Skip to main content

Metasploit & Nexpose Hacking Part -II

 METASPLOIT PRO: PROFESSIONAL USE

METASPLOIT FRAMEWORK – THE HACKER’S BREAD

   Welcome to the second module of this workshop. In this module, you will be studying in depth the Metasploit Framework. This will also help you study the extraordinary benefits of this security tool, which also plays a key role in the exploit development lifecycle. Metasploit is the bread and butter for many information security professionals or pentesters. 

  There are a couple of good exploitation tools available in the market that are used by security professionals, however, Metasploit leads the industry due to a couple of reasons. There are other tools available, like Core Impact and Immunity Canvas, that lead the market along with Metasploit. The problem is that these tools are closed source and you would not be able to find even their crack or open version from any authentic source. Metasploit comes in a community edition, which doesn’t have any major differences in features in comparison to the pro version of Metasploit.

 Many freelancers and small companies in security consulting use this community edition of Metasploit and the community edition is also used by many professionals who practice hacking in order to advance their hacking skills and exploitation techniques. I personally used Metasploit from its early days and still make good use of this framework when I need to perform exploit research and testing in my lab.


 Metasploit framework is a modular framework; the most fundamental piece of the architecture is the Rex library, which is short for Ruby Extension Library. The lowest level is core library and this is followed by base.

 Finally, base library is extended by framework UI, which implements support for the different types of user interfaces to the framework itself, such as command line and web interface. Separate from the framework itself are the modules and plugins that it’s designed to support. Metasploit Framework fundamentals include the msfcli, msfconsole, exploits, payloads, database and the famous meterpreter.



    Metasploit is not just the exploitation tools; it has many features that will help you in exploits research and development. Plus, you can develop your own Metasploit Modules and add the flexibility as per your need or requirements for dedicated pen testing projects. Fundamentals are just the tools you can use or someone who just uses Metasploit as a click and go tool for performing pen testing or ethical hacking. 
  
  This tool is awesomely developed and helps in many different ways and is widely used by information security professionals. This module will highlight as much as possible, as this tool requires a complete workshop on it if you want to fully understand and become master of it. However, you will be able to learn the maximum professional usage of this great tool in pen testing.

Metasploit Commands to Memorize 

   If you want to learn Metasploit and use it in your pen testing projects or for any security research and exploit development, then there are some core commands you should understand and have hands-on experience with.








 Metasploit Professional 
 
   Use Metasploit Framework has been in the industry for a while now and it’s a first choice of security professionals when you talk about pen testing, however, not all security professionals have hands-on experience with Metasploit, they just use it as a tool that has the bulk of exploits available that can be launched by anyone. This is not the professional usage of Metasploit. If you, as a security professional, want to stand out from such professionals, then become an expert in using this great tool.

In order to have expert level experience with Metasploit, you should have the following skills developed by using this wonderful tool:

• At first you should understand how this tool works 
• Modules Information 
• Exploiting and Pivoting 
• Customization of Modules 
• Developing a Metasploit Module 
• Exploit Development with Metasploit

 A couple of these skills will be covered in this module and the remaining will be explored in the last module with hands-on testing in the workshop. 

Metasploit Usage 

  The commands presented above only cover some basics of the command line usage of this tool. You will be able to explore more on the pro version of Metasploit. However, let’s quickly review what else you can do from the command line. Functionality available from the command line is given below with the usage details.




Now, you can also load different modules available in the Metasploit Framework, which works in integration with other security tools for advanced usage and basically professionally performing pen testing via a single command line platform of the Metasploit Framework. All the modules available by default when Metasploit Framework runs can be found in the module directory of the Metasploit Framework. This can be different and depends on the installation directory as well as the operating system on which you have installed the Metasploit Framework. 

  On Kali Linux, you can found these modules located in the following path as shown below in the snapshot.


  However, there are some more modules that you can add at run time. These modules are shown below; each of these modules would be loaded into the run time environment by using the load command. You should practice loading these modules and use them one by one. Usage details are also available from the command and will be presented shortly here.





