Metasploit can be an extremely valuable tool to any hacker, no matter what color hat you are. The Metasploit tool is, officially, a penetration testing tool which is based off of the Metasploit Framework. The Metasploit framework is a large collection of vulnerabilities and "payloads" or explicit code to be executed after the vulnerability has been exploited.

The way that Metasploit works is that the client (or user) first selects an exploit. These exploits are generally unique to the operating system of the server and so, two exploits may seem the same but in fact they are very different from one another/each other. After the exploit has been chosen, the client then chooses a payload. Each payload option is different from the others. Even though many of them may have the same effect, such as spawning a shell for the server client-side, the means by which this is done is different and unique to each payload, as one server may be susceptible to one variant but not another. After the user has selected both his exploit and his payload, he needs to enter in critical data such as the server's IP address and port, as well as other options unique to both the exploit and payload. After the options are entered and everything is set, the user can execute the exploit, he (or she) then just sits back and waits to see if their desired effect actually occurs or not. Remember, just because the desired effect didnt work doesnt mean that its not possible. You may have chosen the wrong exploit, payload, and/or option. Just keep trying.
The order of operations to use Metasploit properly are displayed below (quotes are direct commands typed into the console/terminal and non quotes are unique to you, the client/user and cannot be predicted by me, these must be entered in by you):
1.) "show exploits"
2.) choose exploit (for help on choosing a payload/getting info on the payload, type: "info exploit" exploit-name)
3.) "use" exploit-name
4.) "show payloads"
5.) choose payload (for help on choosing a payload/getting info on the payload, type: "info payload" payload-name)
6.) "set payload" payload-name
7.) "show options"
8.) "set" option-name-to-desired-value (ex..//set RHOST 192.161.1.1) or (ex..//set RPORT 80)
9.) If necessary to choose a target, type "show targets" then "set targets" target-#
10.) "show options"
11.) double check everything needed by Metasploit to execute the exploit is entered
12.) if applicable to the exploit, type "check" to see if the exploit will work
13.) "exploit"
14.) sit back and watch the fireworks
To get more exploits/payloads or to update the framework, goto the Metasploit website to update/get information on how to update. This is crucial as servers are patching and "unpatching" potential vulnerabilities everyday
(note: if error such as "Exploit Failed" occurs and you followed the instructions above, restart Metasploit and try again. If it continues, or if you have any other questions or comments, contact me either through this form post or my email, I would be happy to help you.)
For more information:
http://www.metasploit.com/
http://en.wikipedia.org/wiki/Metasploit