Lab 11.1 Metasploit Notes - Zacham17/my-tech-journal GitHub Wiki

SEC 335 : Metasploit

Metasploit Notes

  • Metasploit is a tool that can be used to exploit vulnerabilities using exploit files. Usually, parameters are entered for a chosen exploit. It is a quick and easy way to exploit vulnerabilities on systems.

Usage

  • To open the Metasploit framework console, the command msfconsole can be used.
  • While in the console, the use command can be used to select an exploit
    • EX: use exploit/multi/http/apache_mod_cgi_bin_env_exec
    • Note: Exploits can be found in /usr/share/metasploit-framework/modules/
  • Once an exploit file has been selected, the show options command can be used to show what options can be altered.
  • Some example commands that may be available are:
    • RHOST : Specifies the address of the target(remote) host
    • LHOST : Specifies the address of the local host
    • TARGETURI : Specifies the URI being targeted
    • LPORT : Specifies the listening port on the local hosts
    • USER : Specifies the a username to use for the attack
    • PASSWORD : Specifies the a password to use for the attack
  • Options are set using the set command. Ex: set RHOST 10.0.5.28
  • To execute an exploit, use the command exploit
  • Note: Running metasploit sessions can be seen using the sessions -i command

Payloads

  • A payload is what metasploit uses to achieve an attack. For example, I used the meterpreter payload when exploiting cupcake and nancurnir, which provided an interactive reverse shell.
    • SIDE NOTE: A command to use in a reverse shell is python -c 'import pty; pty.spawn("/bin/bash")'. This command gives a more user-friendly shell
  • Different payloads have different purposes.
  • Available payloads can be shown using the show payloads command

Reflection

I thought this activity was a good introduction to metasploit. I think metasploit is very easy to use, and I found that I didn’t need much instruction on how to use it. I also found that metasploit exploits can also be found online for downloading and usage, which I utilized to the nancurnir exploit. I like how metasploit is like a “fill in the blank” exploit, meaning you just give it parameters that will be used for the exploit.