Metasploit Framework
Youtube Playlist Link: Click Here
What we can learn today ?
- 1**. What is Metasploit and How does it work ?**
- 2. Scanning for Vulnerabilities or Information Gathering
- 3. Exploitation Vulnerabilities:
- 4. Post-Exploitation & Ensure Backdoor
- 5. Hardening Metasploitable
- 6. Report Writing
Basics of Metasploit Framework
-
- Install Metasploitable on VirtualBox
- 8. Modules of Metasploit Framework
- 9. Component of Metasploit Framework
- 10. Metasploit Location on the Drive
- 11. Basic Commands of Metasploit Tools
A Practical Penetration test walk-through
- 12. Penetration test walk-through
Title: Exploring Metasploitable: A Comprehensive Guide to Vulnerable System Testing
1. What is Metasploit and How does it work ?
Metasploitable is a purposely vulnerable virtual machine that is designed to help security professionals and enthusiasts test their penetration testing skills in a safe and controlled environment. It contains numerous intentionally vulnerable services and software applications, allowing users to practice exploiting common security vulnerabilities without risking damage to real systems. In this article, we will explore the various tools and techniques available for testing and exploiting vulnerabilities in Metasploitable.
Following is the filesystem of Metasploit Framework (MSF):
- Data – contains editable files for storing binaries, wordlists, images, templates, logos, etc
- Tools – contains command utilities including plugins, hardware, memdump
- Scripts – contains Meterepreter scripts, resources to run functionalities
- Modules – contains actual MSF modules
- Plugins – additional extensions for automating manual tasks
- Documentation – documents and PDFs concerning Metasploit framework
- Lib – contains libraries required to run Metasploit from start to end
Metasploit Shell Types
There are two types of shells in Metasploit — for attacking or interacting with the target system.
- Bind Shell – here, the target machine opens up a listener on the victim machine, and then the attacker connects to the listener to get a remote shell. This type of shell is risky because anyone can connect to the shell and run the command.
- Reverse Shell – here, the headset runs on the attacker, and the target system is connected to the attacker using a shell. Reverse shells can solve problems that are caused by bind shells.
2. Scanning for Vulnerabilities or Information Gathering :
The first step in testing Metasploitable is to scan it for vulnerabilities. Several tools can be used for this purpose, including:
- Nmap: Nmap is a powerful network scanning tool that can identify open ports, running services and potential vulnerabilities on a target system.
- Nessus: Nessus is a vulnerability scanner that can perform comprehensive scans of systems and identify known security issues.
- OpenVAS: OpenVAS (Open Vulnerability Assessment System) is an open-source vulnerability scanner that can detect vulnerabilities in networks and applications.
3. Exploitation Vulnerabilities:
Once vulnerabilities have been identified, the next step is to exploit them. Metasploit Framework is one of the most popular tools for exploiting vulnerabilities in Metasploitable. It contains a vast collection of exploit modules, payloads, and auxiliary modules that can be used to test and exploit various vulnerabilities. Some common exploits available in Metasploit include:
-
MS08-067: This exploit targets a vulnerability in the Windows Server service and allows remote code execution on affected systems.
-
EternalBlue: EternalBlue is an exploit developed by the NSA that targets a vulnerability in the SMB protocol on Windows systems. It can be used to achieve remote code execution on vulnerable machines.
-
Shellshock: Shellshock is a vulnerability in the Bash shell that allows attackers to execute arbitrary commands on systems with certain configurations.
4. Post-Exploitation & Ensure Backdoor
After successfully exploiting a vulnerability, attackers often perform post-exploitation activities to maintain access to the compromised system and gather sensitive information. Some common post-exploitation techniques include:
-
Privilege Escalation: Attackers may attempt to escalate their privileges on the compromised system to gain access to additional resources or perform more advanced attacks.
-
Lateral Movement: Attackers may move laterally within the network to compromise additional systems and expand their foothold within the infrastructure.
-
Data Exfiltration: Attackers may exfiltrate sensitive data from the compromised system, such as usernames, passwords, and financial information, for use in further attacks or for profit.
5. Hardening Metasploitable:
Once testing and exploitation are complete, it's essential to harden the Metasploitable virtual machine to prevent further exploitation. This can include applying security patches, disabling unnecessary services, and configuring firewalls to restrict access to vulnerable services.
6. Report Preparing :
Conclusion:
Metasploitable is an invaluable tool for security professionals and enthusiasts looking to hone their penetration testing skills. By scanning, exploiting, and hardening vulnerable systems in a controlled environment, users can gain valuable experience in identifying and mitigating security vulnerabilities. However, it's essential to use Metasploitable responsibly and ethically, ensuring that testing is performed only on systems for which you have permission to assess.
Basics of Metasploit Framework
7. Prepare Metasploitable environment by installing VirtualBox
Install Virtual Box on Linux or Windows System: Click Here
Install Metasploitable on VirtualBox: Click Here
After proper installing of Metasploitable
8. Modules of Metasploit Framework :
We have 6 Modules on Metasploit Console ,
- Exploits - exploits in Metasploit are tools used to gain unauthorized access or control over a target system by exploiting its weaknesses. They are crucial components in cybersecurity assessments and can help identify and patch vulnerabilities before they are exploited by malicious actors. There are 2404 exploits available on Metaspoit framework.
