Thursday, June 28, 2018

What Is Metasploit?



GENERAL INFORMATION

Metasploit is a free tool that has built in exploits which aids in gaining remote access to a system by exploiting a vulnerability in that server.

msfconsole                           Launch program
version                                 Display current version
msfupdate                           Pull the weekly update
makerc<FILE.rc>              Saves recent commands to file
msfconsole -r <FILE.rc>   Loads a resource file

EXECUTING AN EXPLOIT

use <MODULE>                      Set the exploit to use
set payload <PAYLOAD>        Set the payload
show options                              Show all options
set <OPTION> <SETTING>   Set a setting
exploit or run                             Execute the exploit

SESSION HANDLING

sessions -l                 List all sessions
sessions -i <ID>       Interact/attach to session
background or ^Z  Detach from session

USING THE DB

The DB saves data found during exploitation. Auxiliary scan results, hashdumps, and credentials show up in the DB.

FIRST TIME SETUP

Run from linux command line.

service postgresq1 start  Start DB
msfdb init                         Init the DB
db_status                          Should say connected
hosts                                  Show host in DB
services                             Show ports in DB
vulns                                 Show all vulns found

FINDING AN EXPLOIT TO USE

Do information gathering with db_nmap and auxiliary modules. Aux mods have numerous scanners, gatherers, fuzzers, and tools that you to scan a CIDR block or single IP and will save the results in DB.

db_nmap -sS -A 192.168.1.100                       Do port scan and OS fingerprint then add to DB.
show auxiliary                                                  Show all auxiliary modules.
use auxiliary/scanner/smb/smb_version        Detect the smb version in use
use auxiliary/scanner/ftp/anonymous            Scan for anonymous FTP server

Once information gathering is on the host, look at what services or OS the host is running and do a search for that term.

search <TERM>  Search all exploits, payloads and auxiliary modules.     
show exploits       Show all exploits.
show payloads     Show all payloads.

WORKSPACES 

Each workspace is like its own database. Create a new one to have a fresh DB.

workspace -h   Help
workspace       List
workspace -a   Add
workspace -d  Delete
workspace -r   Rename

METERPRETER COMMANDS

sysinfo                    Show system info
ps                            Show running process
kill <PID>              Terminate a process
getuid                     Show your user ID
upload/download  Upload/download a file
pwd/lpwd              Print working directory
cd/lcd                     Change Directory
cat                          Show contents of a file
edit <FILE>          Edit a file
shell                       Drop into a shell
migrate <PID>     Switch to another process
hashdumps           Show all pw hashes
idletime                Display idle time of user
screenshot            Take a screenshot


ESCALATE PRIVILEGES

use priv     Load the script
getsystem  Elevate your privs
getprivs     Elevate your privs


TOKEN STEALING

use incognito                                              Load the script
list_tokens -u                                              Show all tokens
impersonate_token  DOMAIN\\USER    Use token
drop_token                                                 Stop using token

ENABLE PORT FORWARDING

This opens port 3388 locally which forward all traffic to 3389 on remote host:
meterpreter> portfwd [ADD|DELETE] -L <LHOST> -l 3388 -r <RHOST> -p 3389

Pivot through a session by adding a route within msf it all you to exploit or scan adjacent hosts.

No comments:

Post a Comment