Metasploit (Jiale and Xiao)

I just want follow a demo and try it!

Or looking for practice?

Contents

1. Background
   • Metasploit project
   • Metasploit framework
   • Architecture
2. Launching
3. Get help and info
4. Information Gathering
5. Pick a vulnerability and use an exploit
6. Configure the exploit
7. Execute the payload
8. Exploit or check
9. Database and workspace
10. Resources

Background

• Metasploit project

  The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

• Metasploit framework

  Metasploit Framework is the best-known sub-project of Metasploit project, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.

• Architecture

  

Launching

• Start services:
  applications > kali linux > system services > metasploit > start
• Start console:
  applications > kali linux > top 10 security tools > metasploit framework

Get help and info

• Help session of a command:
  help [command]
• For example, to get the help section for the search command:
  help search
• Details information of a exploit:
  info [path of exploit]
• Example:
  info auxiliary/scanner/ssl/openssl_heartbleed

Information Gathering

• db_nmap, same as nmap but record the results in database.
• For example:
  db_nmap -v -sV localhost
  Will perform a service version detection on localhost
• More options can be found at:
  http://nmap.org/book/man-briefoptions.html
• The results are stored in database, and we can query it latter.
  Two examples of query:
  hosts
  services -p 22
  More details about database can be found here.

Pick a vulnerability and use an exploit

• Search for exploits:
  search type:exploit
  search CVE-XXXX-XXXX
  search cve:2014
  search name:wordpress
  
• Example:
  search samba
• Use an exploit, example:
  use exploit/multi/samba/usermap_script

Configure the exploit

• Show available options of an exploit:
  show options
• Set an option:
  set option content
• For example, set the option rhost to 192.168.1.100:
  set rhost 192.168.1.100

Execute the payload

• Payloads are available to some exploits.
• Show available payloads of an exploit:
  show payloads
• Set an payload:
  set payload payload_path
• Example:
  set payload php/meterpretere/bind_tcp

Exploit or check

• Once finish all settings, type "run" or "exploit".
• You also can type "check" for check whether it is vulnerable or not.
  Not all modules are compatible with check, and some are check only.
  Caution: Sometimes even check is dangerous! (Can be harmful)

Database and workspace

• List all hosts in the database:
  hosts
• List hosts with column address and os_flavor:
  hosts -c address,os_flavor
• Find only the Linux based machines from our scan:
  hosts -c address,os_flavor -S Linux
• List all services in the database:
  services
• Searching all hosts contained in our database with a service name containing the string 'http':
  services -c name,info -S http
• Need more options? Type command -h, for example:
  hosts -h


• New workspace:
  workspace -a new
• Switch workspace:
  workspace default
• Delete workspace:
  workspace -d new

Resources

• Simple tutorial for beginners
• An in-depth online course