Welcome back, my dear hackers!
With this guide, I start a new series focused on Metasploit. The first part will cover the basics of Metasploit for those who are new to using it. In other words, this will be a quick lesson about using the most powerful hacking platform ever invented on planet Earth.
Information about Metasploit and its installation
Metasploit was developed by HD Moore as an open source project in 2003. Originally written in Perl, Metasploit was completely rewritten in Ruby in 2007. In 2009, it was acquired by Rapid7, a company that deals with IT security, which produced the Nexpose vulnerability scanner.
For those who use Windows, you can download it from the Rapid7 website, but it is not recommended to run it on Windows, because many of its functions will not work properly, and the future hacks I prepare for you through Metasploit, won’t work on Windows.
Methods of using Metasploit
Metasploit can be accessed and used in multiple ways. The most common method, which I also use, is the Metasploit interactive console. This is enabled by the msfconsole command in the terminal. Of course, there are other methods.
If we want to use Metasploit with a GUI (graphical user interface), we have several options at hand. Raphael Mudge developed Armitage (probably inspired by the main character of the SF novel, Neuromancer – a novel recommended to all hackers who love SF).
To start Armitage, we type the following command:
kali > service start postgresql
kali > service start metasploit
kali > service stop metasploit
Armitage is a GUI that works in a client / server architecture. We start Metasploit as a server, and Armitage becomes the client, which gives us full access to Metasploit functions through a GUI. If you really need such an interface, I do not discourage you from using Armitage, but a respected hacker will use the terminal.
Metasploit has six different types of modules. These are:
Payloads – represents the code we leave in the system we entered. These include shells, Meterpreter, etc.
Exploits – take advantage of the vulnerability in the system. These are specific to the operating system and often, updates, services, ports and applications. They are classified according to the operating system, so a Windows exploit will not work on a Linux operating system, or vice versa.
Post –these are the modules that allow us to exploit the system once again.
Nops – is the abbreviation for No OPerationS. It means “do nothing.” We can see the nops modules using the show command.
msf > show nops
Auxiliary – includes many modules that do not fit into the other categories. Denial of service attacks, scanners and much more. I will post an article dedicated to them.
Encoders – are modules that allow us to encrypt payloads in different ways to avoid certain security devices. We can see the encodings by typing:
msf > show encoders
As we can see, there are many encodings built into Metasploit. One of my favorites is shikata_ga_nai, which allows us to use the XOR payload, which helps us make it undetectable for AV software, as well as others.
Since Metasploit 4 was released, Metasploit has added search capabilities. Previously, we had to use msfcli and grep to find the modules we were looking for, but now Rapid7 has added the search keyword and features.
For example, we can say what type of module we are looking for only with the following command:
msf > search type:exploit
When we do that, Metasploit shows us over a thousand results. It doesn’t help us much.
For example, if we want to attack a system that uses Soalris, we will have to give another search command, only for Solaris exploits. To do this, we can use the platform keyword.
msf > search type:exploit platform:solaris
Now, we’ve narrowed down the search to only these exploits, which will work against the Solaris operating system.
To further reduce the search, let’s say we want to attack Solaris RPC (sunrpc) and we want to see only those exploits that attack a particular service. We can add the keyword “sunrpc” to our search, as we did below:
msf > search type:exploit platform:solaris sunrpc
As you can see, these narrows are resulted down to just five exploit modules! As you can see, the search is reduced again to just a few modules.
Metasploit has many abilities, not yet exploited by many of us. So, I will continue the Metasploit series to show you the hacks from the simplest to the most complex. Don’t forget to return to the Blackweb, to unravel the secrets of hacking.