Metasploit Framework

The Metasploit Framework is an open-source set of tools used for network enumeration, attacks, testing security vulnerabilities, evading detection, performing privilege escalation attacks, and performing post-exploitation.
This module introduces the fundamentals of the Metasploit Framework with a retrospective analysis of the usage of automated tools in today's penetration testing environments. Despite the industry debates revolving around the level of security knowledge needed to operate a swiss army knife type tool such as Metasploit, frameworks such as this allow for in-depth exploration and auditing for which one might not have the necessary time given different circumstances.
Completion of this module on Hack The Box Academy is a requirement for the CREST CPSA/CRT and CCT/APP exams, alongside the Hack The Box CPTS certification path.
This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts presented in each section. You can do this in the Pwnbox provided in the interactive sections or your virtual machine.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
The module is classified as "Easy" but assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.
If you want to read the module in its entirety, click here.

  • This module is fairly comprehensive and really fun! I recommend taking this before doing the Getting Started with Hack the Box module. The last lab (meterpreter) does have several rabbit holes though that I had to work through.

    dsneddon00

  • Great intro to MSF utilities, would love to see more in-depth modules on AV Evasion and exploit development with metasploit. Labs were awesome and had fun throughout. Learnt even more rigorous ways to use metasploit framework.

    KillSwitchX7

  • I really like this module was really fun. I took my own spin on it though and did not follow too much of what was told of me but did get a lot of useful information from this!!!

    parrotassassin15

  • I had some background with Metasploit and wanted to ensure I had a solid foundation. For me, it was a great tutorial/guide that was clear and easily understood. One detail I didn't see mentioned was all the labs require the LHOST to be set to tun0.

    supercj70

  • HTB Academy's 'Using the Metasploit Framework' Module will leave you feeling empowered and self-confident, with the requisite skills to use this amazing tool in the challenges you face ahead. You will want to take this Module, make no mistake about it.

    41414141

  • Great module, well written, informative and challenging tasks (a fun challenge, not a tear-out-my-hair challenge)

    cheekychimp

  • Very enlightening, when studying for hacking certifications Metasploit doesn't often get much attention, I'm glad to better know the framework now.

    BingusDingus

  • I gotta say, I feel like a legit hacker now. This module had everything: setting targets, payloads, pivoting, and even creating custom modules. Move over, Mr. Robot, there's a new hacker in town! seriously, step-by-step instructions were easy to follow

    Ehtisham