With such tools as Metasploit, all it takes is one missing patch on one system to gain access and demonstrate how the entire network can be compromised.

Before you go ’sploitin’ vulnerabilities with Metasploit, it’s very important to know that you’re venturing into sensitive territory. Not only can you gain full, unauthorized access to sensitive systems, but you can also put the systems being tested into a state where they can hang or reboot. So, read each exploit’s documentation and proceed with caution.

Before you can exploit a missing patch or related vulnerability, you have to find out what’s available for exploitation. The best way to go about doing this is to use a tool such as QualysGuard or LanGuard to find them.

After you find a vulnerability, the next step is to exploit it. Here’s how:


Download and install Metasploit. After the installation is complete, run the Metasploit GUI.

The Metasploit GUI is now referred to as the Metasploit Framework GUI (MSFGUI) which is Metasploit’s main console


Expand the Exploits option to see what exploits are available to run..

If you know the specific vulnerability (say, Microsoft’s MS08-067), you can simply enter part or all of the search term (such as ms08) in the search field at the top and then click Find.


After you find the exploit you want to run against your target system, simply double-click the exploit and then follow the steps starting with selecting the target operating system; click the Forward button.

Select Automatic Targeting if it’s available; otherwise, make your best guess of which version of Windows is running and then click the Forward button.


Select the payload you want to send to the target and then click the Forward button.

The payload is the specific hack that you want to attempt.


Enter the IP address of the target system in the RHOST field and confirm that the IP address shown in the LHOST field is the address of your testing system. Click the Forward button.

After clicking Forward, you will have one more chance to confirm or cancel this hack.


Confirm your settings on the final screen, and click the Apply button.

The job executes, and you see the shell session in the Sessions section in the lower-right quadrant of the Metasploit GUI.


Double-click the session and a new window opens with a command prompt on the target system.

To add a user, simply enter net user username password /add at the Metasploit command prompt.

Next, add the user to the local administrators group by entering net localgroup administrators username /add at the Metasploit command prompt. You can then log in to the remote system by mapping a drive to the C$ share or by connecting via Remote Desktop.