Using the METASPLOIT framework for pentesting
In this post I will be showing you how to perform basic hacking using the Metasploit framework.
Metasploit is a penetration testing software that provides information about security vulnerabilities which aids in penetration testing.
We will be attacking a virtual machine (VM) called Metasploitable Linux. Metasploitable is an intentionally vulnerable Linux virtual machine.
This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.
CAUTION: It is important to note that these exploits should in no way be attempted on any production environment without executive permission.
So lets start.....
Things needed
- Virtual Machine. Preferably VMware https://www.vmware.com/products/workstation-pro/workstation-pro-evaluation.html
- Metasploitable. A deliberately vulnerable Linux https://sourceforge.net/projects/metasploitable/
- Kali Linux https://www.kali.org/downloads/
Setting up out Target Operating system
1. Download Metasploitable from the following link:
https://sourceforge.net/projects/metasploitable/
2. It is assumed that VMWARE is already installed. Please note that the Metasploitable linux is only designed to work on a virtual machine.
3. The Metaspolitable linux is a zipped file which is ready to use straightaway. Just unzip.
4. Open the Metasploitable.vmx file. This will launch the virtual machine
5. Power on the virtual machine
6. The credentials of the OS is as follows
Login: msfadmin
Password: msfadmin
7. To commence our attack, we need to know the IP address of the target virtual machine.
type the following command
ifconfig
This will echo the target machines IP address.
Note it down.
For the training, the IP address of my target is 192.168.12.132
8. Its time to startup our Kali linux. Load and start the virtual machine
9. Open a Terminal as located in the screenshot below
10. Its important that we run a reconnaissance on the target machine. This is to identify the Operating system and running services that are exploitable. We will use NMAP to perform this .
So what really is Nmap?
NMAP is a network scanning and host detection tool that is very useful during several steps of penetration testing. It is also a powerful utility that finds use as a vulnerability detector or a security scanner.
It is used to Detect the following:
11. Type the following in your terminal
nmap -sV 192.168.12.132
12. From the NMAP screenshot above, the output provided us with detailed information about the following:
Our objective is to now exploit them one by one.
12. Open a new terminal. We will use this terminal to launch Metasploit framework
13. Type the following commmand in your new terminal
msfconsole
you will know metasploit is ready when you are provided with a msf prompt
Note: Metasploit has a database of exploits that have to be updated regularly.
13. Now we will go back to the NMAP scan we did earlier and test all services opened for any possible vulnerability.
14. Our first services scanned is VSFTPD on port 21.
VSFTPD stands for "very secure FTP daemon". It’s a lightweight,stable and secure FTP server.
Lets attempt to exploit it with metasploit
15. We now need to search for any possible exploit that has been cataloged for the open service VSFTPD.
Type the following command in the msf shell
search vsftp
From the screenshot above, we have an exploit available with an excellent ranking. Lets exploit.....
16. Load the exploit in the msf shell with the following command:
use exploit/unix/ftp/vsftpd_234_backdoor
Before we start, its important to confirm if the exploit is compatible with the target machine.
to do this we need to check the full description of the exploit with the "info command".
17. In the vsftpd_234_backdoor prompt, type the following command:
info
The "Basic Option" in the info list indicated the various inputs required for the expolit to work.
The "Description" is also a very important information that should be checked out.
Our target machine seems to be compatible with the exploit so lets go ahead to exploit...
18. To commence exploit we need to see the input options required for the exploit to be successfully carried out.
Type the following command:
show options
From the screenshot, RHOST and RPORT are the two options we require. 21 is set as the current value for RPORT(Recall the is the port number tied to the service when we did the NMAP scan).
We are now going to set the value for RHOST and run the exploit.
19. We need to set the RHOST. RHOST means Remote Host. This is our target machine, the Metasploitable Linux which has an ip address of 192.168.12.132.
Type the following command
set RHOST 192.168.12.132
20. We have now provided all the required inputs.Type the following command to run the exploit
exploit
21. So what can we now do after a successfull expolit?
Lets see which user we are connected to on the Target victim machine
Type the following command to know which account you are connected to in the target machine
whoami
Also type this command also to ascertain which directory you are working from
pwd
From the Screenshot above you can see that we have connected as the Super account (root) in the machine. I do not need to say more on this account.
We are also working from the root directory "/". The root directory is a very critical directory that has to be well protected.
22. Let us list the directory of the target machine by using the command
ls
23. Now lets create our own personal directory called YOU_HAVE_BEEN_HACKED by typing the following command
mkdir YOU_HAVE_BEEN_HACKED
24. Run the ls command again to see if the directory now exist.
25. Now go to the target VM and run the command there to see if it has actually been created in the target machine. from my screenshot below it is evident it has
26. We can also go ahead to add files to the folder created if we want to. And the alarming thing there is that it is done with the root account (super user) and also executed in the root directory (sensitive directory)
These are very dangerous hacks if done on a production enviroment
27. To Terminate your backdoor session simply type
ctrl+c
28. To go back to metasploit prompt msf> simply type the command
back
29. Should you need to check your database for updates, you can simply use the following command:
msfupdate
And that's how to use Metasploit to hack vulnerable servers.
The steps we followed for the attack on VSFTPD service can also be used for the rest of the services detected during our NMAP scan.
I will indulge you to check out the rest of the services and see if they can also be hacked
Discalimer:
A deliberately vulnerable virtual machine is available for you to try your hacking skills on
Please hack safely and note:
IT IS A CRIME TO HACK A SYSTEM THAT YOU DO NOT HAVE PERMISSION TO ACCESS!!!!!!!!!!!
