Ethical Hacking Metasploit - Ethical Hacking

What is Metasploit?

One of the most powerful exploit tools is Metasploit. The link to find the resources of Metasploit is https://www.metasploit.com. Two versions of Metasploit are available free edition and commercial. Mostly free edition is used in this tutorial, as there is not much difference between the two versions.

Metasplit can be easily installed as a separate tool on systems which run on Linux, Windows or Mac OS X.

To install Metasploit some of the hardware required are −

  • 2 GHz+ processor
  • 1 GB RAM available
  • 1 GB+ available disk space

Matasploit can be used either with command prompt or with Web UI.

To open in Kali, go to Applications → Exploitation Tools → metasploit.

Exploitation Tools

After Metasploit starts, the screen appears as follows, red underline highlighted is the version of Metasploit.

Highlighted Metasploit

What are the Exploits of Metasploit?

From Vulnerability Scanner, it is identified that the machine used of testing is vulnerable to FTP service. To use the exploit that works, the command is:

The screen appears as -

Exploit Path

Then type mfs> show options to check for the parameters to be set to make functional. RHOST is set as the “target IP”.

Show Options

Type msf> set RHOST 192.168.1.101 and msf>set RPORT 21

Set Report

Then, type mfs>run. If the exploit is successful, then it will open one session that can be interacted with, as shown in the following screenshot.

Open Session

What is Metasploit Payloads?

The scripts that hackers use to interact with hacked system are payloads. Payloads are used by hackers to transfer data to a victim system.

Metasploit payloads can be of three types −

  • Singles − Singles are very small and designed to create some kind of communication, then move to the next stage. For example, just creating a user.
  • Staged − It is a payload that an attacker can use to upload a bigger file onto a victim system.
  • Stages − Stages are payload components that are downloaded by Stagers modules. The various payload stages provide advanced features with no size limits such as Meterpreter and VNC Injection.

Payload Usage − Example

The command show payloads is used. With this exploit, the payloads that are used can be seen and the payloads that help to upload files on a victim system can also be seen.

Payload

Payload Usage

The command used to set the payload desired is:

Set the listen host and listen port (LHOST, LPORT) which are the attacker IP and port. Then set remote host and port (RPORT, LHOST) which are the victim IP and port.

Victim IP

Type “exploit”. A session as shown below is created−

Create Session

Now one can play with the system according to the settings that this payload offers.

All rights reserved © 2020 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

Ethical Hacking Topics