Metasploit Framework | Ethical Hacking | TechnoGb
Metasploit Framework is one of the world’s best Ethical Hacking tools, and most powerful exploit tool present till date, it is the world’s most used Penetration testing software, and the best part is that Metasploit is open source Software for Windows, Linux, and MAC Operating System.
Kali Linux is the operating system on which Metasploit comes preinstalled in addition to other tools which are useful for Penetration Testing and Ethical Hacking. You can download Metasploit from http://www.metasploit.com
Metasploit has lots of Payload in it which makes our work lot easier and we can directly inject that payload Remotely or over the internet by doing port forwarding to gain access to our target Operating System or a Server.
Here now we are going to exploit an Unpatched Microsoft XP service pack 1 Operating System. We will use the payloads to Exploit this system.
For all the commands, you can try executing “msfconsole –help” (without quotes) this will show you all the commands as well as their uses in the Metasploit Framework. Or else this can also be done by executing “msfconsole -h” (without quotes) the output of both will be same, both will guide you how to use and what command to execute in Metasploit Framework for generating the required result.
See the below screenshot of help menu to get some idea:
Now, let’s begin exploiting our target system: (here we will be using Kali Linux Operating System for our attack.)
- Type “msfconsole” (without quotes) in the terminal
This command will start the Metasploit Framework in the Terminal, now if you take a closer look you will find that at startup Metasploit gives few information such as:
- the version (in this case it is 4.14.21-dev)
- the total number of exploits, auxiliary, and the total number of posts present i.e 1655 Exploits, 947 auxiliaries, 293 posts are present (at the time of writing this article).
- This also gives information about the total number of payloads nops and encoders i.e 486 payloads, 40 encoders and 9 nops.
Here we can use all this information for exploiting our target very precisely.
- Now type “show exploits” to show all the exploits present in the Metasploit and select the required one from that.
- Now it’s time to use the correct exploit for our target system i.e. Windows XP Service Pack 1, and that exploit is “windows/smb/ms06_025_rras”
For using the exploit “windows/smb/ms06_025_rras” we will use the below command i.e “use windows/smb/ms06_025_rras” – This command will use the above exploit and get into it.
Now, look at the above screenshot, in it the last command changes to “exploit(ms06_025_rras) >” which indicate that we are in the “windows/smb/ms06_025_rras” Exploit, now whatever we have to do, we have to do into this exploit only.
- Now let’s see what options this exploit needed or what sorts of information, we can see this by typing “show options” (without quotes).
After typing this we will see that this exploit will be needed the following options to proceed further:
- RHOST – this is the target operating system’s IP address
- RPORT – this will be the SMB service port (TCP) by default its value is 445.
- SMBPIPE – this argument is to be given to specify the pipe name to be used, by default its value is ROUTER.
Now our next task is to provide RHOST and SMBPIPE value to this exploit
- To set the RHOST value we will use “set RHOST 192.168.0.4” (without quotes)
This command will set the target’s IP address as 192.168.0.4, but here you don’t have to set the above IP address rather the target system’s IPTCP address on which you are going to attack, my target’s IP address is 192.168.0.4, Yours’s will be different.
After getting into Exploit of our target and setting up the target’s IP address and the value of SMBPIPE, now it’s time to set the Payload and Payload Options.
- To set the payload for our target first we have to show all the payload for our exploit for that we will use “show payloads” (without quotes)
These all are the Payload options for our target Exploit, and we have to use the highlighted payload to perform our attack i.e. “windows/shell/bind_tcp”, this payload will bind the target’s TCP (transfer control protocol) and will land us directly into the target’s shell or we can say that it will direct land us into the target’s Command Prompt.
Now we have to set the above payload (windows/shell bind_tcp), and that we will set by typing “set PAYLOAD windows/shell/bind_tcp” (without quotes)
- Now we will recheck all the information provided about our exploit and our payload, we will do it by typing “show options” (without quotes) command again, and it will provide the below output.
Here we can see that by giving “show options” command we get all the given information about both MODULE & PAYLOAD.
- 1 – Windows 200 Service Pack 4
- 2 – Windows Service Pack 1
after that we have to give another command i.e. “set <target number>” (without quotes), where <target number> is the serial number of that target system from the list which we want to use, here we will give <target number> as 1. So here we will use “set target 1” (without quotes) to set Windows 2000 SP4 as our target.
- Now before Exploiting the target let’s check all the information once again, i.e. whetherexploitation we are going in the right direction or not, if not then what we have to change and if yes then we will jump to the next and final step i.e. EXPLOITATION
For checking our track, we will use “info” (without quotes) command:
Here we can see that all the information is correct:
- RHOST is set i.e. our target’s IP address is all set
- RPORT is set to 445 ports
- SMBPIPE is set to SRVSVC
- We have all the information about our payload information.
- And in the description, we can see that it is given that to attack WINDOWS 2000 our SMBPIPE option needs to be set to SRVSVC which we have done it already, which means that we are moving in a right way and we should directly proceed to EXPLOITATION.
- Now our last step would be exploiting and getting into the target system, which we will do by typing “exploit” command without quotes.
After running the Exploit command, you will see the bind handler will start automatically and after some time it will directly land you to the target’s Shell or target’s Command Prompt.
But here my friend you have to have some patience because it will take some time to land you to target’s system because this is Hacking Bro!!!