Book Image

The Complete Metasploit Guide

By : Sagar Rahalkar, Nipun Jaswal
Book Image

The Complete Metasploit Guide

By: Sagar Rahalkar, Nipun Jaswal

Overview of this book

Most businesses today are driven by their IT infrastructure, and the tiniest crack in this IT network can bring down the entire business. Metasploit is a pentesting network that can validate your system by performing elaborate penetration tests using the Metasploit Framework to secure your infrastructure. This Learning Path introduces you to the basic functionalities and applications of Metasploit. Throughout this book, you’ll learn different techniques for programming Metasploit modules to validate services such as databases, fingerprinting, and scanning. You’ll get to grips with post exploitation and write quick scripts to gather information from exploited systems. As you progress, you’ll delve into real-world scenarios where performing penetration tests are a challenge. With the help of these case studies, you’ll explore client-side attacks using Metasploit and a variety of scripts built on the Metasploit Framework. By the end of this Learning Path, you’ll have the skills required to identify system vulnerabilities by using thorough testing. This Learning Path includes content from the following Packt products: Metasploit for Beginners by Sagar Rahalkar Mastering Metasploit - Third Edition by Nipun Jaswal
Table of Contents (28 chapters)
Title Page

When to use Metasploit?

There are literally tons of tools available for performing various tasks related to penetration testing. However, most of the tools serve only one unique purpose. Unlike these tools, Metasploit is the one that can perform multiple tasks throughout the penetration testing life cycle. Before we check the exact use of Metasploit in penetration testing, let's have a brief overview of various phases of penetration testing. The following diagram shows the typical phases of the penetration testing life cycle:

Phases of penetration testing life cycle
  1. Information Gathering: Though the Information Gathering phase may look very trivial, it is one of the most important phases for the success of a penetration testing project. The more you know about your target, the more the chances are that you find the right vulnerabilities and exploits to work for you. Hence, it's worth investing substantial time and efforts in gathering as much information as possible about the target under the scope. Information gathering can be of two types, as follows:
    • Passive information gathering: Passive information gathering involves collecting information about the target through publicly available sources such as social media and search engines. No direct contact with the target is made.
    • Active information gathering: Active information gathering involves the use of specialized tools such as port scanners to gain information about the target system. It involves making direct contact with the target system, hence there could be a possibility of the information gathering attempt getting noticed by the firewall, IDS, or IPS in the target network.
  2. Enumeration: Using active and/or passive information gathering techniques, one can have a preliminary overview of the target system/network. Moving further, enumeration allows us to know what the exact services running on the target system (including types and versions) are and other information such as users, shares, and DNS entries. Enumeration prepares a clearer blueprint of the target we are trying to penetrate.
  3. Gaining Access: Based on the target blueprint that we obtained from the information gathering and enumeration phase, it's now time to exploit the vulnerabilities in the target system and gain access. Gaining access to this target system involves exploiting one or many of the vulnerabilities found during earlier stages and possibly bypassing the security controls deployed in the target system (such as antivirus, firewall, IDS, and IPS).
  4. Privilege Escalation: Quite often, exploiting a vulnerability on the target gives limited access to the system. However, we would want complete root/administrator level access into the target in order to gain most out of our exercise. This can be achieved using various techniques to escalate privileges of the existing user. Once successful, we can have full control over the system with highest privileges and can possibly infiltrate deeper into the target.

 

  1. Maintaining Access: So far, it has taken a lot of effort to gain a root/administrator level access into our target system. Now, what if the administrator of the target system restarts the system? All our hard work will be in vain. In order to avoid this, we need to make a provision for persistent access into the target system so that any restarts of the target system won't affect our access.
  2. Covering Tracks: While we have really worked hard to exploit vulnerabilities, escalate privileges, and make our access persistent, it's quite possible that our activities could have triggered an alarm on the security systems of the target system. The incident response team may already be in action, tracing all the evidence that may lead back to us. Based on the agreed penetration testing contract terms, we need to clear all the tools, exploits, and backdoors that we uploaded on the target during the compromise.

Interestingly enough, Metasploit literally helps us in all penetration testing stages listed previously.

The following table lists various Metasploit components and modules that can be used across all stages of penetration testing:

Sr. No.
Penetration testing phase
Use of Metasploit
1 Information Gathering Auxiliary modules: portscan/syn, portscan/tcp, smb_version, db_nmap, scanner/ftp/ftp_version, and gather/shodan_search
2 Enumeration smb/smb_enumshares, smb/smb_enumusers, and smb/smb_login
3 Gaining Access All Metasploit exploits and payloads
4 Privilege Escalation meterpreter-use priv and meterpreter-getsystem
5 Maintaining Access meterpreter - run persistence
6 Covering Tracks Metasploit Anti-Forensics Project

 

We'll gradually cover all previous components and modules as we progress through the book.