Metasploit Framework Kali Linux Tool – Tutorial 101

Introduction to Metasploit

Metasploit is the most widely open-source exploitation framework in ethical hacking that has been pre-installed in Kali Linux. Metasploit is a Strong powerful tool that supports all phases of a penetration testing engagement, from information gathering to post-exploitation.

The Metasploit Framework has a set of tools that allow information gathering, scanning, exploitation, exploit development, post-exploitation, and more. It is very useful for vulnerability research and exploit development with the main focus on penetration testing.

The main components of the Metasploit Framework are;

  1. msfconsole: The main command-line interface.
  2. Modules: such as exploits, scanners, payloads, etc.
  3. Tools: Tools that will help vulnerability research, vulnerability assessment, or penetration testing. Some of these tools are msfvenom, pattern_create and pattern_offset.

Main Components of Metasploit

It might be beneficial to define a few terms, like as vulnerability, exploit, and payload, before delving into the modules.

  1. Exploit: An exploit is a piece of code that takes advantage of Vulnerability in the target system.
  2. Vulnerability: A defect in the target system’s logic, design, or coding. When a vulnerability is exploited, private data may be revealed or the attacker may be able to run code on the target system.
  3. Payload: An exploit will take advantage of a vulnerability. Nevertheless, a payload is required if we want the exploit to achieve our desired outcome (gaining access to the target machine, reading private data, etc.). The code that will execute on the intended system is called a payload.

Also Check : Hydra Bruteforce Kali Linux Tool – Tutorial 101

Auxiliary

Any supporting module, such as scanners, crawlers, and fuzzers, can be found here.

root@kali:/opt/metasploit-framework/embedded/framework/modules# tree -L 1 auxiliary/
auxiliary/
├── admin
├── analyze
├── bnat
├── client
├── cloud
├── crawler
├── docx
├── dos
├── example.py
├── example.rb
├── fileformat
├── fuzzers
├── gather
├── parser
├── pdf
├── scanner
├── server
├── sniffer
├── spoof
├── sqli
├── voip
└── vsploit

20 directories, 2 files

Encoders

Encoders will allow you to encode the exploit and payload in the hope that a signature-based antivirus solution may miss them.

Signature-based antivirus and security solutions have a database of known threats. They detect threats by comparing suspicious files to this database and raise an alert if there is a match. Thus encoders can have a limited success rate as antivirus solutions can perform additional checks.

root@kali:/opt/metasploit-framework/embedded/framework/modules# tree -L 1 encoders/
encoders/
├── cmd
├── generic
├── mipsbe
├── mipsle
├── php
├── ppc
├── ruby
├── sparc
├── x64
└── x86

10 directories, 0 files

Evasion

While encoders will encode the payload, they should not be considered a direct attempt to evade antivirus software. On the other hand, “evasion” modules will try that, with more or less success.

root@kali:/opt/metasploit-framework/embedded/framework/modules# tree -L 2 evasion/
evasion/
└── windows
    ├── applocker_evasion_install_util.rb
    ├── applocker_evasion_msbuild.rb
    ├── applocker_evasion_presentationhost.rb
    ├── applocker_evasion_regasm_regsvcs.rb
    ├── applocker_evasion_workflow_compiler.rb
    ├── process_herpaderping.rb
    ├── syscall_inject.rb
    ├── windows_defender_exe.rb
    └── windows_defender_js_hta.rb

1 directory, 9 files

Exploits

Exploits are neatly organized by the target system.

root@kali:/opt/metasploit-framework/embedded/framework/modules# tree -L 1 exploits/
exploits/
├── aix
├── android
├── apple_ios
├── bsd
├── bsdi
├── dialup
├── example_linux_priv_esc.rb
├── example.py
├── example.rb
├── example_webapp.rb
├── firefox
├── freebsd
├── hpux
├── irix
├── linux
├── mainframe
├── multi
├── netware
├── openbsd
├── osx
├── qnx
├── solaris
├── unix
└── windows

20 directories, 4 files

NOPs

NOPs (No OPeration) do nothing, literally. They are represented in the Intel x86 CPU family they are represented with 0x90, following which the CPU will do nothing for one cycle. They are often used as a buffer to achieve consistent payload sizes.

root@kali:/opt/metasploit-framework/embedded/framework/modules# tree -L 1 nops/
nops/
├── aarch64
├── armle
├── cmd
├── mipsbe
├── php
├── ppc
├── sparc
├── tty
├── x64
└── x86

10 directories, 0 files

Payloads

Payloads are codes that will run on the target system.

Exploits will leverage a vulnerability in the target system, but to achieve the desired result, we will need a payload. Examples could be; getting a shell, loading malware or a backdoor to the target system, running a command, or launching calc.exe as a proof of concept to add to the penetration test report. Starting the calculator on the target system remotely by launching the calc.exe application is a benign way to show that we can run commands on the target system.

Running a command on the target system is already an important step but having an interactive connection that allows you to type commands that will be executed on the target system is better. Such an interactive command line is called a “shell”. Metasploit offers the ability to send different payloads that can open shells on the target system.

root@kali:/opt/metasploit-framework/embedded/framework/modules# tree -L 1 payloads/
payloads/
├── adapters
├── singles
├── stagers
└── stages

4 directories, 0 files

You will see four different directories under payloads: adapters, singles, stagers, and stages.

  1. Adapters: An adapter wraps single payloads to convert them into different formats. For example, a normal single payload can be wrapped inside a Powershell adapter, which will make a single Powershell command that will execute the payload.
  2. Singles: Self-contained payloads (add user, launch notepad.exe, etc.) that do not need to download an additional component to run.
  3. Stagers: Responsible for setting up a connection channel between Metasploit and the target system. Useful when working with staged payloads. “Staged payloads” will first upload a stager on the target system and then download the rest of the payload (stage). This provides some advantages as the initial size of the payload will be relatively small compared to the full payload sent at once.
  4. Stages: Downloaded by the stager. This will allow you to use larger-sized payloads.

Metasploit has a subtle way to help you identify single (also called “inline”) payloads and staged payloads.

  • generic/shell_reverse_tcp
  • Windows/x64/shell/reverse_tcp

Both are reverse Windows shells. The former is an inline (or single) payload, as indicated by the “_” between “shell” and “reverse”. While the latter is a staged payload, as indicated by the “/” between “shell” and “reverse”.

POST

Post modules will be useful in the final stage of the penetration testing process listed above, post-exploitation,

root@kali:/opt/metasploit-framework/embedded/framework/modules# tree -L 1 post/
post/
├── aix
├── android
├── apple_ios
├── bsd
├── firefox
├── hardware
├── linux
├── multi
├── networking
├── osx
├── solaris
└── windows

12 directories, 0 files

Soon we will launch a more advanced article regarding the Metasploit framework.

error: Content is protected !!