Metasploit for beginners #1: Intro

Hello everyone !! When it comes to the day-to-day routine of a Cybersecurity professional, Metasploit is one of those things that you can’t miss. And mastering it takes an immense amount of practice.

For those who wondering what Metasploit is, it is a Pentesting framework that offers you a large variety of handy tools that helps you right from Information Gathering on a Target to Covering your Tracks after Pentesting your Target. But, that doesn’t mean it’s everything you need during a pentest. Still, you will need a few other tools to successfully perform a pentest.

As I learn Metasploit, I would like to share that knowledge, especially with beginners in this series of Articles. Let’s get straight into the article.

Metasploit Framework Structure

Remember, Metasploit is a Framework. So the structure of Metasploit looks like,

Metasploit Framework Structure

Each of the above 7 modules has several categories of Sub-modules within them. For example, the encoder modules have the following submodules as follows,

• cmd
• mipsle
• ruby
• generic
• php
• sparc
• mipsbe
• ppc
• x86
• x64

Like the above, every main module has different categories. But, there is no need to memorize them. You will get to know as you keep practising it regularly.

What these major modules are?

• Auxillary — This module consists of several scripts which helps you to perform a specific task like port scanning, certificate verification, fuzzing, enumeration, etc
• Encoders — This module has scripts to obfuscate our payloads so that you are not detected by any security mechanism.
• Payloads — As we know, to exploit a vulnerability in the target system, you need to deliver the right kind of payload to successfully execute the attack. This module contains the necessary payloads. These payloads are of different kinds — Singles, Stagers, Stages

→ Singles — Also known as Inline or Non-staged Payloads. They have everything like shellcode and other necessary content you need to exploit a vulnerability. In other words, it an all-in-one. There is no need to send some other payload to support it. But the disadvantage is its size. Since it has everything in-built, the size is very heavy. While pentesting you will come across situations where there are size restrictions, in that case, ‘Singles’ will not help you.

→ Stagers — The stagers are less in size. But they are not all-in-one. They have the capability to create a connection between the attacker and the target system but does not have the required shellcode to execute. You have to send the shellcode separately.

→ Stages — This is the other type of payload you need to send while using stagers. While the stagers create a connection between the target and the attacker, it then downloads the ‘Stages’ payload into the target system through the connection is already made. This ‘Stages’ payload has the necessary shellcode to be executed.

• Exploits — This module consists of around 2500 exploits you need to get into the target’s system.
• NOPs — Also known as No Operation Instruction. When the target's systems processor loads the NOPs it just does nothing and then executes the next code inline. It seems the practical importance of this lies in writing instruction jumps. Check here.
• Post — After you successfully exploit your target system, this module provides you with all the necessary scripts and utilities you need to do the post-exploitation process like Dumping OS Credentials, Grabbing Saved passwords and other credentials.
• Evasion — To design a payload that is not detected you will need the scripts that are available in this module.

We will get into the details of each Module in detail in the upcoming articles.

Few Basic Commands in Metasploit

banner

Gives you information and a count on all the available modules.

version

Shows you the Framework and console version details

connect <ip>:<port>

You can use this for port scanning or banner grabbing.

route

Lets you manipulate with network routes

save

Lets you save the current working configuration to a file, which you can load and use it later.

sessions

Shows you all the active session in case if you performing in different sessions.

spool <filename.log>

Prints all the output to a file.

show

Helps you to see all the available modules under that section.

info

It shows you complete details of the currently selected module.

irb

Invokes the Interactive Ruby Platform. It can be used to make custom scripts.

makerc <filename.txt>

Prints out the entire command history of a particular session to a file so that you can review it later.

search <string>

Searches that particular string in all the modules and show you the output. Very much helpful.

msfupdate

Let’s you update Metasploit right from the msfconsole.

Variables in Metasploit

• LHOST — Localhost/Attacker IP Address
• PORT — Local Port. Needed in case of Reverse Shell
• RHOST — Remote/Target IP Address
• RHOSTS — Multiple target system IP Address
• RPORT — Remote/Target Port

Commands used to set these variables are as follows,

get <var1> <var2>

Shows you the local variables.

getg <var1> <var2>

Shows you the respective global variables.

set RHOST 192.168.0.10
setg RHOST 192.168.0.10

Let’s you set local and global variable values.

unset RHOST 192.168.0.10
unsetg RHOST 192.168.0.10

Let’s you unset/remove local and global variable values.

That’s it for today’s article. Let me know if there is any need for change or improvement in this article. Happy Learning..!!

Reference: Metasploit 5.0 for Beginners from Packt Publication