CO2

System Penetration with

Metasploit Framework
System Penetration
What do I mean by System Penetration?
The act of successfully breaching security on a
remote computer system in order to gain some form
of control access.

what is Metasploit Framework?

First we will revise some basic concepts before
understanding what the Metasploit Framework is and
what it is capable of providing.
Many Attack Vectors!
Gaining access to a secured system can be a
difficult task that requires skill and may be luck.
However, we have also have plenty of simple
techniques, commonly used today, to achieve the
same result. Such include;
Authentication Attacks
Password guessing using common strings or using
default passwords
Ex: Wireless Routers have default passwords
Majority don’t change this!!!
Ex: Windows Administrator Account are often blank
Many Attack Vectors!
Password Brute Force Attack
These method has become very fast with the
Rainbow Tables!
Rainbow tables pre-computed tables of password
hashes.

Social Engineering Attacks

To influence someone into divulging confidential
information using techniques.
Ex: Phishing Attacks : A malicious user who
impersonates him or herself as trustworthy a entity.
Many Attack Vectors!

SQL Injection Attacks

To inject unexpected malformed SQL into a query in
order to manipulate the database in unintended
ways.
Ex: Injection of SQL to spit out information from
certain tables
Ex: Inject an administrator account for yourself.
Many Attack Vectors!
However, one of the most dangerous and yet a very
effective attack used by malicious users today are
Software Exploitation Attacks!

Software Exploitation Attacks can be used to gain

access to unauthorized systems, leverage user
account privileges, crash systems or provide
installation of malicious software (such as Spyware,
Virus’s, Trojans, Adware, etc.) without the awareness
of the other party.
Understanding S.E. Attacks.
First, let’s understand basics.
According to Wikipedia;
“The word vulnerability, in computer security,
refers to a weakness in a system allowing an attacker
to violate the confidentiality, integrity, availability,
access control, consistency or audit mechanisms of
the system Or the data and applications it hosts”
Understanding S.E. Attacks.

To Software Developers, a bug is synonymous to a

vulnerability.
Ex: Errors in program’s source code or flawed
program design
•Buffer overflows
•Memory leaks
•Deadlocks
•Arithmetic overflow
•Accessing protected memory(Access Violation)
Metasploit Framework
What is the Metasploit Framework?
According to the Metasploit Team;

“The Metasploit Framework is a platform for writing,

testing, and using exploit code.
The primary users of the Framework are
professionals performing penetration testing, shell
code development, and vulnerability research.”
Metasploit:
Metasploit, an open source project, allows
individuals or organizations to identify security
vulnerabilities.
It is owned by Boston, Massachusetts-based
security company Rapid7.

(https://www.metasploit.com/)
Network administrators develop the code and can
break into their own code and identify potential risks.
The easiest way to get (use) a target machine is to
use Metasploitable2.
Understanding MSF
The Metasploit Framework MSF is not only an
environment for exploit development but also a
platform for launching exploits on real-world
applications.
It is packaged with real exploits that can provide
real damage if not used professionally.
The fact that MSF is an open-source tool and
provides such a simplified method for launching
dangerous attacks, it has and still is attracting
wannabe hackers and script kiddies that do no more
than create additional problems on networks and
system.
The Metasploit project offers
Penetration (pen) testing software
Tools for automating the comparison of a program’s
vulnerability
Anti-forensic and advanced evasion tools
Documentation of Metasploitable 2 is available at:
https://docs.rapid7.com/metasploit/metasploitable-2/
Some tools are also built-in the Metasploit
framework.
The Metasploit Framework is a collection of tools,
libraries, modules and so on.
cyber security professionals and ethical hackers
Exploit vulnerabilities on a network
 Trojans, backdoors, botnets, phishing are the
different malware types

 background of the organization may serve as an

important piece of information
 The Metasploit Framework is supported by various
operating systems.
One can use metasploit in both free and paid
version
Free version (Metasploit Framework and Metasploit
community) can be used to find out basic exploits.
•full paid version (Metasploit Pro) is preferred as it
allows one to carryout deep pen-tests and other
advanced features
A paid version offers:
Collects integrations via remote APIs
Automate several tasks, which include smart
exploitation, penetration testing reports, and much
more.
Infiltrates dynamic payloads to evade the top
antivirus solutions
Metasploit Interfaces
Msf console:
popular interfaces in the metasploit framework.
Once you have a hang of this interface and its
syntax, it will provide a coherent access to all the
options within the Metasploit Framework
Advantages of msfconsole include:

With the msfconsole, one can access all the

features in the MSF
Most stable and provides a console-based interface
With msfconsole executing external commands is
possible
One can experience a full read line support,
tabbing, and command completion
 Msfcli
 Msfcli enables a powerful command-line interface
to the framework
 Features of this interface include:
 Support for the launch of exploits and auxiliary
modules.
 Great for use in scripts and basic automation.
 msfcli as variables are case-sensitive, and are
assigned using an equal to (=) sign.
 MsfGUI
 The framework and a tool to carry out
demonstrations to clients and management.
 provides a point-and-click interface for exploitation
 a GTK wizard-based interface for using the
metasploit framework
Armitage
Developed by Raphael Mudge, Armitage
open source Java-based frontend GUI for the
metasploit framework.
Its primary aim is to assist security professionals to
understand hacking
Advantages of using Metasploit
One can automate each phase of penetration
testing
Metasploit allows pen testers and cyber
professionals to automate all phases within the
penetration test.
the amount of time required to carryout a complete
and thorough pen-test is huge.
Credentials can be gathered and reused:
 Credentials are the keys to any network, and the
biggest prize for a penetration tester.

 one can catalog and track user credentials for

reporting
Become a next-Level Pen Tester:
 If one has already worked with Metasploit
framework for years together, its pro version is
definitely the next step.

