JUST FOLLOW MY STEPS AND YOU'RE THERE.
NOTE: This is for Education Purpose only.
Step 1Open a Terminal & Find the Directory
In each of my previous tutorials, we've started from the interactive mode of Metasploit (the msfconsole). This time, however, let's go to the Metasploit directory directly so that we can explore its structure. We can get there by typing:
bt > cd /pentest/exploits/framework
Step 2Look Around Inside the Framework
Now that we're in the Metasploit Framework directory, let's take a look around. First, let's do a listing on this directory.
If you look to the top of this long listing, you will see a directory called armitage. This is a GUI for driving Metasploit that we'll return to in another tutorial.
Let's now explore the Metasploit modules. These are the blood and guts of Metasploit. We have, for instance, used "exploit" modules and "payload" modules. This is where they reside. Type in:
cd modules ls -l
As you can see from the screenshot above, Metasploit contains multiple modules. These include:
auxiliary
encoders
exploits
nops (no operations)
payloads
post (post exploitation)
These are the key modules in Metasploit, and as you've already guessed, we haven't even begun to explore the auxiliary, nops, and post exploitation modules, although we have used the exploits, payloads, and encoders.
Step 4Open the Exploits Module & Look Around
The module we're probably most familiar with are the exploits. This is the module that contains the exploits that take advantage of a vulnerability in an application or an operating system, which enables us to place our payload on the victim. Let's look inside. Type:
cd exploits ls -l
The exploits module is broken into sub-directories that are specific to the operating system we're attempting to exploit. For instance, you can see at the top the directory, aix, (IBM's proprietary UNIX operating system) exploits. As we scan down, we can see exploit directories for:
freebsd
hpux
irix
linux
netware
osx
solaris
unix
windows
If you have done any of my Metasploit tutorials and hacks, you've likely used exploits in the windows exploits directory. Let's look around there. Type:
cd windows ls -l
Now, we can see that the windows exploits are broken down into types of windows exploits. It's important to note that exploits are very specific. Not only are they operating system specific, but also application or service specific, port specific, and sometimes even language specific. Recently, we looked at exploiting the Internet Explorer in Windows 7. Let's see if we can find it in the browser directory. Type:
cd browser ls -l
As you can see in the above screenshot, our ms10_046_shortcut_icon_dllloader exploit is highlighted.
If we wanted to, for instance, find an exploit in this directory to hack Adobe products from the browser, we could useour Linux skills and "grep" for it. Type:ls -l | grep adobe
When we hit enter, the terminal filters (grep) the output and shows us only the windows browser exploits that take advantage of Adobe products.
Step 5Explore the Payloads Module
Next, let's navigate to the payloads directory. Type:
cd /pentest/exploits/framework/modules/payloads
Then we can do a long listing on that directory by typing:
ls -l
We can see that payloads are broken down by types.
singles
stagers
stages
Let's open up singles to look around. Type:
cd singles
Once again, we can see that the Metasploit Framework categorizes the payloads by operating system. Let's move to the generic directory and see whether we can find the generic shell_reverse_tcp payload that we used to get a command prompt when hacking Windows XP. Type:
cd generic ls -l
As you can see in this screenshot, I have highlighted the generic reverse tcp shell that we used earlier.
Comments
Post a Comment