Skip to main content

Haking _ MetaSploit - Part 1

The Metasploit Workshop

About the Metasploit Framework Workshop

This course will give you an overview about Metasploit Framework and will guide you through the
installation process on different platforms (Linux, Windows, and Mac OS X).

Hardware Requirements

 Minimum System Requirements

     • 2 GHz+ processor
    • 2 GB RAM available (4 GB recommended)
    • 500MB+ available disk space
    • 10/100 Mbps Network Interface Card (NIC)

Supported Operating Systems

     • Windows XP, 2003, Vista, 2008 Server, and Windows 7
    • Red Hat Enterprise Linux 5.x, 6.x – x86 and x86_64
    • Ubuntu Linux 8.04, 10.04 – x86 and x86_64

For Mac OS X, which is built on FreeBSD; Metasploit should run on Mac OS X properly when it is configured correctly.

 Required Browser Versions

     • Mozilla Firefox 4.0+
    • Microsoft Internet Explorer 9
    • Google Chrome 10+

This course introduces the step-by-step instructions on how to install Metasploit on Mac OSs.

Preparation and Requirements

 Linux (Ubuntu)

 • We start by making sure that we have the latest packages by updating the system using
“apt-get” command:

    sudo apt-get update
    sudo apt-get upgrade

• Now, we know that we are running an updated system. Hence, we can install all the dependent

packages that are needed by Metasploit Framework using this command:

    sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev
    libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf
    pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3

• As we know metasploit have been fully rewritten with Ruby language, so we need to install the
required Ruby libraries that metasploit framework depends on:

    sudo gem install wirble sqlite3 bundl

• Metasploit depends on Nmap as an external tool for network scanning, so we should install it as
well using the following command.

    mkdir ~/Development
    cd ~/Development
    svn co https://svn.nmap.org/nmap
    cd nmap
    ./configure
    make
    sudo make install
    make clea

• Since the framework depends on external databases in order to load faster and to respond to
exploit or modules searches efficiently in time needed, so we’ll need to install the Relational
database management system (RDBMS) such as MYSQL, PostgreSQL .., etc.

For this course, we will be using PostgreSQL as a database system an we’ll cover both installation
and configuration for it.

• We install PostgreSQL using “apt-get” command like so:

    apt-get install postgres

• Then, We switch to the postgres user apace where we can create a user and a database that we
will use for Metasploit later:

    sudo -s
    su postgres

• Now, we create a user and database, you should record the database that you gave to the user
since it will be used in the database.yml file that Metasploit will use to connect to the database.

    createuser msfuser -P -S -R -D
    createdb -O msfuser msf

Windows

 Windows operating system is always much easier than other operating systems regarding the
installation of a new software, and all what you will need to do before installing the MSF is to get
your proper action key from the RAPID7 website here: http://www.rapid7.com/products/metasploit/
download.jsp, after clicking on “Download Metasploit Community”

After that, you should disable any Anti-virus programs or Firewalls in place, because of the MSF
nature as it uses Exploits and Payloads for its operations, hence, anti-virus products may identify it
as malicious and may start deleting important files from its folder. So we highly recommend that you
create a folder “METASPLOIT” under the C:\ drive and add it as a trusted folder.

Mac OSX

 • Before we start installing Metasploit Framework, we need to make sure the system has already
installed Apple’s Development Tool Xcode, it can be downloaded from (https://developer.apple.
com/) or directly obtained from Apple’s App Store.

• Once you have Xcode installed on your system, open a new terminal, run xcode-select, and click
the Install button to install the required command line developer tools As shown in the figure















• If you see a message telling you the software cannot be installed, because it is not currently
available on the Software Update Server. This usually means you already have the latest version
already installed.












• Also, We will need to install MacPorts. It can be downloaded from http://www.macports.org/install.php

• After installation, we should update it to the latest version using the following command:

    sudo port -v selfupdate

• After MacPorts and XCode have been correctly configured, we can go ahead to instal Ruby and
RubyGem, we will use our previously installed MacPorts in this step.

    sudo port install ruby19 +nosuffix

• And in order to take the full advantage of the features of Metasploit Framework, we need to install
an external database system (PostgreSQL).

    sudo port install postgresql93-server
    gem install pg -v ‘0.16.0’ -- --with-pg-config=/opt/local/lib/postgresql93/bin/pg_config

Installation

 Linux (Ubuntu)

