Metasploit Framework: The favorite tool of hackers

The Metasploit Project is a project ς υπολογιστών που παρέχει πληροφορίες για ευπάθειες και τα βοηθήματα για πλήρη penetration testing. Είναι ένα εργαλείο που χρησιμοποιείται από and security experts for post exploitation.

With the help of Metasploit Project, you can hack any Windows / Linux / Mac operating system that has built-in payloads and exploits, where you can also update by running the msfupdate command.

Metasploit interfaces

There are several interfaces for Metasploit. The most popular are maintained by Rapid7 and Strategic Cyber ​​LLC.

1) Metasploit Framework Edition

The free . Περιέχει μια εμφάνιση γραμμής εντολών, εισ third party, manual exploitation and manual brute forcing.

2) Metasploit Community Edition

In October 2011, Rapid7 released Metasploit Community Edition, a free που βασίζεται στον ιστό για το Metasploit. Το Metasploit Community Edition βασίζεται στην εμπορική λειτουργικότητα των εκδόσεων επί πληρωμή, με μειωμένο σύνολο χαρακτηριστικών, όπως ανακάλυψη δικτύου, περιήγηση λειτουργικών μονάδων και μη αυτόματο exploitation. Το Metasploit Community Edition περιλαμβάνεται στο κύριο πρόγραμμα εγκατάστασης.

3) Metasploit Express

In April 2010, Rapid7 released Metasploit Express, an open commercial version for security teams that need to verify vulnerabilities. It offers a graphical user interface, integrates nmap for discovery of needs and adds intelligent bruteforcing as well as automated evidence .

4) Metasploit Pro

In October 2010, Rapid7 added Metasploit Pro, an open version of Metasploit for pentest testing. Metasploit Pro complements Metasploit Express with features such as Quick Start Wizards / MetaModules, creating and managing social engineering campaigns, web application testing, advanced Pro Console, dynamic payloads to prevent viruses, integration with Nexpose for ad-hoc vulnerability scanning, and VPN pivoting.

5) Armitage

Armitage is a graphical attack management tool for Metasploit that displays targets and suggests exploits. It is a free open source network security tool, which is notable for its contribution to red teamers, allowing shared sessions, data and communication through a single Metasploit session.

6) Cobalt Strike

Cobalt Strike is a collection of threat simulation tools provided by Strategic Cyber ​​LLC in partnership with the Metasploit Framework. Cobalt Strike includes all the features of Armitage and adds useful tools for after exploitation and also has the option to create reports.

HOW TO USE METASPLOIT

First of all, start the metasploit service

Mandate:

applications> kali linux> system services> metasploit> start

or

metasploit start

Run msfconsole

just type msfconsole in your terminal

Mandate:

sudo msfconsole

What is msfconsole?

Msfconsole is the main metasploit interface. There are GUI (armitage) interfaces and a web interface (websploit). With msfconsole, you can start exploitation, create listeners, configure payloads, etc.

Metasploit has a built-in . Type help to get a basic list of commands if you want to check which commands you can use. Just type help ή ?

Example::

msf> help

Core Commands
=============

Command Description
————- ————–

  • ? Help menu
  • advanced Displays advanced options for one or more modules
  • back Move back from the current context
  • banner Display an awesome metasploit banner
  • cd Change the current working directory
  • color Toggle color
  • connect Communicate with a host
  • edit Edit the current module with $ VISUAL or $ EDITOR
  • exit Exit the console
  • get Gets the value of a context-specific variable
  • getg Gets the value of a global variable
  • grep Grep the output of another command
  • help Help menu
  • info Displays information about one or more modules
  • irb Drop into irb scripting mode
  • jobs Displays and manages jobs
  • kill Kill a job
  • load Load a framework plugin
  • loadpath Searches for and loads modules from a path
  • makerc Save commands entered since start to a file
  • options Displays global options or for one or more modules
  • pushm Pushes the active or of modules onto the module stack
  • quit Exit the console
  • reload_all Reloads all modules from all defined module paths
  • rename_job Rename a job
  • resource Run the commands stored in a file
  • route Route traffic through a session
  • save Saves the active datastores
  • search Searches module names and descriptions
  • sessions Dump session listings and display information about sessions
  • set Sets a context-specific variable to a value
  • setg Sets a global variable to a value
  • show Displays modules of a given type, or all modules
  • sleep Do nothing for the specified number of seconds
  • spool Write console output into a file as well the screen
  • threads View and manipulate background threads
  • unload Unload a framework plugin
  • unset Unsets one or more context-specific variables
  • unsetg Unsets one or more global variables
  • use Selects a module by name
  • version Show the framework and console library version numbers

Database Backend Commands
=========================

Command Description
————- ————–

  • creds List all credentials in the database
  • db_connect Connect to an existing database
  • db_disconnect Disconnect from the current database instance
  • db_export Export a file containing the contents of the database
  • db_nmap Executes nmap and records the output automatically
  • db_rebuild_cache Rebuilds the database-stored module cache
  • db_status Show the current database status
  • hosts List all hosts in the database
  • loot List all loot in the database
  • notes List all notes in the database
  • services List all services in the database
  • vulns List all vulnerabilities in the database
  • workspace Switch between database workspaces

msf>

Choose a vulnerability and use an exploit

Once you know what the remote host system is (nmap, lynix, maltego, wp-scan, etc.), you can select an exploit from Metasploit for testing. Rapid7 has an easy way to find exploits.

There is also a way to search through msfconsole for various exploits:

Example:

  • search type: exploit
  • search name: xxxx
  • search CVE-xxx-xxx
  • search CV:

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).