Moment For Technology

Metasploit Penetration Framework for network security personnel must know! | August more challenges

Posted on Dec. 3, 2022, 7:53 a.m. by Ryan Holder
Category: The back-end Tag: linux The back-end

Introduction to the

Metasploit is an open source security vulnerability detection tool that comes with hundreds of known software vulnerabilities and keeps them updated frequently. A powerful penetration testing framework dubbed by the security community as "capable of hacking the entire universe."

Metasploit website: www.metasploit.com/

Metasploit Github repository: github.com/rapid7/meta...

Brief introduction to frameworks and related terms:

Vulnerability: A Vulnerability in an operating system, an application, or even a network protocol that allows an attacker to exploit or compromise the security of a system.

Exploit: Attacking code or program that allows an attacker to Exploit a vulnerable system and compromise its security. Each vulnerability has its own program for exploiting it. Metasploit had more than 1,700 exploits.

Payload: indicates the attack Payload. Used primarily to establish a direct connection between an attacker and a victim's machine, Metasploit has more than 500 payloads.

Module: A Module is a complete component, each Module performs a specific task, and runs through several modules as a unit. The advantage of this architecture is that you can easily integrate your own applications and tools into the framework.

Method of use

Msfconsole is arguably the most popular interface in MSF. Many people are frightened when they first encounter MSFConsole. There are so many complex commands to learn, but MSfconsole is a really powerful interface program. Msfconsole provides an all-in-one centralized console. Msfconsole allows you to access and use all metasploit plug-ins, payloads, utilization modules, post modules, and so on. Msfconsole also has interfaces for third-party programs, such as NMAP, SQLMap, etc., which can be directly used in Msfconsole.

You can type msfconsole in the command line window and press enter. This opens the MSfconsole. The system files and user files for Msfconsole are in /usr/share/metasploit-framework/.

msf5  help Core Commands ============= Command Description ------- ----------- ? Help menu banner Display an awesome metasploit banner cd Change the current working directory color Toggle color connect  Communicate with a host exit Exit the console get Gets the value of a context-specific variable getg Gets the value of a global variable grep Grep the output of another command help Help menu history Show command history load Load a framework plugin quit Exit the console repeat Repeat a list of commands route Route traffic through a session save Saves  the active datastores sessions Dump session listings and display information about sessions set Sets a context-specific  variable to a value setg Sets a global variable to a value sleep Do nothing for the specified number of seconds spool Write console output into a file as well the screen threads View and manipulate background threads tips Show a list of useful productivity tips unload Unload a framework plugin unset Unsets one or more context-specific variables unsetg Unsets one or more global variables version Show the framework and console library version numbers Module Commands =============== Command Description ------- ----------- advanced Displays advanced options for one or more modules back Move back from the current context clearm Clear the module stack info Displays information about one or more modules listm List the module stack loadpath Searches for and loads modules from a path options Displays global options or for one or more modules popm Pops the latest module off the stack and makes it active previous Sets the previously loaded module as the current module pushm Pushes the active or list of modules onto the module stack reload_all Reloads all modules from all defined module paths search Searches module names and descriptions show Displays modules of a given type, or all modules use Interact with a module by name or search term/index Job Commands ============ Command Description ------- ----------- handler Start a payload handler as job jobs Displays and manages jobs kill Kill a job rename_job Rename a job Database Backend Commands ========================= Command Description ------- ----------- analyze Analyze  database information about a specific address or address range db_connect Connect to an existing data service db_disconnect Disconnect from the current data service db_export Export a file containing the contents of the database db_import Import a scan result file (filetype will be auto-detected) db_nmap Executes nmap and records the output automatically db_rebuild_cache Rebuilds the database-stored module cache (deprecated) db_remove Remove the saved data service entry db_save Save the current data service connection as the default to reconnect on startup db_status Show the  current data service status hosts List all hosts in the database loot List all loot in the database notes List all notes in the database services List all services in the database vulns List all vulnerabilities in the database workspace Switch between database workspacesCopy the code

The search parameters

When you use MsfConsole, you use various bug modules, various plugins, etc. So the search command is important.

Check the help information for Search first

msf5  search -h
Usage: search [options] [keywords:value]
​
Prepending a value with '-' will exclude any matching results.
If no options or keywords are provided, cached results are displayed.
​
OPTIONS:
  -h                Show this help information
  -o file         Send output to a file in csv format
  -S string       Regex pattern used to filter search results
  -u                Use module if there is one result
​
Keywords:
  aka         :  Modules with a matching AKA (also-known-as) name
  author      :  Modules written by this author
  arch        :  Modules affecting this architecture
  bid         :  Modules with a matching Bugtraq ID
  cve         :  Modules with a matching CVE ID
  edb         :  Modules with a matching Exploit-DB ID
  check       :  Modules that support the 'check' method
  date        :  Modules with a matching disclosure date
  description :  Modules with a matching description
  fullname    :  Modules with a matching full name
  mod_time    :  Modules with a matching modification date
  name        :  Modules with a matching descriptive name
  path        :  Modules with a matching path
  platform    :  Modules affecting this platform
  port        :  Modules with a matching port
  rank        :  Modules with a matching rank (Can be descriptive (ex: 'good') or numeric with comparison operators (ex: 'gte400'))
  ref         :  Modules with a matching ref
  reference   :  Modules with a matching reference
  target      :  Modules affecting this target
  type        :  Modules of a specific type (exploit, payload, auxiliary, encoder, evasion, post, or nop)
​
Examples:
  search cve:2009 type:exploit
  search cve:2009 type:exploit platform:-linux
​
Copy the code

Look by name

Find a vulnerability whose name contains mysql

msf5  search name:sql 
Copy the code

Find by module

There are only three modules available on Metasploit:

  • The first is the exploit module, that is, the exploit module, which contains the mainstream exploit script, usually to exploit some possible targets of vulnerabilities. Naming rule: Operating system/application protocol classification.

  • The second is the Auxiliary module, the auxiliary module, which AIDS penetration (port scanning, login password blasting, vulnerability verification, etc.).

  • The third is post module, the module of post-penetration stage. After the exploitation of the vulnerability succeeds in obtaining the Meterpreter, some functional instructions are sent to the target, such as: gain power, etc.

search name:mysql type:exploit
Copy the code

Using a module

Once the module is found by search, use can be used to use the module

Info Displays module information

After using a module, you can use set to set the module parameters

Rhosts is to set the attack target, threads is to set the number of threads

Use info again to view the information

You can also use show options to view the parameters we set

Run Module

Run -j allows the process to run in the background

Jobs Checks background processes and kills them with kill

Setg is a little bit like set, but it's a global variable set. Set it once and save it, so you don't have to set the vulnerability module again.

Unset Unsetg Unset global parameter

Back Deselect the module

The connect parameter is used to remotely connect to a host. Generally used for Intranet penetration. The parameter is usually an IP address plus a port number.

Edit Uses Vim to edit the current module

Exit is the command to exit the MSfconsole. You can exit msfConsole completely and return to the Linux terminal interface.

Shell commands can still be executed from msfconsole

Reference documentation

Metasploit msfconsole Command parameters

Metasploit introduction and use

Search
About
mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.