References
https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/
https://pentestlab.blog/2012/03/13/msfconsole-commands-cheat-sheet/
Metasploit logo from
https://www.hackers-arise.com/single-post/2017/01/30/Metasploit-Part-2-Metasploit-Module-Types
1. Download Metasploitable from the following link:
https://sourceforge.net/projects/metasploitable/
2. It is assumed that VMWARE is already installed. Please note that the Metasploitable linux is only designed to work on a virtual machine.
3. The Metaspolitable linux is a zipped file which is ready to use straightaway. Just unzip.
4. Open the Metasploitable.vmx file. This will launch the virtual machine
5. Power on the virtual machine
6. The credentials of the OS is as follows
Login: msfadmin
Password: msfadmin
7. To commence our attack, we need to know the IP address of the target virtual machine.
type the following command
ifconfig
This will echo the target machines IP address.
Note it down.
For the training, the IP address of my target is 192.168.12.132
8. Its time to startup our Kali linux. Load and start the virtual machine
9. Open a Terminal as located in the screenshot below
10. Its important that we run a reconnaissance on the target machine. This is to identify the Operating system and running services that are exploitable. We will use NMAP to perform this .
So what really is Nmap?
NMAP is a network scanning and host detection tool that is very useful during several steps of penetration testing. It is also a powerful utility that finds use as a vulnerability detector or a security scanner.
It is used to Detect the following:
- Live host on the network.
- Open ports on the host.
- Software and the version to the respective port.
- Operating system, hardware address, and the software version.
11. Type the following in your terminal
nmap -sV 192.168.12.132
12. From the NMAP screenshot above, the output provided us with detailed information about the following:
- Open ports,
- Available services and their version running on the target machine.
Our objective is to now exploit them one by one.
12. Open a new terminal. We will use this terminal to launch Metasploit framework
13. Type the following commmand in your new terminal
msfconsole
you will know metasploit is ready when you are provided with a msf prompt
Note: Metasploit has a database of exploits that have to be updated regularly.
13. Now we will go back to the NMAP scan we did earlier and test all services opened for any possible vulnerability.
14. Our first services scanned is VSFTPD on port 21.
VSFTPD stands for "very secure FTP daemon". It’s a lightweight,stable and secure FTP server.
Lets attempt to exploit it with metasploit
15. We now need to search for any possible exploit that has been cataloged for the open service VSFTPD.
Type the following command in the msf shell
search vsftp
From the screenshot above, we have an exploit available with an excellent ranking. Lets exploit.....
16. Load the exploit in the msf shell with the following command:
use exploit/unix/ftp/vsftpd_234_backdoor
Before we start, its important to confirm if the exploit is compatible with the target machine.
to do this we need to check the full description of the exploit with the "info command".
17. In the vsftpd_234_backdoor prompt, type the following command:
info
The "Basic Option" in the info list indicated the various inputs required for the expolit to work.
The "Description" is also a very important information that should be checked out.
Our target machine seems to be compatible with the exploit so lets go ahead to exploit...
18. To commence exploit we need to see the input options required for the exploit to be successfully carried out.
Type the following command:
show options
From the screenshot, RHOST and RPORT are the two options we require. 21 is set as the current value for RPORT(Recall the is the port number tied to the service when we did the NMAP scan).
We are now going to set the value for RHOST and run the exploit.
19. We need to set the RHOST. RHOST means Remote Host. This is our target machine, the Metasploitable Linux which has an ip address of 192.168.12.132.
Type the following command
set RHOST 192.168.12.132
20. We have now provided all the required inputs.Type the following command to run the exploit
exploit
21. So what can we now do after a successfull expolit?
Lets see which user we are connected to on the Target victim machine
Type the following command to know which account you are connected to in the target machine
whoami
Also type this command also to ascertain which directory you are working from
pwd
From the Screenshot above you can see that we have connected as the Super account (root) in the machine. I do not need to say more on this account.
We are also working from the root directory "/". The root directory is a very critical directory that has to be well protected.
22. Let us list the directory of the target machine by using the command
ls
23. Now lets create our own personal directory called YOU_HAVE_BEEN_HACKED by typing the following command
mkdir YOU_HAVE_BEEN_HACKED
24. Run the ls command again to see if the directory now exist.
25. Now go to the target VM and run the command there to see if it has actually been created in the target machine. from my screenshot below it is evident it has
26. We can also go ahead to add files to the folder created if we want to. And the alarming thing there is that it is done with the root account (super user) and also executed in the root directory (sensitive directory)
These are very dangerous hacks if done on a production enviroment
27. To Terminate your backdoor session simply type
ctrl+c
28. To go back to metasploit prompt msf> simply type the command
back
29. Should you need to check your database for updates, you can simply use the following command:
msfupdate
And that's how to use Metasploit to hack vulnerable servers.
The steps we followed for the attack on VSFTPD service can also be used for the rest of the services detected during our NMAP scan.
I will indulge you to check out the rest of the services and see if they can also be hacked
Discalimer:
A deliberately vulnerable virtual machine is available for you to try your hacking skills on
Please hack safely and note:
IT IS A CRIME TO HACK A SYSTEM THAT YOU DO NOT HAVE PERMISSION TO ACCESS!!!!!!!!!!!
References
https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/
https://pentestlab.blog/2012/03/13/msfconsole-commands-cheat-sheet/
Metasploit logo from
https://www.hackers-arise.com/single-post/2017/01/30/Metasploit-Part-2-Metasploit-Module-Types
Comments
Post a Comment