The Metasploit FrameworkBy Elhamer Oussama Abdelkhalek
Contents :• Introduction :I. Basics .II. Running an attack The old fashioned way .III. Overview of the metasploit project and frameworkIV. Run the same attack using metasploit .• Metasploit overview and Basic framework usage .I. Metasploit Architechture .II. Consols .• MeterPreter basics and overView
Exploitation !• Vulnerability : a weakness which allow an attacker to braek into a system security.• Exploit : code which allow attacker to take advantage of a vulnerable system• Payload : A code that Run On the System After Exploitation
Run an Exploit The Old Fashion Way.The Vulnerability : RPCDCOM The Buffer Overflow In Rcp Interface ;.The Exploit And The PayLoad are Availble ;
The Problem !• A Lot Of Exploits !• Hard To Cutomize The Payload .• Testing exploit Research is Painfull !.• Metasploit is a Short Cut
What Is Metasploit ?• Metasploit has come to be synonymous with the Metasploit Framework.• The Metasploit Project Whose goal is to provide information that will be useful inI. Pentration Testing.II. IDS Signature.I. exploit research.• Developped By H.D Moor 2003 then acquired by Rapid7• Primarily written in perl,• Then Rewritten in Ruby ‘Largest proGramme Even Wrotte In Ruby’ !!• The framework is an open-source platform for developing, testing and using exploit code.• The current “stable” version is version 4• Similar to the commercial projects Canvas (Immunity) and Impact (Core)
Benefits• Over 600 tested exploits and 200 payloads !• Plug and play of payloads with exploits -matching the Payload whith The Exloit -Try different Payload with The Same Exploit Code .• Lot Of Tools and Features For better And Faster pentests
Using Metasploit • Show – list modules available (exploits, payloads, etc) • Use – Use a specific exploit module • Set – set specific variables (Case sensitive) • RHOST – Remote Host (who we’re attacking) • PAYLOAD – The payload to carry • LHOST – Local Host (for the phone home attacks, reverse shell) • Exploit – run the exploit. • RpcDcom Using Metasploit.
MeterPreter• What We Are Looking For is a Payload which :• - Avoid Creation of a new Process .• - Should Run in The Exploited process’ Context.• - Should Not Created a new File On disk .• - Import More Functionality (extending ) and not Be Limited Whith The Created Remote Shell Commande .• - That Exactly What MeterPreter Do !
Meterpreter Basics• Post exploitation Tool• Woks by using in memory DLL injection• Does Not Create any files on disk• Uses encrypted communication between Client and Attacker• Stable ,Flexible and Extensible !• Can be extended at runtime by shipping dlls To the Victime
How It Works• When The Exploit Succeed• Exploit and Run The First PayLoad • PayLoad Connectes Back To Msf • 2nd Stage Dll Injection Payload Sent • Msf Sends Merterpreter Server Dll• Client And Server Communication
Client Server CommunicationIn Meterpreter• The Communication Is Encrypted .• In The Form of TlVs (Type Length Value).• So Multiple Channels Of communication can use the same client –server connection .• Allow For multiple programs running on the victim to communicate at the same Time .• Demo.