 Once we have completed with the installation of all previous dependencies, we can go now and
install the framework and connect it to the database we have created using PostgreSQL, we will
install it from github since it’s the most updated one, and we can later use MSFUPDATE command in
order to update the framework as follows:

    cd /opt
    git clone https://github.com/rapid7/metasploit-framework.git

Now, we run budler to install the gems:
    cd /opt/metasploit-framework
    bundle install

Once we are done, we should create the links to different commands (msfconsole, msfpayload .., etc.)
so we can use them under any user and not being limited to use only under the framework folder:

     sudo bash -c ‘for MSF in $(ls msf*); do in -s /opt/metasploit-framework/$MSF /usr/local/
    bin/$MSF;done’

And for not being forced to run commands that connect to the MSF to the Postgres database each
time we launch the framework, we need to create a configuration file under the framework folder:

    cd /opt/metasploit-framework
    touch database.yml

And past this content inside, using your favorite text editor (I prefer nano :)):

    production:
      adapter: postgresql
      database: msf
      username: msfuser
      password:
      host: 127.0.0.1
      port: 5432
      pool: 75
      timeout: 5

Windows

 • Start with locating the Windows installer file and double-click on the installer icon, when the setup
screen appears, click Next to continue.









































• Accept the licence afreement and click Next
• On the next screen, choose an installation directory for Metasploit. The directory you choose
must be empty. Click Next to continue (As we described earlier the installation folder must be
trusted by the Anti-virus product you are using otherwise the installation will fail)






















• When the Disable Anti-virus and Firewall screen appears, click Next, if it detects an active Antivirus or Firewall in place it’ll show up this error:












When the installation finishes, the web browser will automatically open up, and it’ll show you this
page, all you have to do now is to create a username and password for the WEBGUI use. After you
are done with that, you’ll find the metasploit console under Windows -> All Programs -> Metasploit.

Mac OSX

 After downloading and installing all the dependencies mentioned in the previous section, now we are
ready to go ahead and install MSF. In order to take full advantage of the Metasploit Framework, we’ll
want to connect it to the PostgreSQL.

Hence, In PG Admin III, create a database called “metasploitdb” and a user name called “msfuser”
with password “msfpassword”, then assign “msfuser” to “metasploitdb”.









































After that we should download the MSF from github as follows:

    cd /opt/
    sudo git clone https://github.com/rapid7/metasploit-framework.git

Next, you should install the required gems and versions using bundler. For this we have to navigate
to the metasploit-framework folder and then execute the command “bundle install” like so:

    cd /opt/metasploit-framework/
    bundle install

Now, that we are almost done, we create symlinks for msfconsole and msfpayload. This is in order
to be able to execute the framework from any shell on any location using the following command:

    sudo ln -s /opt/metasploit-framework/msf* /opt/local/bin/

We have successfully installed and configured Metasploit and now for the first run just type “msfconsole.”






















Well, this is Metasploit Console, one form of taking advantage of the MSF. We will break down to the other forms of interfaces in the next chapter.

Fundamentals

 First of all and before diving deep into the framework, we want to have a look at it’s architecture and
how it’s designed.

We see as in figure, the framework provides a truly impressive work environment. It’s far from being just a collection of exploits. It’s an infrastructure that you can build upon and utilize for your custom needs.

Modules

Payloads: This module is composed of the various payloads a penetration tester may wish to
deposit into a target system. Payloads usually consist of some codes to run as well as some
parameters defining how a connection to the compromised system might be made.

Exploits: All standalone exploits belong in this module. It contains both passive and active
exploits. An example of an active exploit is the one that exploits a buffer overflow whereas a
passive exploit something along the lines of a fake DNS server that re-routes an unsuspecting
user to a malicious site.

Encoders: This module contains various encoders that are used to encode the payload before it
is being sent to a remote computer. This is done to prevent the payload from being detected by
an anti-virus program.

Nops: This module is composed of a few different generators which targetted to generate
operation instructions that are used as padding around some of the payloads in order to keep
their size consistent.

Aux (Auxiliaries): This module contains all the tools which a penetration tester would use in the
initial phases of planning out an attack. These are Tools such as packet sniffers, port scanners,
input fuzzers, etc.





