Once all of these modules are loaded, you will be able to see commands, or let’s say functionality, you can perform with these modules, like directly performing vulnerability scans from Metasploit Framework by use of Nessus and NeXpose modules just loaded, or run Web Application assessments with the help of “SQLMAP and WMAP” modules loaded and similarly for the other modules we have just loaded. The following snapshots show the available functionality after loading these modules.



After loading all of these modules, let’s look at what you will be able to perform from Metasploit Command Line Interface: 
• Nessus Vulnerability Scans 
• NeXpose Vulnerability Scans 
• Web Scans with “wmap” 
• Database testing with “sqlmap” 
• Exploitation

 This is called a full flashed pen testing platform that gives you flexibility to run multiple tasks from a single platform. This is the power of Metasploit and you can also develop your own module and import it into Metasploit Framework. You will be able to explore all of these features in the upcoming modules where you will be performing hands-on testing with these modules and developing your skills with Metasploit Framework.

  But it’s not enough at this stage, you still need to explore exploit development features available in Metasploit that were stated earlier in the module. Exploit development features of Metasploit will be covered in the last module. In our opinion, Metasploit provides efficient use from the command line and, as a security professional, you should be an expert with the command line and that’s what the industry considers the standard, however, it is not the rule.

Popular posts from this blog

Haking On Demand_WireShark - Part 5

Detect/Analyze Scanning Traffic Using Wireshark “Wireshark”, the world’s most popular Network Protocol Analyzer is a multipurpose tool. It can be used as a Packet Sniffer, Network Analyser, Protocol Analyser & Forensic tool. Through this article my focus is on how to use Wireshark to detect/analyze any scanning & suspect traffic. Let’s start with Scanning first. As a thief studies surroundings before stealing something from a target, similarly attackers or hackers also perform foot printing and scanning before the actual attack. In this phase, they want to collect all possible information about the target so that they can plan their attack accordingly. If we talk about scanning here they want to collect details like: • Which IP addresses are in use? • Which port/services are active on those IPs? • Which platform (Operating System) is in use? • What are the vulnerabilities & other similar kinds of information. • Now moving to some popular scan methods and ho...
Read more

Bypassing Web Application Firewall Part - 2

WAF Bypassing with SQL Injection HTTP Parameter Pollution & Encoding Techniques HTTP Parameter Pollution is an attack where we have the ability to override or add HTTP GET/POST parameters by injecting string delimiters. HPP can be distinguished in two categories, client-side and server-side, and the exploitation of HPP can result in the following outcomes:  •Override existing hardcoded HTTP parameters  •Modify the application behaviors   •Access and potentially exploit uncontrollable variables  • Bypass input validation checkpoints and WAF rules HTTP Parameter Pollution – HPP   WAFs, which is the topic of interest, many times perform query string parsing before applying the filters to this string. This may result in the execution of a payload that an HTTP request can carry. Some WAFs analyze only one parameter from the string of the request, most of the times the first or the last, which may result in a bypass of the WAF filters, and execution of the pa...
Read more

Bypassing Web Application Firewall Part - 4

Securing WAF and Conclusion DOM Based XSS DOM based XSS is another type of XSS that is also used widely, and we didn’t discuss it in module 3. The DOM, or Document Object Model, is the structural format used to represent documents in a browser. The DOM enables dynamic scripts such as JavaScript to reference components of the document such as a form field or a session cookie, and it is also a security feature that limits scripts on different domains from obtaining cookies for other domains. Now, the XSS attacks based on this is when the payload that we inject is executed as a result of modifying the DOM environment in the victim’s browser, so that the code runs in an unexpected way. By this we mean that in contrast with the other two attacks, here the page that the victim sees does not change, but the injected code is executed differently because of the modifications that have been done in the DOM environment, that we said earlier. In the other XSS attacks, we saw the injected code was ...
Read more