MetaSPLOIT BASICS

Friday, 1 May 2015


                           METASPLOIT

>Metasploit Framework is an open source project created by HD Moore in 2003  acquired by Rapid 7 LLC on October 21,2009.
>Which includes hundreds of exploits and payloads.
>It is considered one of the best penetration tools with support for vulnerability assessment using Nessus and other famous tools.
>Its written in Ruby....
>Metasploit supports all platforms including Windows, Linux and MAC Os

*************
use nmap in metassploit => NMAP in metasploit click on me :)

METERPRETER BASICS => LEARN how to use METERORETER Click on me :)

Connect to me =>  FACEBOOK ID

connect me on => LINKEDIN
***************************************

Metsaploit Framework these
> MsfGUI
> Msfcli
> Msfweb
> Metasploit Pro
> Armitage

The library architecture in Metasploit is as follows:

> Rex: This is the basic library used is Metasploit for various protocols, transformations and socket handling. It supports SSL, SMB, HTTP, XOR, BASE64, and random text...

>Msf :: Core: This library defines the framework and provides the basic application interface for Metasploit.

>Msf::Base
This library proviedes a simplified and friendly applcation interface for the the Metasploit Framework

*) cd /opt/metasploit/msf3 to enter the metasploit framework directory -> ls

> The important directories listed are
data
external
tools
plugins
scripts

cd data/ => contains meterpreter exploits wordlists templates & many more

cd meterpreter/ => .dll files (.dll files as well as other interesting things, which are typically required to enable the Meterpreter Functionality called post exploitation.)

> wordlist directory -> directory in the data directory. This directory contains the list of usernames and paswords for different services such as HTTP, Oracle, Postgres, VNC, SNMP and more.

> To update the metasploit -> msfupdate

Exploits 

An exploit is a computer program that takes advantage of a particular vulnerability
> cd /opt/metaspoit/msf3/modules/exploits -> ls -> cd windows (going into windows) -> ls
so view the code of any exploit we type -> cat <exploitname> -> cat ms08_067_netapi.rb

Auxiliary
Auxiliary are exploits without payload.

> There are different types of auxiliary modules such as
scanner for protocols
Networks protocol fuzzers
Port scanner modules
wireless
Denial service modules
Server modules
Administrative access exploits and so on.

**) ls -> ftp -> cat <modules name> to see the exploit

PAYLOADSA payload is a piece of software that runs after a system is compromised. The payload us typically attached to and delivered with an exploit

*) 3 different types of payloads
> Singles
> Stagers
> Stages

Stages : The main role of stages payload is that they use tiny stager to fit into small exploitation spaces. During exploitation, an exploit developer has a very limited amount of memory that he can play with. The stagers use this space and their work is to pull down the rest of the stages payload.
Stages are the type of payload that are downloaded and executed by the stagers payload such as Meterpreter, VNC server and so on.

Singles : Singles are self contained payloads for a specific tasl such as creating a user, binding a shell, and so on.

Stagers :  The stagers use the space and their work is to pull down the rest of the stages payload.
Stagers are payloads that makes a connection between the attacker ad the victim machine.
Example
If i want to inject a meterpreter payload we cannot fit the entire Meterpreter DLL into one payload, so the entire process is broken up into two parts. The first is the smaller payload  called stagers. After the stagers are executed they make a network connection between the attacker and the victim.
Over this network connection a larger payload is delivered to the victim machine and this larger payload is known as stages.


> Payloads are categorized according to OS such as AIX, BSD, Windows, Linux and so on.

EXPLOITATION

Exploitation refers to the ar of compromising a computer system. The basics of computer exploitation involves a deep understanding of the vulnerabilities and payloads.
An exploit is a piece of well-written code, compiled and executed on a trageted system, which may compromise that system.

An exploit usually targets a known vulnerability, a flaw in a service or a poorly written code.

BASIC TERMS OF EXPLOITATION

> Vulnerability : A vulnerability is a security hole in software or hardware, which allows an attacker to copromisea system. A vulnerability can be as simple as a weak password or as complex as a Denial of Service attack

> Exploit : An exploit refers to a well known security flaw or bug with which  a hacer gains entery intoa system. An exploit is the actual code with at attacker takes advantage of a particualar vulnerability.

> Payload : Once an exploit exectes on the vulnerable system and the system has been compromised, the payload enables us to control the system. The payload is typically attached to the exploit and delivered.

> Shellcode : This is a set of instructions usually used as a payload when the exploitation occurs.

> Listener : A listener works as component waiting for an incoming connection.

======================
KEEP safe ur ANDROID => CLICK ON me ;)
10 PROXY Websites => Click on me :))
=============================================

The Biggest question of how exploitation actually works ?????

Heres' the SECRETS FINALLY REVEALED

An attacker basically sends an exploits with an attached payload to the vulnerable system.
The exploit runs first and if it succeeds, the actual code of the payload runs.
After the payloads runs, the attacker gets fully privileged access to the vulnerable system, and then he may download data upload malware, virus, backdoors or whatever he wants.

How to compromising a system

Step 1 : Scan the IP Address to find
                           open ports -> operating system -> services
Step 2 : Identifying a vulnerable service and finding an exploit in Metasploit for that particular service.

Step 3 : Is the exploit is not available in Metasploit :: go for through the internet databases such as
>> www.securityfocus.com
>> www.exploitdb.com
>> www.1337day.com

Step 4 : After successfully finding an exploit

Step 5 : we launch exploit and compormise the system.


Tools used

> Port scanning are Nmap (Network Mapper),Autoscan, Unicorn Scan and so on.

Syntax for nmap
  nmap -v -n ip address

-v verbose -> to get verbose output
-n -> parameter to disable reverse DNS resolutions

Syntax for intense scan by nmap
  nmap -T4 -A -v ip address

====================
NMAP tutorials => Click on me :)
Recover JPEG FILES => CLick on me :))
==================================================

After gathering information -> opne msfconsole -> search dcom (it searches all of the windows RPC Related exploits in its database.........

Searching for an exploit in Metasploit through the
syntax
search <servie name> command
© Pprasoon nigam
Note : if the exploit is not available in Metasploit, then we have to search the Internet exploit database for that particular exploit.

>> How to search for an exploit on these online services
open this website => www.1337day.com
  Search for exploits on the Windows RPC service
find the exploit and save it

Now we exploit the target machine

as we know that scanned the IP address and found all the ports
and exploit one those ports

launch the terminal -> type gcc <exploit name with path > -o <exploitname>
for example
gcc dcom.c -o dcom

./<filename>

use exploit/windows/smb/ms08_067_netapi (in msf console) and press enter

then show options
RHOST (remote host)

set RHOST ip address

exploit

MORE metasploit BASICS and HACKING => METERPRETER => Meterpreter Click on me :)

0 comments: