A walk-though of one way to use Metasploit to attack a remote system. In this scenario we create a fake website and attract a target to use. Once they visit the website, we have exploited them and can then use their machine as a proxy to attack other internal computers

source