- Auxiliary- Auxiliary modules in the Metasploit Framework provide support functionalities for various tasks such as network scanning, reconnaissance, and information gathering. Unlike exploits, they don't directly exploit vulnerabilities but aid in the preparation phase of security assessments. Auxiliary modules are essential tools for security professionals to gather intelligence about target systems, networks, and services without causing direct harm. There are 1239 Auxiliary available on Metaspoit framework.
- Post- Post modules in the Metasploit Framework are tools used for post-exploitation activities after gaining access to a target system. They enable security professionals to maintain access, gather information, perform privilege escalation, or manipulate compromised systems further. These modules enhance Metasploit's capabilities for comprehensive penetration testing and security assessment beyond initial exploitation. There are 442 post modules available on Metaspoit framework.
- Payloads- Payload modules in the Metasploit Framework contain the actual malicious code used to achieve specific objectives on a target system, such as gaining remote access or extracting sensitive information. These modules are delivered and executed after successful exploitation using exploit modules. Payloads are crucial for post-exploitation activities during security assessments, penetration testing, and red team exercises, providing flexibility and customization options for security professionals to tailor their attacks according to the target environment and objectives There are 1465 payloads modules available on Metaspoit framework.
- Encoders- Encoders in the Metasploit Framework are modules designed to encode or obfuscate payloads and shellcode to evade detection by antivirus software and intrusion detection systems. These modules help improve the success rate of payloads by altering their appearance without changing their functionality. Encoders are crucial for bypassing security measures during penetration testing and security assessments, allowing security professionals to deploy payloads stealthily and effectively.There are 47 Encoders modules available on Metaspoit framework.
- Nops- Nops (No Operations) modules in the Metasploit Framework are used to insert sequences of no-operation instructions into payloads or exploit code. These "no-op sleds" serve to provide a larger target area for exploitation, making it more likely for the payload to execute successfully. Nops are particularly useful in situations where the exact memory location of the payload may vary, helping ensure reliable exploitation across different systems and configurations. There are 11 Nops modules available on Metaspoit framework.
- Evasion- Evasion modules in the Metasploit Framework are designed to help bypass security defenses such as antivirus software, intrusion detection systems, and firewalls. These modules employ various techniques to obfuscate, modify, or manipulate payloads, exploits, or network traffic to evade detection or filtering mechanisms. Evasion modules are essential for conducting successful penetration tests and security assessments by simulating real-world attack scenarios and testing the effectiveness of defensive measures. There are 09 Evasion modules available on Metaspoit framework.
9. Component of Metasploit Framework :
Metasploit is open-source ans it is written in RUBY. It is an extensible framework , and you can build custom features of your likings using Ruby. You can also add different plugins. At the core of the Metasploit Framework , there are some key components,
- msfconsole -
msfconsoleis a command-line interface (CLI) component of the Metasploit Framework, providing users with a powerful interactive shell to access and utilize the framework's features. It allows security professionals and researchers to easily navigate through various modules, including exploits, payloads, auxiliary tools, and post-exploitation functionalities.msfconsoleserves as the primary interface for conducting penetration tests, security assessments, and exploitation activities, providing a streamlined and efficient environment for testing and validating vulnerabilities in systems and networks. - msfdb - The
msfdbcomponent of the Metasploit Framework is the database management system used to store information related to hosts, services, vulnerabilities, and exploit results. It enables users to efficiently manage and organize data gathered during penetration tests and security assessments. By utilizing a database,msfdbprovides features such as search capabilities, historical tracking of exploits, and the ability to correlate information across different modules. Overall,msfdbenhances the effectiveness and organization of security assessments conducted using the Metasploit Framework. you may store and organize to access them later. - msfvenom -
msfvenomis a versatile payload generator and encoder included in the Metasploit Framework. It allows users to craft custom payloads for exploitation purposes, such as creating shellcode, executables, or scripts to be used in various attack scenarios.msfvenomsupports a wide range of platforms, architectures, and payload types, offering flexibility and customization options for security professionals and researchers. It is an essential tool for generating payloads tailored to specific targets and objectives during penetration tests, red team engagements, and security assessments. - metepreter - Meterpreter is an advanced, post-exploitation payload in the Metasploit Framework, offering a powerful command-line interface and interactive shell on compromised systems. It provides a wide range of capabilities for remote access, reconnaissance, privilege escalation, lateral movement, and data manipulation on target systems. Meterpreter is designed to evade detection and maintain persistence on compromised hosts, making it a valuable tool for penetration testing, security assessments, and red team operations. Its flexibility and extensive feature set make Meterpreter one of the most widely used components in the Metasploit Framework for post-exploitation activities.
10. Metasploit Location on the Drive :
Metasploit Framework is located in /usr/share/metasploit-framework/ directory. You can find out all about is components. You can also add your own exploits here to access it from the Metasploit console.
cd /usr/share/metasploit-framework/
ls
cd modules
cd exploits
cd linux
cat file name.rb
11. Basic Commands of Metasploit Tools:
| COMMANDS | USES OF COMMANDS |
|---|---|
| sudo msfdb init | First things first, we need to initialize the database! |
| service postgresql start | To start database of Metasploit framework |
| msfconsole | To open Metasploit Framework Console |
| clear | Clear terminal command |
| show -h | list of parameters & modules |
| show “Parameter” | Type show then type specific parameter or modules |
| search | Search anything on Metasploit Framework |
| use “select Modules” | use specific parameters/modules |
| info | View particular description/details selected modules |
| options | View options of selected modules |
| set “Setting or Value” | Set value of selected option of modules |
| show payloads | Show payloads which is compatible with set exploits |
| check | Check Run commands |
| ? | Command list of Metasploit Framework |