Metasploit

Useful terminology:
• Vulnerability: A weakness in the target system, through which penetration can
successfully occur.
• Exploit: Once a vulnerability is known, an attacker takes advantage of it, and breaks
into the system using a code/script known as an exploit.
EXPLOIT = VULNERABILITY + PAYLOAD
• Payload: This is a set of tasks initiated by the attacker subsequent to an exploit, in
order to maintain access to the compromised system
• CLI: command line interface
• GUI: graphical user interface
• MSF: Meta Sploit Framework

WARNINGS
Metasploit is very powerful, and very dangerous
I used VMWare to isolate the operating system from other systems and the
internet
Use of this on any unauthorized way will get you fired / arrested /
deported etc...

HISTORY OF THE METASPLOIT PROJECT
• Metasploit Project
–HD Moore & Friends
–A community-driven project since 2003
• Rapid7
–Maker of NeXpose Vulnerability Management
–Purchase the Project from HD
• Metasploit Framework
–The original open
-source exploit framework

THIS VIDEO INVOLVES
• Usage of METASPLOIT
• Social engineering
• Organization's server crashes from a DoS attack
• Honeypots
• Difference between White hat and Black hat hacker
• Data breaching

METASPLOIT TOPICS
Fundamentals
about
Metasploit
Framework
Usage Scanning Exploitation
Post
Exploitation
Writing
Metasploit
Modules

WHAT IS METASPLOIT?
• Metasploit Framework, created by the Metasploit Project, is the most popular exploitation
tool available for developing, testing, and performing exploits. It allows penetration testers,
auditors, and vulnerability assessment personnel to create their own penetration testing
systems and exploit modules.
• It is A collaboration between the open source community and Rapid7
• An exploitation framework written in Ruby, currently at version 4.9.1
• It’s modular
• Contains exploits, payloads, encoders and auxiliaries

METASPLOIT VERSIONS
•1.0 released in 2003 (Perl)
•2.0 released in 2004 (Better Perl)
–2.7 released in late 2006
•3.0 released in 2007 (Ruby)
–3.4 released in early 2010
–3.4.1 is the most recent release
•Metasploit now has 567 exploits and 283 auxiliary modules (up from 551 and 261 in
v3.4)

VERSIONS AND BASICS
- Metasploit Framework Edition
• The free version
- Metasploit Community Edition
• A free, web-based user interface for Metasploit
- Metasploit Express
• An open-core commercial edition for security teams who need to verify vulnerabilities
- Metasploit Pro
• An open-core commercial Metasploit edition for penetration testers
- Armitage
• Is a graphical cyber attack management tool for the Metasploit Project that visualizes
targets and recommends exploits.

• Runs on any operating system
-Source code for Linux / Unix / MacOS X
-Portable to Windows via CYGWIN
• Allows anyone to exploit & usually “root” certain machines with only an IP address
and a basic background of the system
• Requires no knowledge of the software bug, or exploit machine cod

WITH METASPLOIT, YOU CAN PERFORM THE FOLLOWING OPERATIONS
Conduct basic penetration tests on
small networks
Run spot checks on the
exploitability of vulnerabilities
Discover the network or import
data
Browse exploit modules and run
individual exploits on hosts.

• Auxiliary modules – are used for information gathering, enumeration, port
scanning and that sort of thing. There are plenty of useful tools in there too for
things like connecting to SQL databases and even tools for performing man-in-
middle attacks.
• Exploit modules – are generally used to deliver exploit code to a target system.
• Post modules – offer post exploitation tools such as the ability to extract password
hashes and access tokens and even modules for things like taking a screenshot,
logging and downloading files.
• Payload modules – are used to create malicious payloads for use with an exploit

AUXILIARY
• Typically, an Exploit without Payload is called Auxiliary.
• Used for scanning, fuzzing, and some automated tasks.
• Makes use of mixins.
• To run type in Run.

ENCODERS
• To evade anti-viruses encoders are used.
• Payload’s are encrypted

NOPS
• Mainly used to keep the size of the payload consistent.
• Having 10 nops.

SCANNING USING METASPLOIT
• Discovery Through Vulnerability Scanning
Vulnerability scanning will allow you to quickly scan a target IP range looking for
known vulnerabilities, giving a penetration tester a quick idea of what attacks might
be worth conducting.
• Port Scanning:
A port scan is a series of messages sent by someone attempting to break into a
computer to learn which computer network services, each associated with a “well-
known” port number, the computer provides. Port scanning, a favorite approach of
computer cracker, gives the assailant an idea where to probe for weaknesses.

