- Booth Crawl
- Business Topics
- Buying Advice
- Cloud and Virtual Computing
- Computer Repair
- Data Recovery
- Meetings/ Seminars
- PHP Programming
- Ramblings/ Philosophy
- Security / Data Integrity
- Telephone Systems
- Web Design
- Web Marketing
- Web Publishing
- Windows Server 2012
Introduction To Metasploit – The Basics
What Is It?
Metasploit is a very valuable tool for pen testing networks and is written in Ruby. It may seem daunting at first but hopefully this blog will give you a basic concept on how things work.
To begin these tutorials off right I think I should familiarize you with some common terms that are going to be used in this series on Metasploit. That way when you see these terms you will know what I am talking about. This also assumes you have explored the network for vulnerabilities.
- Modules – a piece of code that can be added to the Metasploit framework to achieve certain tasks, these are written in Ruby.
- Payloads – The actual body of data that sent over a session from an attacker to a victim machine.
- Exploit – This is the actual security flaw that we are using to attack a victim machine or network. These include web applications, database servers, mis-configured routers or web servers etc.
- Shellcode – Type of exploit code in which byte code is inserted to accomplish a particular objective.
- Session – Connection from a successful exploit. (2 way communication from attacker to victim and vise versa)
- Auxiliary – Other modules besides the exploitation ie: post exploitation.
- RHOST – Remote Host (IP Address Of Machine We’re Attacking)
- RPORT – Remote Port (Port Number We’re attacking / listening on)
- Msfconsole – This is the all in one interface to almost all the features in Metasploit. Msfconsole can be used to for navigating attacks, creating listeners and payloads, and launching attacks.
- Msfcli – You can also use Msfcli for attacks but this is more for scripting.
- Armitage – This is a front end GUI for the Metasploit framework. It updates dynamically with Metasploit.
Let’s first go over exploitation with Msfconsole as this is the most robust and my personal favorite :) I have shown below an example of the commands used to execute an attack in the Msfconsole (Shown Below)
We would start off by opening a terminal window in Backtrack and typing “msfconsole” without quotes. Once you have msfconsole up and running we will begin exploiting the Windows box.
Type “use auxiliary/dos/windows/rdp/ms12_020_maxchannelids” Once we have done that we can then use the “show options” commands to see what parameters need to be entered for the exploit. (Shown Below)
For this particular exploit we can see that RHOST and RPORT are both required to be set before running the attack module. This is where our “set” command comes in handy, we can type “set RHOST <IP Address>” without quotes it will then apply the IP address to the remote host (victim).
As well you set the RPORT which is the remote port it’s default is 3389 but you could set it to whatever port you have attack listening on. So by far the most common commands you will be using is “use, set, show options, exploit etc.
Using Payloads And Searching In Metasploit
Another great command I like to use in Msfconsole is the search command, simply type “search rdp” without quotes and we will get a list of all the available Remote Desktop Protocal exploits. You could also search for Windows, TCP, UDP etc, etc..
The next thing I want to show you is how to set payloads in addition when using your exploit, for this we are going to use a different exploit for demo purposes. Type “use windows/smb/ms_08_067_netapi” without quotes and press enter. (Shown Below)
Now we are using this exploit module in for our attack, after that type “show options” without quotes and press enter. Hopefully you are seeing a pattern here ;) you use, “use” to select the exploit module and then “show options” to see what needs to be set (Shown Below)
So just as in the previous exploit we need to set the RHOST, RPORT, and SMBPIPE to do this simply type “set RHOST <IP Address>”without quotes” Let’s go over tacking on a payload to our exploit, a command that is good to see all the compatible payloads is “show payloads” this will give you a list of all the payloads that can be used (Shown Below.)
Once you have found a payload you would like to use simply highlight the name of it, right click and click copy. Now we just have to type “set payload and paste the name of the payload in. For this demo we are going to use a a meterpreter bind tcp payload.
Type “set payload /windows/meterpreter/bind_tcp” without quotes and press enter. Now our payload is set from here we can type “show options” without quotes again and see now that we have a lot more options to configure (Shown Below)
I’ve highlighted the actual payload options screen, all we need to do is set an RHOST for this payload to work. Type “set RHOST <Victim IP>” and press enter. Once our RHOST has been set we are now ready to use the almighty “exploit” command simply type exploit and let Metasploit do the work for you.
This concludes my introduction to Metasploit, I will have more coming soon on the Msfcli and and some other various things that can be done within the framework. Thank you for reading, don’t be evil!
David Rucilez, aka Nullset, is the owner and operator of Nullset Computer Co. in Reno Nevada. His company focuses on supporting small and large business networking contracts. David graduated from Wright State University Ohio with a BS in Computer Science, and also holds the MCSE and CCNA certifications.