🔬Metasploit

An Open-Source framework used for PenTesting & Exploit Dev. + Has wide array of exploits/attacks and can be used to automate your own exploits.

It has many interfaces to use :

  • msfconsole - an interactive command-line like interface

  • msfcli - a literal Linux command line interface

  • Armitage - a GUI-based third party application

  • msfweb - browser based interface

MSFConsole basic workflow to exploit a target will be:

  1. Identify a Vulnerable service.

  2. Search for a proper exploit for that service.

  3. Load + Config the Exploit.

  4. Load + Config the Payload.

  5. Run the Exploit code & get access to the vulnerable machine.

Update Metasploit:

msfupdate //no longer supported as it's part of the os
apt update; apt install metasploit-framework

🥇Basic initialization:

Using DB, Start the PostgreSQL DB (store + faster search) + MS service:

Start MSFConsole

Workspaces:

Search for a module:

4200+ modules (exploits, auxiliary, payloads ,encoders, post, nops, evasion)

Show help or module:

🐱‍👤Basic Exploitation:

Use an Exploit:

Go Back after choosing something:

show info about selected module:

check the module options:

Config an option:

To run exploits Payload is needed. Payloads are pieces of code injected by an exploit into machine/service. we use them to get: - get OS shell. - a VNC/RDP connection. - a Meterpreter shell. - execute own own code/application

`show payloads` while using an exploit will show only working payload for that exploit

Set a Payload (after you used your exploit):

Launch the Exploit:

check exploit -h for extra info like (-e for encoding).

🔍Recon with Metasploit:

Search with Hosts ARP:

Doesn't show your own machine IP.

Port scan:

Nmap Scan inside MSFConsole:

Nmap Vulnerability assessment:

the script will tell you if a certain service is vul or not use the name of the vul along with search <vuk_name> to fine exploits and procedure with how to exploit above. regarding mentioned in ePTS: smb-check-wuls.nse check this out.

Meterpreter

Obtain SYSTEM privileges on the machine

check before and after getuid

Install a backdoor

remember your session ID:

many way to achieve persistence one way is this:

configurate:

Note that we will also need to enable the Payload Handler in order to receive the connection, as follows:

exploit now:

notice backdoor installed successfully but didn't un we need the target to reboot to work so we will go back to the Meterpreter session and reboot it like this:

instead of session 1 you can pick your own session if you got many against multiple targets. the ctr+z twice to get out and

check if any active listeners are running:

let's create a Metasploit listener to receive the connection. The payload has to be of the same type as the backdoor that was placed on the victim system:

check your sessions you should find your backdoor:

make sure you get system privilege then dumb hashes to crack them with john The Ripper:

explaining the hashdump output.

Search and Download files:

Killing all task

to kill all the Metasploit tasks and sessions:

Previous🔍NessusNextMeterpreter

Last updated

Was this helpful?