HOW A DISCOVERY SCAN WORKS
A discovery scan can be divided into four distinct phases:
• Ping scan - determines if the hosts are online
• Port scan - identify the ports that are open and the services are available on
those ports
• OS and version detection - detects the service version numbers and operating
system based on how the system responds to the probes
• Data import - collects all the data and creates a report and imports the data into
the project

EXPLOITATION
An exploit is the use of software, data, or commands to “exploit” a
weakness in a computer system or program to carry out some
of malicious intent, such as a denial-of-service attack, Trojan
worms or viruses. The weakness in the system can be a bug, a
or simply a design vulnerability. The process is known as
exploitation.
The following are
the five steps in the
exploitation process:
scanning
the target
selecting an
exploit
selecting a
payload
encoding
the exploit
launching
the attack

• Scanning the target
To scan the target, we use port scanning and vulnerability scanning techniques in
which we perform scanning by using different tools like nmap, nessus and etc.
• Selecting the exploit
This process includes the selection of exploit.
• Selecting the payload
Payloads are the commands the attacker runs upon a successful completion of their
exploit.
• Encoding the exploit
Encoding in Metasploit is how the exploit and payload are packaged together, and is
often done automatically, via the set commands.
Launching the attack
Once all the settings have been set, the attacker simply calls an exploit.

EXPLOITING VULNERABILITIES:
Metasploit offers a
couple different
methods you can use to
perform exploitation:
Auto-exploitation.
Manual exploitation.
Auto-Exploitation:
The auto-exploitation feature
cross-references open services,
vulnerability references, and
fingerprints to find matching
exploits. The simple goal of
auto-exploitation is to get a
session as quickly as possible
by leveraging the data that
Metasploit has for the target
hosts.
Manual Exploitation:
Manual exploitation
provides a more targeted
and methodical approach
exploiting vulnerabilities.
This method is particularly
useful if there is a specific
vulnerability that you want
to exploit.

Payload Type: Specifies the type of payload that the exploit will deliver to the target.
Choose one of the following payload types:
• Command: A command execution payload that enables you to execute
commands on the remote machine.
• Meterpreter: An advanced payload that provides a command line that enables
you to deliver commands and inject extensions on the fly.

Connection Type: Specifies how you want your Metasploit instance to connect to the
target. Choose one of the following connection types:
• Auto: Automatically uses a bind connection when NAT is detected; otherwise, a
reverse connection is used.
• Bind: Uses a bind connection, which is useful when the targets are behind a
firewall or a NAT gateway.
• Reverse: Uses a reverse connection, which is useful if your system is unable to
initiate connections to the targets.

• LHOST: Defines the address for the local host.
• LPORT: Defines the ports that you want to use for reverse connections.
• RHOST: Defines the target address.
• RPORT: Defines the remote port you want to attack.
• Target Settings: Specifies the target operating system and version.
• Exploit Timeout: Defines the timeout in minutes.

POST EXPLOITATION
• Post exploitation is an important process in a penetration test as it allows the
attacker to gather information from the system that he has exploited. A lot of
penetration testers are using the Metasploit framework modules for system
exploitation. However, Metasploit provides and modules for post exploitation
activities for a variety of systems.
• Margate's to another process which has admin privileges and then completes the
task.

• Using this meterpreter we can perform different tasks by getting the privileges
of the victim
• Can grab a screen shot’s, keylogging by loading and much more with
-Espia
-Incognito
-Pivot
-Sniffer
-Priv
-Stdapi (By Default)

• What else we can do in post exploitation?
Let’s list some of them,
-Keylogging
-Screen shots
-view live screen
-access webcam
-take control of keyboard and mouse
-del user
-pivort
-vm detection and many more..

• Advantages
Open source
Frequently updated
• Disadvantages
Difficult to learn
Can crash your system if not used wisely
Requires deep knowledge for exploit development

IT IS USEFUL
FOR
 Future penetration testers
 Vulnerability assessment personnel
 Security Engineers
 Security Researchers
 Auditors
 Programmers
 Any IT professional who has to test regularly to maintain compliance requirements
 Any IT professional who runs scheduled testing of security infrastructure as a best practice

SUMMARY
• Metasploit is very easy to use, and very powerful
• Web interface allows the scans to be run from any system, on any operating
system
• Evidence may or may not be left behind on the system
• IDS/IPS will sense these exploits
• Only contains old & well known exploits

NOTE
• Never misuse it your personal purpose
• Use it wisely
• Understand the modules before using
• Test it using virtual machines

REFERENCE
• https://resources.infosecinstitute.com
• https://www.offensive-security.com/metasploit-unleashed/
• https://www.cybrary.it/course/metasploit/

Metasploit

More Related Content

What's hot

Similar to Metasploit

Recently uploaded

Metasploit

Editor's Notes