Open in app

Sign in

Write

Sign in

Metasploit #3: Vulnerability Hunting

Manu Areraa
3 min readNov 9, 2020
Metasploit Framework — Vulnerability Hunting

Hello Everyone !! Next up, we will see the Vulnerability Hunting features of MSF.

Workspaces

We all know, how handy it is to have multiple tabs in Chrome. It enables us to be more productive and multitasking. Likewise, MSF allows us to multitask with the “Workspace” feature. Workspace work in the same way as multiple tabs in Google Chrome. They are just logical compartments. Some of the commands that will help you are,

#to list all the created workspaces
workspace#to create a workspace
workspace -a <name>#to delete a workspace
workspace -d <name>#to switch to a specific workspace
workspace <name>

Importing Scans

MSF allows us to import scans from various other tools such as Nessus and NMAP.

#to import files
db_import <file>#You can also backup all your work using the following command
db_export -f <file format> file_name/file_path

Using NMAP and Nessus from within MSF

#you can run nmap directly form msf using the following command
this will store everything to the backend database
db_nmap <command>#Ex
db_nmap -sT -0 192.168.1.0/24

To use Nessus within MSF, you must start the Nessus service first.

/etc/init.d/nessusd start
#once the service has been started, you have to connect it with you credentials #then use the following commands to perform a scannessus_policy_listnessus_scan_new <policy UUID>nessus_scan_launch <scan ID>#to see the results of the scan
nessus_report_vulns <scan ID>

Auto-Exploit a Target

The db_autopwn script can be used to scan a target for all possible exploits. Since it tries all combinations and permissions, its very much noisy. So using it for professional purpose is highly not recommended. One can use it for educational purposes.

NOTE: db_autopwn has been removed from MSF

#download the db_autopwn script using the following command
wget https://raw.githubusercontent.com/jeffbryner/ kinectasploit/master/db_autopwn.rb.#copy the downloaded file to /usr/share/metasploit-framework/ pluginsdirectory#restart msf#to use
use db_autopwn#to list the matched exploits
db_autopwn -p -t#to exploit the matched exploits
db_autopwn -p -t -e

Meterpreter

Meterpreter is a kind of payload that uses “in-memory DLL injection” to create a Meterpreter session. The two main feature of Meterpreter are,

Stealthy

Since Meterpreter resides in Memory, it is highly undetectable. It does not create a new process and does not write to disk. It migrates from process to process easily. And it travels through an encrypted channel. This leaves very less evidence to trace back.

Extensible

New features can be added to it without having to rebuild it.

Once a Meterpreter session has been opened, you can perform various activities like,

  • Screen Capture
  • Search for files
  • Keylogger
  • Password/Hash Dumping
  • Shell command Execution
  • Privilege Escalation

MSF Utilities

MSF utilities can be run run directly from the terminal.

  1. msf-exe2vbs — Converts executable file (.exe) to VBScript

2. msf-exe2vba — Converts .exe to .vba

3. msf-pdf2xdp — Converts .pdf to .xdp

4. msf-msf_irb — To invoke built in Ruby Shell

5. msf-pattern_create — To generate a pattern of any given length and character combination

6. msf-virustotal — To check for malicious file using the Virustotal portal

7. msf-makeiplist — Coverts an IP range to a list of IP

That’s it for today’s article. Let me know if there is any need for change or improvement in this article. Happy Learning..!!

Reference: Metasploit 5.0 for Beginners

Linux
Students
Cybersecurity
Learning
Computer Science

--

--

Manu Areraa

Written by Manu Areraa

5 Followers

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams