Lab 6

Using Metasploit to find weaknesses and penetrate systems

Goal

The goal of this lab is to learn how to use the Metasploit framework (built into Kali) to find and utilize exploits to penetrate and control another system. We will be using "Metaploitable 2", a version of Linux with many known security gaps, as our primary target system as we learn how to use Metasploit. Note that the tools we use here are REAL, and can, in theory, be used against ANY system you encounter. You must ONLY scan and penetrate systems you either have as VM's on your computer, or other systems you have been given specific permission to access. Using these tools against other systems is illegal, can get you arrested, and will earn you a "F" in this course at the very least.

Metasploit Overview

The Metasploit Framework, MSF is a framework, a collection of programs and tools for penetration testing networks. Metasploit has a collection of exploits, payloads, libraries and interfaces that can be used to exploit computers. You can find a great description of the architecture here: http://www.offensive-security.com/metasploit-unleashed/Metasploit_Architechture . Metasploit is included in the Kali Linux that is used for this class, but you can also easily download and install it into any flavor of Linux.

Metasploit has a large collection of exploits and payloads and the tools to package and deliver them to a targeted host computer. Metasploit allows you to choose an exploit from its library, choose a payload, configure the target addressing, the target port numbers, and other options, and the framework will package it all together together, and launch it across the network to a targeted system. Metasploit is extremely flexible and can assist in the testing and development of exploits. Written in the Ruby programming language, Metasploit also allows the user to write his own exploits and payloads and include them within the framework. Metasploit is cross platform and can run on Linux, MAC OS, and Windows and has exploits and payloads targeting all three as well.

Meterpreter - One of the more powerful payloads is the Metasploit Interpreter or Meterpreter. Meterpreter allows the user to have command line access to the targeted machine without running a cmd.exe process, it runs completely in memory through the exploited process. There is a great article about Meterpreter and how it works here:About Meterpreter . By running Meterpreter on a compromised machine the user wields an incredible amount of system access and control.

You can learn about Metasploit here: http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training.

Metasploit Basics

Metasploit has many user interfaces including: msfcli, msfconsole, msfweb (deprecated) and msfgui (new). The main tool for accessing Metasploit is the msfconsole. Msfconsole is a console based interface that provides easy functionality, tab completion, and access to external system commands; it is the most stable Metasploit interface with access to more tools and features than the other interfaces. You can launch the Metasploit msfconsole with the following terminal command:

#msfconsole

Note: depending on the speed of your computer the console may take a minute to initialize and start up completely.

msfconsole

Once Metasploit and the msfconsole has completed starting up, you should see the "msf >" command prompt. For command help, you can type "help" or a "?". Below is a list of the common msfconsole commands to begin pentesting. The help command provides a list of available commands. The "search" command can search for an exploit, and the entire library of scripts etc., by name. The "show exploits" and "show payloads" command will output a complete list of Metasploit's library of exploits and payloads.

Commands

msf > help
msf > search <search term>
msf > show exploits
msf > use <path to exploit> //as indicated by the show exploits command
msf exploit( exploit name) > //the command prompt displays the loaded exploit
msf exploit( exploit name) > show payloads
msf exploit( exploit name) > set PAYLOAD <path to payload> //as indicated by the show payloads command
msf exploit( exploit name) > show options

Based on the output of the show options command you will need to input some options. Some of the options will have default settings already configured. RHOST and RPORT stands for remote host (target computer) and remote port and LHOST and LPORT stand for local host (your computer) and local port.

msf exploit( exploit name) > set RHOST <ip address>
msf exploit( exploit name) > set RPORT <port number>
msf exploit( exploit name) > set LHOST <ip address>
msf exploit( exploit name) > set LPORT <port number>
msf exploit( exploit name) > exploit //launches the exploit

Resources:

Lab Steps

Step 1 - Startup Kali and Metasploitable 2

  1. Start and login to Kali
  2. Start and login to Metesploitable 2
  3. Make sure both VMs are running behind the NAT
  4. Use ifconfig to find Metesploitable 2's IP address. Record it.
  5. Make sure both systems can ping each other

Step 2 - Use Kali and Metasploit to find a weakness and exploit it

  1. For this step, follow the instructions here
  2. In the instructions, tey are using Backtrack, but you will use Kali
  3. You can bypass the first 4 sections, and start with section 5
  4. Follow all the instructions, and make the exploit work.
  5. Document your work with commands and screenshots in a Word file.

Step 4 - Do it again on your own

  1. Reading the resources, and from what you learned, find and exploit 2 more weaknesses. Document your work, and give screenshots of your successful steps.
Topic revision: r3 - 2014-03-14 - JimSkon
 
This site is powered by the TWiki collaboration platformCopyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback