Part 4 - GUI Overview

Video Activity

This lesson offers a GUI overview. In GUI, you can examine services as well as notes following an exploit. In GUI, there's a modules tap you can use to launch exploits directly. There are also advanced options and is very detailed.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 38 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Description

This lesson offers a GUI overview. In GUI, you can examine services as well as notes following an exploit. In GUI, there's a modules tap you can use to launch exploits directly. There are also advanced options and is very detailed.

Video Transcription
00:03
>> After looking at some services information,
00:03
we can also examine some notes.
00:03
I exploited this NFS export.
00:03
Can you see what that looks like?
00:03
It also populate the File Shares tab because of this.
00:03
Under the Modules tab,
00:03
you've got some different exploits
00:03
you can try to launch directly.
00:03
Some of these may not work as is,
00:03
you may have to tweak the parameters a little bit.
00:03
For VSFTP, if you try to run this module as is,
00:03
we should be able to get a meterpreter host.
00:03
It tries to do the login with the smiley face
00:03
>> in the credentials as I mentioned before.
00:03
>> You can look at the Advanced Options.
00:03
It gives you quite a bit of granular control.
00:03
This is basically very similar
00:03
to what we would see for show options,
00:03
except it's a little bit more detailed.
00:03
Show options from the command
00:03
>> line version of Metasploit.
00:03
>> If I go back to Modules,
00:03
[NOISE] actually need to go.
00:03
Then navigation within the community edition can be a
00:03
little bit less than ideal.
00:03
There's some Samba username
00:03
>> mapping script exploits here,
00:03
>> looking for my NFS mount system I ran
00:03
earlier and it tries to see if
00:03
I can detect NFS exported file systems.
00:03
Again, we have some advanced options and so on.
00:03
If I run the module, it finds that I am
00:03
exploiting the entire root file system
00:03
of this particular system.
00:03
If I go back to my results,
00:03
[NOISE] once you've run that,
00:03
then file shares will show up with root,
00:03
as we see here, and
00:03
one of my notes we also mentioned that that happened.
00:03
There's other notes related
00:03
to the fingerprinting of the kernel,
00:03
bits of information about the host itself.
00:03
There are no current sessions active,
00:03
but if there are meterpreter session
00:03
or another type of shell,
00:03
that would be here and you can
00:03
interact with it the same way you
00:03
would by using the command line addition.
00:03
As I've mentioned before,
00:03
>> I actually prefer command line.
00:03
>> But maybe with more exposure to the GUI,
00:03
I might grow to like it a little bit better.
00:03
I guess maybe I'm a little bit old school in that way.
00:03
But the GUI has definitely has some advantages in
00:03
that you can manage larger collections of
00:03
hosts a little bit more easily since you
00:03
can see the information visually.
00:03
You can set up campaigns where
00:03
you've got a group of systems that you're
00:03
working on and you want to categorize
00:03
your information or keep it organized and so on.
00:03
It's very useful. But that's
00:03
a nice little overview of what
00:03
Metasploit Community Edition looks like.
00:03
It's definitely worth installing
00:03
this and playing around with it.
00:03
Keep in mind though that
00:03
the database instance for
00:03
Community Edition isn't necessarily going
00:03
to be the same one that you're used for
00:03
the Metasploit Framework console.
00:03
There are ways to export and import
00:03
data from one database to the other,
00:03
but if you choose to stick with the command line of
00:03
console or command line related tools
00:03
then when you go into the community edition,
00:03
you're not going to see your information there
00:03
unless you import it to
00:03
that other Postgres database, and vice versa.
00:03
If you started with the GUI but you
00:03
want to switch to command line,
00:03
you'd have to export the data from
00:03
one database and import it to the other because
00:03
those are two separate instances of
00:03
Postgres that sit on your Kali system.
00:03
That's the end of this section.
00:03
Thanks and I'll see you in the other section.
Up Next