Metasploit: widely used exploitation framework. -powerfull tool that can support all phases of a penetration testing engagement -two versions:
- Metasploit Pro: commercial version (automation and management with GUI)
- Metasploit Framework: open-source in CLI -set of tools for information gathering, scanning, exploitation, exploit development, post-exploitation and more -main components:
- msfconsole: main command line interface
- modules: supporting modules such as exploits, scanners, payloads etc
- tools: stand-alone tools that will help vulnerability research, vulnerability assessment, or pen testing (msfvenom, pattern_create and patter_offset)
Exploit: piece of code that uses a vulnerability present on the target system Vulnerability: a design, coding or logic flaw affecting a target system Payload: code that will run on the target system
modules and categories -Auxillary: any supporting module, such as scanners, crawlers and fuzzers -Encoders: encode exploit and payload such that it avoid signature based antivirus -Evasion: evade antivirus software -Exploits: exploits organized by target system -NOPs: No Operation, cpu will do nothing for one cycle, used as buffer to achieve consistent payload sizes -Payloads: getting a shell, loading malware or backdoor to target system, running a command or launching calc.exe. Three categories:
- Singles: self-contained payloads, don’t need additional component to run
- Stagers: set up connecion b/n metasploit and target system. staged payloads will upload a stager to the target system then download the rest of the payload (stage).Inital size of the payload will be relatively small compared to full payload sent at once
- Stages: downloaded by stager, use larger sized payloads
run metasploit msfconsole - msf6 command line -can be used just like a regular command-line shell -does not support output redirection -autocomplete -modules to be used are selected using ‘use’ command -‘show’ command followed by module type (auxiliary, payload, exploit, etc.) -‘back’ command -‘info’ command
Working with Modules -Can not use metasploit commands on regular command prompt -msfconsole prompt: msf5 or msf6 is the msfconsole prompt -context prompt: use a module and set command to chose it, can use context-specific commands -meterpreter prompt: important payload, means a meterpreter agent was loaded to the target system and connected back to attacker -shell on a target system: once exploit is complete, access to command shell on target system is achieved - regular command line
Common Parameters RHOSTS: “remote host” - IP of target system RPORT: “remote port” - port of target system PAYLOAD: payload to be used with the exploit LHOST: “local host” - IP of attacking system LPORT: “local port” - port used for reverse shell to connect back to SESSION: each connect established to the target system using Metasploit
‘unset’ command: clear any parameter value ‘unset all’ : clear all parameters ‘setg’: set values that will be used for all modules ‘set’: set values for current module ‘exploit’ command: launch module ‘run’ command: an alias for exploit command ‘check’ option will check if target system is vulnerable without exploiting it ‘background’: background the session propmpt and go back to msfconsole prompt ctrl + z: background sesssions ‘sessions -i’: interact with any session, followed by the desired session number