Scribd
Upload
105 views7 pages

Metasploit Tutorial Part 1: Inside The Metasploit Framework: You Can Read The, On Searchsecurity - in

This document provides an overview of the Metasploit framework and covers basic information gathering, vulnerability scanning, and exploitation techniques using Metasploit. It explains how Metasploit can be used to integrate with tools like Nmap, Nessus, and databases to identify vulnerabilities and exploits. The document walks through an example of exploiting a Windows XP system vulnerable to an RPC DCOM vulnerability to add a new user.

Uploaded by

programe info
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
105 views7 pages

Metasploit Tutorial Part 1: Inside The Metasploit Framework: You Can Read The, On Searchsecurity - in

This document provides an overview of the Metasploit framework and covers basic information gathering, vulnerability scanning, and exploitation techniques using Metasploit. It explains how Metasploit can be used to integrate with tools like Nmap, Nessus, and databases to identify vulnerabilities and exploits. The document walks through an example of exploiting a Windows XP system vulnerable to an RPC DCOM vulnerability to add a new user.

Uploaded by

programe info
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

P a g e |1

Metasploit tutorial part 1: Inside the Metasploit framework


Karthik R, Contributor

You can read the original story here, on SearchSecurity.in.

The Metasploit Framework (Msf) is a free, open source penetration testing solution developed
by the open source community and Rapid7. This Metasploit tutorial covers the basic structure
of Metasploit and different techniques of information gathering and vulnerability scans using
this tool. Metasploit eliminates the need for writing of individual exploits, thus saving
considerable time and effort.

The use of Metasploit ranges from defending your own systems by breaking into them, to
learning about vulnerabilities that pose a real risk. Download Metasploit from
http://www.metasploit.com to maximize the learning from this metasploit tutorial.

Figure 1. Metasploit architecture (Courtesy Rapid7)

http://searchsecurity.techtarget.in/tip/Metasploit-tutorial-part-1-Inside-the-Metasploit-framework
P a g e |2

After installation, it is easy to figure out the file


Useful terminology: system and libraries, as the naming convention
used is self-explanatory and intuitive. Metasploit
Vulnerability: A weakness in the is based on scripting language, so the script
target system, through which
folder contains meterpreter and other scripts
penetration can successfully occur.
required by the framework. Metasploit offers a
Exploit: Once a vulnerability is known, GUI version, as well as a command line version.
an attacker takes advantage of it, and All features are accessible via the command line
breaks into the system using a utility, but some users might prefer the GUI.
code/script known as an exploit.
Getting started
Payload: This is a set of tasks initiated
by the attacker subsequent to an To kick off this Metasploit tutorial, let us skim
exploit, in order to maintain access to through basic footprinting and vulnerability
the compromised system.
scanning using this tool, before getting into
basic exploitation.

Metasploit has good provisions for information gathering and vulnerability scanning, due to its
integration with the dradis framework and configuration with various database drivers such as
mysql, sqlite and postgresql. This is detailed in Figure 2.

Figure 2. Database configuration in MSF3 console on Backtrack4

http://searchsecurity.techtarget.in/tip/Metasploit-tutorial-part-1-Inside-the-Metasploit-framework
P a g e |3

Figure 3. Using Nmap within Msf console, in Backtrack4

The Nmap command can be used to perform service scans and information gathering using
Msf3 as shown in Figure 3. Nmap can be replaced with the db_nmap command in order to
connect to the database and store the information.

Next in this Metasploit tutorial comes vulnerability assessment, using the bridge between
Nessus and Msf3 in Backtrack. For a new scan with Nessus, use the nessus_scan_new command
in the console.

Before doing this, as seen in Figure 4, nessus_connect is used to connect to the nessus server
running, once the credentials have been saved post-setup.

http://searchsecurity.techtarget.in/tip/Metasploit-tutorial-part-1-Inside-the-Metasploit-framework
P a g e |4

Figure 4. Using Nessus bridge with Metasploit, in Backtrack4

The next step in this Metasploit tutorial gets into actual exploitations using Metasploit. Let us
attempt to exploit a system on Windows XP with RPC DCOM vulnerability with an attacker
system running Metasploit. The lab setup includes a Windows XP attacker system with
Metasploit framework installed and a Windows XP vulnerable system, both on VMware.

The command “search dcom” seen on the console will list out all the exploits available with
pattern dcom. We are interested in the result displayed as “Microsoft RPC DCOM Interface
overflow.”

Next, in the console type >> “use windows/dcerpc/ms03_026_dcom” followed by >> “show
options”

Figure 5: Metasploit console

http://searchsecurity.techtarget.in/tip/Metasploit-tutorial-part-1-Inside-the-Metasploit-framework
P a g e |5

Figure 6. Options available in the RPC DCOM exploit

Then use the following command to set the target as well as the payload.

>> set RHOST 192.168.1.2

Figure 7. Console after setting payload, showing the required module and payload details

http://searchsecurity.techtarget.in/tip/Metasploit-tutorial-part-1-Inside-the-Metasploit-framework
P a g e |6

This sets up our target system’s IP address where we would like to perform this attack. The next
command is:

>>set PAYLOAD windows/adduser

Figure 8.Executing the exploit

This payload adds a new user account to a Windows machine vulnerable to this exploit. This
Metasploit tutorial shows only one payload in action here; you can try out various other
payloads available here.

In console the type>> exploit

Figure 9. A new user “metasploit” is created

http://searchsecurity.techtarget.in/tip/Metasploit-tutorial-part-1-Inside-the-Metasploit-framework
P a g e |7

No session is created in this exploit; only a new user is added to the target system. The target
system has not had a remote crash, because the exploits here are tested to ensure that no
crash occurs. Now, check if the new user “metasploit” is created in the target system.

In the first part of this Metasploit tutorial, the above exploit is applicable during that phase of
pen testing when a user needs to be created to gain access to the target system and escalate
privileges.

Author’s note: This Metasploit tutorial series starts from the basics and gradually moves on to
advanced topics such as evading antivirus software with the Metasploit Framework. The
information herein draws from “Metasploit Unleashed” (http://www.offensive-security.com)
and select video clips from Vivek Ramachandra, the founder of SecurityTube.

About the author: Karthik R is a member of the NULL community. Karthik


completed his training for EC-council CEH in December 2010, and is at
present pursuing his final year of B.Tech in Information Technology, from
National Institute of Technology, Surathkal. Karthik can be contacted on
[email protected]. He blogs
at http://www.epsilonlambda.wordpress.co

You can subscribe to our twitter feed at @SearchSecIN. You can read the
original story here, on SearchSecurity.in.

http://searchsecurity.techtarget.in/tip/Metasploit-tutorial-part-1-Inside-the-Metasploit-framework

You might also like