METASPLOIT BASICS REVIEW


The majority of the following basic terms are defined in the context of Metasploit, but they are generally the same throughout the security industry


MSFconsole
Msfconsole is by far the most popular part of the Metasploit Framework, and for good reason. It is one of the most flexible, feature-rich, and well supported tools within the Framework. Msfconsole provides a handy all-in-one interface to almost every option and setting available in the Framework; it’s like a one-stop shop for all of your exploitation dreams. You can use msfconsole  to do everything, including launching an exploit, loading auxiliary modules, performing enumeration, creating listeners, or running mass exploitation against an entire network.
Starting MSFconsole
To launch msfconsole, enter msfconsole at the command line:
root@upnextskills:/# cd /opt/framework3/msf3/
root@upnextskills:/opt/framework/msf3# msfconsole
< metasploit >
------------------
     \     ,__,
       \ (oo)____
         (__)        )\
                ||---||   *
msf >

MSFcli

Msfcli and msfconsole take very different approaches to providing access to the Framework. Where msfconsole provides an interactive way to access all features in a user-friendly manner, msfcli puts the priority on scripting and interpretability with other console-based tools. Instead of providing a unique interpreter to the Framework, msfcli runs directly from the command line, which allows you to redirect output from other tools into msfcli and direct msfcli output to other command-line tools. Msfcli also supports the launching of exploits and auxiliary modules, and it can be convenient when testing modules or developing new exploits for the Framework. It is a fantastic tool for unique exploitation when you know exactly which exploit and options you need. It is less forgiving than msfconsole, but it offers some basic help (including usage and a list of modes) with the command msfcli -h, as shown here:
root@upnextskills:/opt/framework3/msf3# msfcli -h
Usage: /opt/framework3/msf3/msfcli <exploit_name> <option=value> [mode]


Armitage

The armitage component of Metasploit is a fully interactive graphical user interface created by Raphael Mudge. This interface is highly impressive, feature rich, and available for free. We won’t be covering armitage in depth, but it is definitely worth mentioning as something to explore. Our goal is to teach the ins and outs of Metasploit, and the GUI is awesome once you understand how the Framework actually operates.
Running Armitage
To launch armitage, run the command armitage. During startup, select Start MSF, which will allow armitage to connect to your Metasploit instance.

root@upnextskills:/opt/framework3/msf3#
armitag


Metasploit Utilities
Having covered Metasploit’s three main interfaces, it’s time to cover a few utilities. Metasploit’s utilities are direct interfaces to particular features of the Framework that can be useful in specific situations, especially in exploit development. We will cover some of the more approachable utilities here

MSFencode

The shellcode generated by msfpayload is fully functional, but it contains several null characters that, when interpreted by many programs, signify the end of a string, and this will cause the code to terminate before completion. In other words, those x00s and xffs can break your payload!
     In addition, shellcode traversing a network in cleartext is likely to be picked up by intrusion detection systems (IDSs) and antivirus software. To address this problem, Metasploit’s developers offer
msfencode, which helps you to avoid bad characters and evade antivirus and IDSs by encoding the original payload in a way that does not include

root@upnextskills:~# msfencode -l

MSFpayload
The msfpayload component of Metasploit allows you to generate shellcode, executables, and much more for use in exploits outside of the Framework. Shellcode can be generated in many formats including C, Ruby, JavaScript, and even Visual Basic for Applications. Each output format will be useful in various situations. For example, if you are working with a Python-based proof of concept, C-style output might be best; if you are working on a browser exploit, a JavaScript output format might be best. After you have your desired output, you can easily insert the payload directly into an HTML file to trigger the exploit. To see which options the utility takes, enter msfpayload -h at the command line, as shown here:

root@upnextskills:/# msfpayload -h

Nasm Shell
The nasm_shell.rb utility can be handy when you’re trying to make sense of assembly code, especially if, during exploit development, you need to identify the opcodes (the assembly instructions) for a given assembly command. For example, here we run the tool and request the opcodes for the jmpesp command, which nasm_shell tells us is FFE4.

root@upnextskills:/opt/framework3/msf3/tools# ./nasm_shell.rb

Exploit
An exploit is the means by which an attacker, or pen tester for that matter, takes advantage of a flaw within a system, an application, or a service. An attacker uses an exploit to attack a system in a way that results in a particular desired outcome that the developer never intended. Common exploits include buffer overflows, web application vulnerabilities (such as SQL injection), and configuration errors.

Payload

A payload is code that we want the system to execute and that is to be selected and delivered by the Framework. For example, a reverse shell is a payload that creates a connection from the target machine back to the attacker as a Windows command prompt (see Chapter 5), whereas a bind shell is a payload that “binds” a command prompt to a listening port on the target machine, which the attacker can then connect. A payload could also be something as simple as a few commands to be executed on the target operating system.

Shellcode

Shellcode is a set of instructions used as a payload when exploitation occurs. Shellcode is typically written in assembly language. In most cases, a command shell or a Meterpreter shell will be provided after the series of instructions have been performed by the target machine, hence the name.

Module

A module in the context of this book is a piece of software that can be used by the Metasploit Framework. At times, you may require the use of an exploit module, a software component that conducts the attack. Other times, an auxiliary module may be required to perform an action such as scanning or system enumeration. These interchangeable modules are the core of what makes the Framework so powerful.

Listener

A listener is a component within Metasploit that waits for an incoming connection of some sort. For example, after the target machine has been exploited, it may call the attacking machine over the Internet. The listener handles that connection, waiting on the attacking machine to be contacted by the exploited system.

SPECIAL OFFER
The Social Engineer's Playbook: A Practical Guide to Pretexting
The Social Engineer's Playbook is a practical guide to pretexting and a collection of social engineering pretexts for Hackers, Social Engineers and Security Analysts. Build effective social engineering plans using the techniques, tools and expert guidance in this book. Learn valuable elicitation techniques, such as: Bracketing, Artificial Ignorance, Flattery, Sounding Board and others.
This book covers an introduction to tools, such as: Maltego, Social Engineer Toolkit, Dradis, Metasploit and Kali Linux among others. Crucial to any social engineering test is the information used to build it. Discover the most valuable sources of intel and how to put them to use. Check the link below

No comments

Upnextskills
Powered by Blogger.