December 18, 2022 · 6 min · 1205 words · Charles Mcgehee
Introduction In this tutorial you will be learning what metasploit is and how to use it.
What is Metasploit? The Metasploit Framework (Msf) is a free, open source penetration testing solution developed by the open source community and Rapid7. It covers the different techniques of information gathering and vulnerability scans using this tool. Metasploit eliminates the need for writing of individual exploits, thus saving considerable time and effort.
Metasploit’s Terminologies Metasploit has three terminologies that are: Vulnerability, exploit and payload.
Vulnerability: A weakness in the target system through which penetration can successfully occur.
Exploit: Once the vulnerability is known, an attacker takes advantage of it, and breaks into the system using a code/script known as an exploit.
Payload: This is a set of tasks initiated by attacker subsequent to an exploit, In order to maintain access to the compromised system.
NMAP: The Nmap (network mapper) command can be used to perform service scans and information gathering using msf. Nmap has been able to extend its discovery capabilities beyond simply figuring out whether a host is up or down and which ports are open and closed. It also determines which type of operating systems and which version of listening service.
Meterpreter
Meterpreter has 6 types of commands 1) Core Commands Command Description ——- ———–
Help menu background Backgrounds the current session bgkill Kills a background meterpreter script bglist Lists running background scripts bgrun Executes a meterpreter script as a background thread channel Displays information about active channels close Closes a channel detach Detach the meterpreter session (for http/https) disable_unicode_encoding Disables encoding of unicode strings enable_unicode_encoding Enables encoding of unicode strings exit Terminate the meterpreter session help Help menu info Displays information about a Post module interact Interacts with a channel irb Drop into irb scripting mode load Load one or more meterpreter extensions migrate Migrate the server to another process quit Terminate the meterpreter session read Reads data from a channel resource Run the commands stored in a file run Executes a meterpreter script or Post module use Deprecated alias for ‘load’ write Writes data to a channel
Stdapi: File system Commands
Command Description ——- ———–
cat Read the contents of a file to the screen cd Change directory del Delete the specified file download Download a file or directory edit Edit a file getlwd Print local working directory getwd Print working directory lcd Change local working directory lpwd Print local working directory ls List files mkdir Make directory pwd Print working directory rm Delete the specified file rmdir Remove directory search Search for files upload Upload a file or directory
Stdapi: Networking Commands Command Description ——- ———– ipconfig Display interfaces portfwd Forward a local port to a remote service route View and modify the routing table
Stdapi: System Commands
Command Description ——- ———–
clearev Clear the event log drop_token Relinquishes any active impersonation token. execute Execute a command getpid Get the current process identifier getprivs Attempt to enable all privileges available to the current process getuid Get the user that the server is running as kill Terminate a process ps List running processes reboot Reboots the remote computer reg Modify and interact with the remote registry rev2self Calls RevertToSelf() on the remote machine shell Drop into a system command shell shutdown Shuts down the remote computer steal_token Attempts to steal an impersonation token from the target process sysinfo Gets information about the remote system, such as OS
Stdapi: User interface Commands
Command Description ——- ———– enumdesktops List all accessible desktops and window stations getdesktop Get the current meterpreter desktop idletime Returns the number of seconds the remote user has been idle keyscan_dump Dump the keystroke buffer keyscan_start Start capturing keystrokes keyscan_stop Stop capturing keystrokes screenshot Grab a screenshot of the interactive desktop setdesktop Change the meterpreters current desktop uictl Control some of the user interface components
Stdapi: Webcam Commands record_mic : Record audio from the default microphone for X seconds webcam_list : List webcams webcam_snap : Take a snapshot from the specified webcam
Priv: Elevate Commands getsystem : Attempt to elevate your privilege to that of local system. Priv: Password database Commands Hashdump : Dumps the contents of the SAM database
Priv: Timestomp Commands timestomp : Manipulate file MACE attributes
How to enter into meterpreter
Metasploit Console
The below command is used to scan and OS detection of target system
Here we are using Smb vulnerabilities. Smb is a server message block protocol which is used to provide shared access to files, printers, serial ports between the computers in the network.
This vulnerability in server service could allow remote code execution. “Arbitrary code”, it typically means that the bad guy can run any command on the target system the attacker chooses.
This could mean that the attacker triggers code already on the box, invoking a program or DLL by exploiting the vulnerability. Alternatively, the attacker could trigger the vulnerability to load his/her own code on the box and then run it. In a sense, these two operations are really pretty much the same thing. Either way, the attacker wins.
First Attack The next step in this Metasploit is to get into actual exploitations using Metasploit. Let us attempt to exploit a system on Windows XP with SMB vulnerability with an attacker system running Metasploit. The lab setup includes a Windows XP attacker system with Metasploit framework installed and a Windows XP vulnerable system, both on VMware.
The “info” command will provide you detail information about a particular module including all options, available targets and other information.
The “use” command is used to select the particular module.
The “set” command allows you to configure framework options and parameters for the current module you are working with. Here we are selecting Payload related to windows
The “show options” command is used to display which settings are available or required for that specific module.
Here we are setting the target IP address
The “check” command is used to check if a target is vulnerable to a particular exploit instead of actually exploiting it but all the modules does not support the check command.
Finally use “exploit” command is used to exploit the target system
Steps to be followed to attack the target system:
Here we can view the desktop of the target system via VNC viewer. Now we can delete some files or modify the files of the target system.
Second Attack: Here we are adding the extra user to the target system. Sometimes this attack can crash the target system
Third Attack: Capturing a screenshot Screenshot command of meterpreter suite will export an image of what uset is doing on his desktop to our machine. Desktop screen can be used for gaining lot of information about the remote machine for example; you might to know about which antivirus is being used at remote machine etc
Then we can get screen shot of remote machine.
Fourth Attack: Capturing keystrokes (snipping) Using this we can grab what user types on the remote machine if we want to capture all data user is typing in explorer. By using this we can grab user name, password of an email account.
We can find out these details at following location
Like this we can do so many attacks:
Enjoy the tutorial BDTrickers