Libraries

Rex (Ruby Extension Library): It contains most of the framework’s core features and tools, some of which are specific to the application domain, which were built to enhance the default Ruby library.
The Rex module was designed to depend strictly on the default installation of Ruby (default
libraries) and is the centerpiece of the framework. Some examples from Rex are wrappers for
socket subsystems, implementations of client server protocols, a logging subsystem, exploitation
utility classes, and a number of other useful classes

MSFCore: To expose its features to other modules, the Metasploit team developed the MSF Core
library, which works as an API and extension for Rex and its purpose is to provide a low-level
interface that will allow peripheral modules to interact with Rex.

MSFBase: This core library is extended by the MSF Base library which is designed to provide a
simpler interface to interact with the core framework and some utility classes

Tools & Plug-ins

 They work directly with the Metasploit API, and they manipulate the framework as a whole and also
automate specific tasks which would be tedious to do manually. For example, let’s say you have 10
hosts that you have access to (sessions), and you want to upload and execute a specific file on all
the hosts, you can do it using a plugin that will automate the process.

Interfaces

MSFConsole: It provides an “all-in-one” centralized console that allows you efficient access to
virtually all of the options available in the Metasploit Framework. Msfconsole may seem intimidating
at first, but once you learn the syntax of the commands, you will learn to appreciate the power of
utilizing this interface.
MSFcli: It’s a single line command for Metasploit, it provides almost the same fonctionalities
as MSFconsole. So instead of running the whole metasploit project using MSFconsole just to
generate a payload, for example, you can do it using MSFcli in just one command.
Web: It’s another way of browsing and using the functionalities provided by Metasploit via a web
interface from a web browser.
GUI: It is the tool which Metasploit uses to visualize targets and recommend exploits. It is called
Armitage and it provides you with a fast and easy hacking without ever having to use your
keyboard, just click and attack hosts. We will go in depth with Armitage in “Module 3.”

We will introduce both Modules (Payloads, Exploits, Encoders, Nops, Auxiliaries) and Interfaces in
depth in the next sessions.

Popular posts from this blog

Haking On Demand_WireShark - Part 5

Detect/Analyze Scanning Traffic Using Wireshark “Wireshark”, the world’s most popular Network Protocol Analyzer is a multipurpose tool. It can be used as a Packet Sniffer, Network Analyser, Protocol Analyser & Forensic tool. Through this article my focus is on how to use Wireshark to detect/analyze any scanning & suspect traffic. Let’s start with Scanning first. As a thief studies surroundings before stealing something from a target, similarly attackers or hackers also perform foot printing and scanning before the actual attack. In this phase, they want to collect all possible information about the target so that they can plan their attack accordingly. If we talk about scanning here they want to collect details like: • Which IP addresses are in use? • Which port/services are active on those IPs? • Which platform (Operating System) is in use? • What are the vulnerabilities & other similar kinds of information. • Now moving to some popular scan methods and ho
Read more

Bypassing Web Application Firewall Part - 2

WAF Bypassing with SQL Injection HTTP Parameter Pollution & Encoding Techniques HTTP Parameter Pollution is an attack where we have the ability to override or add HTTP GET/POST parameters by injecting string delimiters. HPP can be distinguished in two categories, client-side and server-side, and the exploitation of HPP can result in the following outcomes:  •Override existing hardcoded HTTP parameters  •Modify the application behaviors   •Access and potentially exploit uncontrollable variables  • Bypass input validation checkpoints and WAF rules HTTP Parameter Pollution – HPP   WAFs, which is the topic of interest, many times perform query string parsing before applying the filters to this string. This may result in the execution of a payload that an HTTP request can carry. Some WAFs analyze only one parameter from the string of the request, most of the times the first or the last, which may result in a bypass of the WAF filters, and execution of the payload in the server.  Let’s e
Read more

Bypassing Web Application Firewall Part - 4

Securing WAF and Conclusion DOM Based XSS DOM based XSS is another type of XSS that is also used widely, and we didn’t discuss it in module 3. The DOM, or Document Object Model, is the structural format used to represent documents in a browser. The DOM enables dynamic scripts such as JavaScript to reference components of the document such as a form field or a session cookie, and it is also a security feature that limits scripts on different domains from obtaining cookies for other domains. Now, the XSS attacks based on this is when the payload that we inject is executed as a result of modifying the DOM environment in the victim’s browser, so that the code runs in an unexpected way. By this we mean that in contrast with the other two attacks, here the page that the victim sees does not change, but the injected code is executed differently because of the modifications that have been done in the DOM environment, that we said earlier. In the other XSS attacks, we saw the injected code was
Read more