Take a refresher on how to use Metasploit, and use it to obtain a shell on the Metasploitable server.
- [Voiceover] Metasploit includes a database…of testing modules, assembly and encoding capabilities…to manipulate exploit and payload code,…and the Meterpreter, a payload which provides…a powerful remote shell.…We can see that it has 1593 exploits in its database,…as well as a number of other modules.…The first Metasploit command I'll enter is help.…This shows all the commands that we can issue…when using Metasploit.…The first part of the list contains the core commands,…and the second, the database backend commands.…
I can issue the command show exploits,…which lists the exploits in the Metasploit database.…The exploit name appears at the left of this list,…and at the right is the disclosure date,…the effectiveness of the exploit,…and the description of what the exploit achieves.…I can be more selective and use the search command.…I'll type help search to see how to do this.…Let's look for a Windows 8 exploit.…I'll enter search win8.…Here we can see the exploits listed for Windows 8.…
There's only one, the 2012 ikeext_service exploit.…
Note: Learning about ethical hacking for exploits is part of the Malware competency from the Certified Ethical Hacker (CEH) body of knowledge.
- Writing assembler programs
- Using debugging programs
- Controlling flow
- Executing code from the data section
- Ethical attacking to identify vulnerabilities
- State-sponsored attacks
- Using Metasploit
- Adding new exploits to Metasploit
- Using Armitage