By: Multi Thinker
July 9, 2015
5 Elements to Explore in Metasploit Basics
By: Multi Thinker
July 9, 2015
- What is Metasploit?
- What Can We Do with It?
- Understanding Metasploit
- CLI Commands and Exploit Attacks
1. What is Metasploit?
Metasploit is software that works with hardware to find additional vulnerabilities and aids in figuring out the kinds of machines our victim/target is using (to attack it better or to defend it better). We must know what they're using to know we're suppose to do. Metasploit facilitates our work with such features as CLI (Command Line) and offers a GUI (Graphics User Interface i.e. Armitage)[caption id="" align="aligncenter" width="588"] Metasploit Terminal[/caption]
2. What Can We Do with It?
Metasploit exploits can be developed and Metasploit can be extended. The tool comes with various types of exploits for different OS's (MAC, Linux, Windows, and more). Different kinds of exploits can create different kinds of noise.
Metasploit can be run in:
Normally, Windows can be exploited with SMBA and we'll talk about that next. These exploits include unnecessary opened ports or backdoors, pass the hash and other methods.
rdesktop( remote desktop ) windows information / data transfer and many more.
Metasploit comes with SET (Social Engineering Toolkit). The Social Engineering Toolkit incorporates many useful social engineering attacks, all in one interface. The main purpose of SET is to automate and improve on many of the social engineering attacks out there. It can automatically generate exploit-hiding web pages and email messages. It can use Metasploit payloads and do other multiple tasks that we'll highlight next.
3. Understanding Metasploit
There are some small things we should know before getting started to Metasploit, including:
- postgre SQL
- Metasploit local service
- Configuration and uses
We discussed how Metasploit can be started both ways (CLI & GUI). Before Metasploit starts, we need to start these maintained services and load our configuration and exploits. The services can be started by typing in a terminal:
service postgresql start and Metasploit can be started by typing
service metasploit start
Note: Let them run in that window and open new window for the Metasploit console. Clicking on the terminal will open new instance and type 'msfconsole' to open.
After we started the services and run the console, we have a list of default exploits to use. Regarding SET, it also contains many methods to take over several items including tab nabbing, site cloning, key tracing, etc. I'll clarify them in detail in next part.
To get started, we need to stick with commands in the command line interface. To select targets and fix ports, the rport, rhost commands are used. We can see our target configurations by typing
show options - this will give you information about your configuration and attack progress.
Note: All of images are not mine; some are placed to help you understand more clearly.
We can set our rhost by typing
set RHOST 192.168.xx.xx (anything )in the terminal. In the same way, we can set our rport.
After setting the target we may see attack vector information by again typing "show options" we can search and check exploits by typing "search this ( write exploit name )" and can use that exploit by typing "use (this exploit name)" for example
Practically, we have Windows XP here and port 445 is open. We can use an SMBA exploit for Windows XP to remote desktop and takeover everything there with LAN or IP. We can do this both ways...
We can check whether our exploit can be implemented or not by typing
Check (this exploit name). If the result is positive, we can exploit it by typing
exploit and access our target.
Armitage is a GUI version of the Metasploit framework. We can check almost every kind of attack available just by clicking. Armitage is build on Java and it's a bit slower then CLI. Adding host and configuration info is just a matter of clicking.We can figure out what OS is running and can exploit it co-correspondingly. In the next chapter, we'll learn:
- SMB Exploitations
- Custom Exploits
- Passing the Hash