0% found this document useful (0 votes)
123 views11 pages

Metasploit Framework v3 Basics

The document discusses the new architecture of Metasploit Framework v3.0 which features multithreading allowing for multiple concurrent exploits and sessions, a rewrite of all exploit modules, and the introduction of plugins like the msfd plugin that allows for multi-user access to a single Metasploit instance by connecting clients to a listening daemon. It then demonstrates how to use various reconnaissance modules, exploits, payloads, and the new Meterpreter shell in Metasploit v3.0 as well as some future goals for the framework.

Uploaded by

phanikuamr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
123 views11 pages

Metasploit Framework v3 Basics

The document discusses the new architecture of Metasploit Framework v3.0 which features multithreading allowing for multiple concurrent exploits and sessions, a rewrite of all exploit modules, and the introduction of plugins like the msfd plugin that allows for multi-user access to a single Metasploit instance by connecting clients to a listening daemon. It then demonstrates how to use various reconnaissance modules, exploits, payloads, and the new Meterpreter shell in Metasploit v3.0 as well as some future goals for the framework.

Uploaded by

phanikuamr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

Metasploit Framework v3.

The new MSF 3.0 Architecture

MSF 3.0 Architecture

Multitasking through Ruby threads


. Share single instance with many users
. Great for team-based penetration testing
. Multi-user plugin is only ~20 lines of code :-)

Concurrent exploits and sessions


. Support for passive exploits and recon mods
. Multiple payload sessions open at once
. Suspend and restore payload sessions
. Share payload sessions with other users
. Handle multi-victim exploits :-)

Rewrite of all exploit modules


. Massive number of bug fixes
. Improved randomness, use of Mixins

Exploit module structure


. Single exploit can target many platforms
. Simplified the meta-information fields
. Mixins can also modify exploit behavior
. Target brute forcing
. Passive exploits
MSF Plug-ins
Msfd plugin
“This plugin provides an msf daemon interface that spawns a listener on a defined port (default
55554) and gives each connecting client its own console interface. These consoles all share the
same framework instance. Be aware that the console instance that spawns on the port is entirely
unauthenticated, so realize that you have been warned.”

Loading the msfd plugin and connecting to the daemon

The default is to set up a listener on 127.0.0.1, that won’t do ☺ change the default
hostname to the IP of the box running msfd in plugins/msfd.rb and connect to it that way
# The default local hostname that the server listens on.
#
DefaultHost = "192.168.0.105"
Connecting to the msfd daemon on an IP
To unload the plugin, just type unload “plugin name”

Unloading the plugin


Recon Modules

UDP Sweep

Using the sweep_udp recon module

SMB Version

Using the SMB version recon module

Using the Metasploit v3 console

MSF 3 console
Show exploits

Output of the show exploits command

Selecting an exploit and showing the options

Selecting the exploit and showing the options


Showing the available payloads

Listing the available payloads

Select your payload and target

Selecting the payload and the target (automatic)

Launch the exploit

Launching the exploit


Using the MSF v3 Meterpreter
The Meterpreter help menu and options

Meterpreter help menu

Downloading a file from the remote host

Downloading a file from a remote host

Reading a file on the remote host

Reading a file on the remote host using cat


Executing a command

Starting a hidden cmd.exe and interacting with it

Loading the “priv” extension

Loading the “priv” extension

The priv extension help menu

The priv extension help menu

Using the priv extension


The priv module allows us to dump the SAM hashes and use the timestomp command.

Hashdump command
Output of the hashdump command

Timestomp Command

Output of the timestomp help menu

Output on the timestomp command with various options


Process Migration
You can hide MSF in another process by either migrating to an existing process or by
starting a normal process like calc.exe and migrating to it.

Getting the current PID and creating another process (calc.exe)

Migrating the meterpreter process to the process we created

In the Future for MSF


Turning Metasploit into Nessus
. Database backend provides “KB” function
. Auxiliary modules for assessment/discovery
. Event coordinator for triggering modules
. Report generator uses the database

Creating a professional mass-rooter


. Auxiliary modules perform discovery
. Exploit modules perform vuln checks
. Plugins automate exploitation
. Plugins automate post-exploitation
. Dump XML reports via ActiveRecord

Resources
“Metasploit completes license change, updates framework”
http://searchsecurity.techtarget.com/columnItem/0,294698,sid14_gci1210976,00.html

You might also like