 With Metasploit Pro, the expert can easily move

through a network using the pivoting and antivirus
evasion capabilities.
 Metasploit in competition with other pen testing
tools
 Metasploit is not the only tool that offers
penetration testing but it is one of the preferred
ones
 Some of them include Wireshark, Nessus, Nmap,
and so on.
Wireshark
 Famous network protocol analyzer.
 Read captured information from other applications
and is multiplatform.
 con
 steep learning curve
 Nessus
 vulnerability scanner and a popular tool.
 It has a huge library of vulnerabilities and
respective tests
 It relies on the response from the target host to
identify a breach.
 Metasploit is used as an exploitation tool to identify
if the detected breach could be exploitable.
 Nmap
 It is a highly competent pen testing tool used for
network mapping or discovery.
 GUI functionality on comparing with metasploit
Metasploit Introduction
Metasploit is an automated exploitation framework
Open source, continuous development and updates
Tools for scanning, exploit development,
exploitation, and post-exploitation
Extensible through plugins and modules
Msfconsole
Msfconsole

Most feature-full interface for Metasploit is

msfconsole
Like a shell, just for Metasploit
In addition to special Metasploit commands, also
accepts bash commands
ping, ls, curl, etc
 Common Commands
 connect
 like netcat, connects to host on specified port
 search
 search module database, by name, platform, app,
cve, and more
 sessions
 List or manipulate your open sessions (shells,
VNC, etc)
 show
 Show anything: show modules, exploits, payloads,
options (for selected module)
Basic Usage
Using a module:
(Optional) If your module is not loaded, load it with
load path
(Optional) If you don’t know the name, search for it
with search
Select your module with use
Fill parameters using set(show parameters with
show options)
Run with exploit
Reload and run with rexploit
Metasploit CLI
Sometimes you’d rather not load up the whole
console just to run a single script
Use msfcli to interact with Metasploit from the
command-line
Metasploit CLI
ModeDescription
(A)dvanced Show available advanced options for
this module
(AC)tions Show available actions for this auxiliary
module. (C)heck Run the check routine of the
selected module. (E)xecute Execute the selected
module .(H)elp You're looking at it men!
(I)DS Evasion Show available ids evasion options
for this module. (O)ptions Show available options for
this module .(P)ayloads Show available payloads for
this module. (S)ummary Show information about this
module.(T)argets Show available targets for this
exploit module
 Writing Modules
 Auxiliary
 Defines a function called run
 Can do simple tasks: fuzzing, scanning, sniffing,
brute forcing logins
 Exploit
 Defines a function called exploit
 Requires a payload (shell code)
 Most basic form
 Connect to remote host
 Send payload
 Run handler (sets up reverse shell connection)
 Disconnect
Post-Exploitation Tools
Most post-exploitation tools rely on a meterpreter
shell
Meterpreter is a payload that can be selected with
many exploits
A meterpreter shell provides a consistent cross-
platform post-exploitation interface
Also acts as an in-memory stager for loading
additional exploit code remotely (Meterpreter resides
entirely in memory and writes nothing to disk.)
Meterpreter Basics
Provides basic UNIX interface: ls, cat, cd, pwd,
getuid, ps
Also some convenience features
search: convenient file system searching
migrate: migrate control to another running process
clearev: clears logs (Windows only)
upload, download
webcam_list, webcam_snap
Meterpreter Basics
The Meterpreter is short for The Meta-Interpreter.
The Meterpreter works in a client <-> server
configuration.
Where the server mearly acts as a communication
and loading mechanism.
The Meterpreter allows you great flexability post
exploitation.
You can use the included extensions to do various
tasks or write your own DLL to use on the target
system.
More Meterpreter Features
Persistent backdoors with metsvc
John the Ripper integration (to crack passwd)
Remote packet sniffing
Keylogging
Kill off antivirus
Dump system information
Pretty much anything you can think of
Or you can write your own scripts, too
What is the Framework?
The Metasploit project decided to create a
development framework for exploits. An environment
for interested parties to quickly and easily develop
code.
On the surface it contains a handful of exploits that
you can launch against a box and potentially own it.
But under the hood it has a massive amount of
flexibility and technology that allows you to effectively
build a real working exploit for your own purposes.
What is a module?
A module for all intents and purposes is an exploit.
The framework uses the PERL module system to
define and access needed information. Your exploit
will in fact be a working PERL module. We define
methods and variables, or call external functions in a
easy, well documented way.
Thank You All