Introduction to the
Metasploit is an open source security vulnerability detection tool that comes with hundreds of known software vulnerabilities and keeps them updated frequently. A powerful penetration testing framework dubbed by the security community as “capable of hacking the entire universe.”
Metasploit website: www.metasploit.com/
Metasploit Github repository: github.com/rapid7/meta…
Brief introduction to frameworks and related terms:
Vulnerability: A Vulnerability in an operating system, an application, or even a network protocol that allows an attacker to exploit or compromise the security of a system.
Exploit: Attacking code or program that allows an attacker to Exploit a vulnerable system and compromise its security. Each vulnerability has its own program for exploiting it. Metasploit had more than 1,700 exploits.
Payload: indicates the attack Payload. Used primarily to establish a direct connection between an attacker and a victim’s machine, Metasploit has more than 500 payloads.
Module: A Module is a complete component, each Module performs a specific task, and runs through several modules as a unit. The advantage of this architecture is that you can easily integrate your own applications and tools into the framework.
Method of use
Msfconsole is arguably the most popular interface in MSF. Many people are frightened when they first encounter MSFConsole. There are so many complex commands to learn, but MSfconsole is a really powerful interface program. Msfconsole provides an all-in-one centralized console. Msfconsole allows you to access and use all metasploit plug-ins, payloads, utilization modules, post modules, and so on. Msfconsole also has interfaces for third-party programs, such as NMAP, SQLMap, etc., which can be directly used in Msfconsole.
You can type msfconsole in the command line window and press enter. This opens the MSfconsole. The system files and user files for Msfconsole are in /usr/share/metasploit-framework/.
msf5 > help Core Commands ============= Command Description ------- ----------- ? Help menu banner Display an awesome metasploit banner cd Change the current working directory color Toggle color connect Communicate with a host exit Exit the console get Gets the value of a context-specific variable getg Gets the value of a global variable grep Grep the output of another command help Help menu history Show command history load Load a framework plugin quit Exit the console repeat Repeat a list of commands route Route traffic through a session save Saves the active datastores sessions Dump session listings and display information about sessions set Sets a context-specific variable to a value setg Sets a global variable to a value sleep Do nothing for the specified number of seconds spool Write console output into a file as well the screen threads View and manipulate background threads tips Show a list of useful productivity tips unload Unload a framework plugin unset Unsets one or more context-specific variables unsetg Unsets one or more global variables version Show the framework and console library version numbers Module Commands =============== Command Description ------- ----------- advanced Displays advanced options for one or more modules back Move back from the current context clearm Clear the module stack info Displays information about one or more modules listm List the module stack loadpath Searches for and loads modules from a path options Displays global options or for one or more modules popm Pops the latest module off the stack and makes it active previous Sets the previously loaded module as the current module pushm Pushes the active or list of modules onto the module stack reload_all Reloads all modules from all defined module paths search Searches module names and descriptions show Displays modules of a given type, or all modules use Interact with a module by name or search term/index Job Commands ============ Command Description ------- ----------- handler Start a payload handler as job jobs Displays and manages jobs kill Kill a job rename_job Rename a job Database Backend Commands ========================= Command Description ------- ----------- analyze Analyze database information about a specific address or address range db_connect Connect to an existing data service db_disconnect Disconnect from the current data service db_export Export a file containing the contents of the database db_import Import a scan result file (filetype will be auto-detected) db_nmap Executes nmap and records the output automatically db_rebuild_cache Rebuilds the database-stored module cache (deprecated) db_remove Remove the saved data service entry db_save Save the current data service connection as the default to reconnect on startup db_status Show the current data service status hosts List all hosts in the database loot List all loot in the database notes List all notes in the database services List all services in the database vulns List all vulnerabilities in the database workspace Switch between database workspacesCopy the codeThe search parameters
When you use MsfConsole, you use various bug modules, various plugins, etc. So the search command is important.
Check the help information for Search first
msf5 > search -h
Usage: search [<options>] [<keywords>:<value>]
Prepending a value with '-' will exclude any matching results.
If no options or keywords are provided, cached results are displayed.
OPTIONS:
-h Show this help information
-o <file> Send output to a file in csv format
-S <string> Regex pattern used to filter search results
-u Use module if there is one result
Keywords:
aka : Modules with a matching AKA (also-known-as) name
author : Modules written by this author
arch : Modules affecting this architecture
bid : Modules with a matching Bugtraq ID
cve : Modules with a matching CVE ID
edb : Modules with a matching Exploit-DB ID
check : Modules that support the 'check' method
date : Modules with a matching disclosure date
description : Modules with a matching description
fullname : Modules with a matching full name
mod_time : Modules with a matching modification date
name : Modules with a matching descriptive name
path : Modules with a matching path
platform : Modules affecting this platform
port : Modules with a matching port
rank : Modules with a matching rank (Can be descriptive (ex: 'good') or numeric with comparison operators (ex: 'gte400'))
ref : Modules with a matching ref
reference : Modules with a matching reference
target : Modules affecting this target
type : Modules of a specific type (exploit, payload, auxiliary, encoder, evasion, post, or nop)
Examples:
search cve:2009 type:exploit
search cve:2009 type:exploit platform:-linux
Copy the codeLook by name
Find a vulnerability whose name contains mysql
msf5 > search name:sql
Copy the code
Find by module
There are only three modules available on Metasploit:
-
The first is the exploit module, that is, the exploit module, which contains the mainstream exploit script, usually to exploit some possible targets of vulnerabilities. Naming rule: Operating system/application protocol classification.
-
The second is the Auxiliary module, the auxiliary module, which AIDS penetration (port scanning, login password blasting, vulnerability verification, etc.).
-
The third is post module, the module of post-penetration stage. After the exploitation of the vulnerability succeeds in obtaining the Meterpreter, some functional instructions are sent to the target, such as: gain power, etc.
search name:mysql type:exploit
Copy the code
Using a module
Once the module is found by search, use can be used to use the module
Info Displays module information
After using a module, you can use set to set the module parameters
Rhosts is to set the attack target, threads is to set the number of threads
Use info again to view the information
You can also use show options to view the parameters we set
Run Module
Run -j allows the process to run in the background
Jobs Checks background processes and kills them with kill
Setg is a little bit like set, but it’s a global variable set. Set it once and save it, so you don’t have to set the vulnerability module again.
Unset Unsetg Unset global parameter
Back Deselect the module
The connect parameter is used to remotely connect to a host. Generally used for Intranet penetration. The parameter is usually an IP address plus a port number.
Edit Uses Vim to edit the current module
Exit is the command to exit the MSfconsole. You can exit msfConsole completely and return to the Linux terminal interface.
Shell commands can still be executed from msfconsole
Reference documentation
Metasploit msfconsole Command parameters
Metasploit introduction and use