Metasploit is the most widely used exploitation framework

main components:

• msfconsole
• Module
• Tsools

Clarify recurring Concepts:

• Exploit: A piece of code that uses a vulnerability present on the target system.
• Vulnerability: A design, coding, or logic flaw affecting the target system
• Payload: Payloads are the code that will run on the target system.

• Auxiliary: Any supporting module, such as scanners, crawlers and fuzzers, can be found here.
• Encoders: Encoders will allow you to encode the exploit and payload in the hope that a signature-based antivirus solution may miss them.
• Evasion: While encoders will encode the payload, they should not be considered a direct attempt to evade antivirus software.
• Exploits: Exploits, neatly organized by target system.
• NOPs: NOPs (No OPeration) do nothing, literally.
• Payloads: Payloads are codes that will run on the target system.
  • Singles: no need to download an additional component to run
  • Stagers: set up connection for smaller staged payloads.
  • Stages: Downloaded by the stager.
• Post: Post modules will be useful on the final stage of the penetration testing process listed above, post-exploitation.

btw. launching the calc.exe application is a benign way to show that we can run commands on the target system.

Search

This command will search the Metasploit Framework database for modules relevant to the given search parameter. You can conduct searches using CVE numbers, exploit names (eternalblue, heartbleed, etc.), or target system.

https://github.com/rapid7/metasploit-framework/wiki/Exploit-Ranking

Summary

The exploitation process comprises three main steps; finding the exploit, customizing the exploit, and exploiting the vulnerable service.