code that runs on the target system to achieve the attacker’s goal?


Question 3 – What are self-contained payloads called?


Question 4 – Is “windows/x64/pingback_reverse_tcp” among singles or staged payload?


Task 2 - Main Components of Metasploit

Task 3 – Msfconsole

Question 1 – How would you search for a module related to Apache?

search Apache

Question 2 – Who provided the auxiliary/scanner/ssh/ssh_login module?

info auxiliary/scanner/ssh/ssh_login module
info auxiliary/scanner/ssh/ssh_login module

Task 3 - Msfconsole

Task 4 – Working with modules

Question 1 – How would you set the LPORT value to 6666?

set LPORT 6666

Question 2 – How would you set the global value for RHOSTS  to ?


Question 3 – What command would you use to clear a set payload?


Question 4 – What command do you use to proceed with the exploitation phase?


Task 4 - Working with modules

Task 5 – Summary

Task 5 - Summary

Also Read: Tryhackme – Linux PrivEsc Arena

So that was “Metasploit: Introduction” for you. In this room, we have covered about the fundamentals of the exploitation framework, Metasploit. We looked into the main components of the framework, modules and its basic usage which can help us in the exploitation phase of our hacking methodology. Metasploit had hundreds of exploits, payloads and auxiliary modules for number of software, service and protocols. So, play it with to understand it more. On that note, i would take your leave and will meet you in next one. Till then, “Happy hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top