Howto use Metasploit Framework

*****ALREADY IN PROGRESS******

What is Metasploit Framework

Metasploit Framework is an powerful open-source utility that allows administrators to detect leaks in there networks.

A program that exploits a security problem and implements its own code is usually referred to as an exploit.

A successful attack over a buffer overflow also requires a lot of tedious work. The developer has to experiment with jump addresses, find space for the payload containing the code to be encoded, and then create it in the memory of the attacked system.

But even with minor changes to the target system, the code worked out no longer works. For example, it is rare for a developer to find a “universal” storage address in different versions of Windows, where he can place his shell code and execute it through buffer overflow. As a result, every platform on which a certain security gap occurs is started from the beginning.


**Architecture of the framework**

The lower picture shows the schematic architecture of the framework. The modular design facilitates the expansion and adaptation of the framework according to the respective requirements, since the already existing functionalities can easily be reused. The individual components are briefly explained below.


Ruby Extension Library (REX)

The Ruby Extension Library is the basic component of the framework. It contains A variety of classes that can be used by the underlying layers or directly by other tools. The functions provided by the library include, for example, server and client programs of various network protocols.

MSF-Core

The framework core provides functions for event handling and session management, providing important functions for handling the framework.

MSF-Base

The framework allows for easier access to the core and forms the interface to the outside. The user interfaces directly access this library. The plug-in function of Metasploit is worth mentioning, which allows a flexible extension of the framework by adding new commands to the existing components.


**Modules**

The structure of the framework functions in modules allows a clear handling of the program as module names are also reflected in the folder structure of the program.


Exploits

This module contains programs and scripts designed to exploit vulnerabilities.

Payloads

Payloads are provided here, which can be used after a successful exploit on the target system. The payload is the actual malicious code that runs on the target.

Encoders and NOPs

In order to make the payload of IDS/IPS1 systems or antivirus programs more difficult, these modules offer functions for obfuscating the payload in Networks.

Auxiliary

The Auxiliary Module provides various scanning programs for information retrieval. These include loginscanner, weak-point scanner, networksniffer and port scanner.


Start Metasploit

Use the msfconsole command to start the program from the Linux shell. Start with:

  • msfconsole

If you get ERRORS, follow the next steps

  1. ERROR MESSAGE:
    git-compat-util.h:280:25: fatal error: openssl/ssl.h ...
    • sudo apt-get install libssl-dev
  2. ERROR MESSAGE:
    "A database appears to be already configured, skipping initialization"
    I run msfconsole but then the connection error shows up:
    "Failed to connect to the database: could not connect to server:
    Connection refused Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432?
    could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) 
    and accepting TCP/IP connections on port 5432?"
    • Run following steps:
grep "port =" /etc/postgresql/9.6/main/postgresql.conf
  • If you don't see 5432 as the port, change it. If your is 5433 you can run this line to update:
sed -i 's/\(port = \)5433/\15432/' /etc/postgresql/9.6/main/postgresql.conf
  • Restart the postgresql service
service postgresql restart
  • Re-initialite the metasploit database
msfdb reinit
  1. ERROR MESSAGE:
  • fatal: Not a git repository (or any of the parent directories): .git
  • Now you have to add the git repository. Don't worry, it will take a while
  • git clone git://github.com/gitster/git
  • Second step
  • cd git
  • Third step
  • make
  • Fourth step
  • make install
  • Sixth step
  • git init
  1. If you type help show or help search you will get a big list of comments you NEED!


**Identify a remote host**

Please note the correct writing.

  • db_nmap -v -sV host_or_network_to_scan

This is a way to get an list of hosts on your network. List of all available port scanners:

  • search port-scan

Lists all found hosts:

  • hosts

Add these hosts to the list of remote targets:

  • hosts -R

**Gain vulnerability, use an exploit**

Once you know what your remote hosts system is with (nmap, lynix, maltego, wp-scan, etc) you can pick an exploit and test it. There is also a way to search within msfconsole for various exploits:

  • search type:exploit
    search CVE-XXXX-XXXX
    search cve:2009
    search platform:aix

Have a look at metasploit unleashed for more examples of the search command!

From this point on, the available options change based on the exploit you are using, but you can get a list of the available options with:

  • show payloads

Now you get a big list of payloads

Bevore you can show a list of the available targets, you have to select an exploit module, and then:

  • show targets