When i say "Penetration Testing tool" the first thing that comes to your mind is the world's largest Ruby project, with over 700,000 lines of code 'Metasploit'. No wonder it has become the de-facto standard for penetration testing and vulnerability development with more than one million unique downloads per year and the world?s largest, public database of quality assured exploits.
The Metasploit Framework is a program and sub-project developed by Metasploit LLC. It was initially created in 2003 in the Perl programming language, but was later completely re-written in the Ruby Programming Language. With the most recent release (3.7.1) Metasploit has taken exploit testing and simulation to a complete new level which has muscled out its high priced commercial counterparts by increasing the speed and lethality of code of exploit in shortest possible time.
Working with Metasploit
- search <keyword>: Typing in the command search? along with the keyword lists out the various possible exploits that have that keyword pattern.
- show exploits: Typing in the command 'show exploits' lists out the currently available exploits. There are remote exploits for various platforms and applications including Windows, Linux, IIS, Apache, and so on, which help to test the flexibility and understand the working of Metasploit.
- show payloads: With the same 'show' command, we can also list the payloads available. We can use a 'show payloads' to list the payloads.
- show options: Typing in the command 'show options' will show you options that you have set and possibly ones that you might have forgotten to set. Each exploit and payload comes with its own options that you can set.
- info <type> <name>: If you want specific information on an exploit or payload, you can use the 'info' command. Let?s say we want to get complete info of the payload 'winbind'. We can use the command 'info payload winbind'.
- use <exploit_name>: This command tells Metasploit to use the exploit with the specified name.
- set RHOST <hostname_or_ip>: This command will instruct Metasploit to target the specified remote host.
- set RPORT <host_port>: This command sets the port that Metasploit will connect to on the remote host.
- Set PAYLOAD <generic/shell_bind_tcp>: This command sets the payload that is used to exploit the target will give you a shell when a service is exploited.
- set LPORT <local_port>: This command sets the port number that the payload will open on the server when an exploit is exploited. It is important that this port number be a port that can be opened on the server (i.e.it is not in use by another service and not reserved for administrative use), so set it to a random 4 digit number greater than 1024, and you should be fine. You?ll have to change the number each time you successfully exploit a service as well.
- exploit: Actually exploits the service. Another version of exploit, rexploit reloads your exploit code and then executes the exploit. This allows you to try minor changes to your exploit code without restarting the console.
- help: The 'help' command will give you basic information of all the commands that are not listed out here.
- "ipconfig" prints the remote machines all current TCP/IP network configuration values
- "getuid" prints the server's username to he console.
- "hashdump" dumps the contents of the SAM database.
- "clearev" can be used to wipe off all the traces that you were ever on the machine.
- Thus we have successfully used Metasploit framework to break into the remote Windows 2003 server and get shell access which can be used to control the remote machine and perform any kind of operations as per our wish.
Potential Uses of the Metasploit Framework:
- Metasploit can be used during penetration testing to validate the reports by other automatic vulnerability assessment tools to prove that the vulnerability is not a false positive and can be exploited. Care has to taken because not only does it disprove false positives, but it can also breaks things.
- Metasploit can be used to test the new exploits that come up nearly every day on your locally hosted test servers to understand the effectiveness of the exploit.
- Metasploit is also a great testing tool for your intrusion detection systems to test whether the IDS is successful in preventing the attacks that we use to bypass it.