Module_4

MODULE 4



Identifying the correct Exploit to Execute



Modules in Metasploit

Modules are the core components of the Metasploit Framework. A module is a piece of
software that can perform a specific action, such as exploitation, fuzzing, and scanning. Each
task that can be performed with the Metasploit Framework is defined within a module.

You can locate modules that are available in the following directory:

<installation directory>/metasploit/msf3/modules.

The modules are categorized by type and then by protocol. For example, you can find FTP
fuzzers in the following location:

<installation directory>/metasploit/msf3/modules/auxiliary/fuzzers/ftp.

Depending on the purpose of the module and the type of action that the module performs,
there are a few types of modules:

The following are module types that are available in the Metasploit Framework:

Exploit
Auxiliary
Post-Exploitation
Payload
NOP Generator
Payload encoder



Exploit Modules

An exploit module executes a sequence of commands to target a specific vulnerability found in
a system or application. It takes advantage of a vulnerability to provide the attacker with access
to the target system. Exploit modules include code injection, buffer overflow, and web
application exploits.

Defined as modules that use payloads

An exploit without a payload is an Auxiliary module



Auxiliary Modules

An auxiliary module does not execute a payload and perform arbitrary actions that may not be
related to exploitation. Examples of auxiliary modules include fuzzers, scanners, and denial of
service attacks.



Post-Exploitation Modules

A post-exploitation module enables you to gather more information or to gain further access to

an exploited target system. Examples of these include hash dumps and application and service
enumerators.



Payloads

A payload is the shell code that runs after an exploit successfully comprises a system. The
payload allows you to define how you want to connect to the shell and what you want to do to
the target system after you take control of it. A payload can open a Meterpreter or command
shell. Meterpreter is an advanced payload that enables you to write DLL files to dynamically
create new features as you need them. It consists of code that runs remotely



NOP generator

A NOP generator produces a series of random bytes that you can use to bypass standard IDS
and IPS NOP sled signatures. Use NOP generators to pad buffers.

Nops keep the payload sizes consistent.



Payload Encoders

A payload encoder enables you to evade IDS and IPS signatures that are looking for specific
bytes of a payload. Encoders ensure that payloads make it to their destination.



Interfaces of Metasploit

Metasploit offers more than one interface to its underlying functionality, including console,
command line, and graphical interfaces. In addition to these interfaces, utilities provide direct
access to functions that are normally internal to the Metasploit Framework. These utilities can
be invaluable for exploit development and situations for which you do not need the flexibility of
the entire Framework.

1. MSFConsole :This is the main interface we use throughout this document.
Open terminal and type: msfconsole. You may get a window like the below screenshot.





Msfconsole eases all our tasks compared to other interfaces.I will explain all the
commands which we can use in msfconsole interface in the metasploit basics chapter.



2. MSFCLI

This is an example of the useage of msfcli interface. More importance is given to
scripting and interpretability. It directly runs command line. It is a fantastic tool when
you know the exact exploit and payload.
Usage: open
1.Terminal—msfcli -h

2.msfcli windows/smb/ms08_067_netapi O
It displays various options

3.msfcli windows/smb/ms08_067_netapi RHOST=192.168.217.131 P
RHOST is the remote host. We should type the victim's IP address P- Payloads

4.msfcli windows/smb/ms08_067_netapi RHOST=192.168.217.131
PAYLOAD=windows/shell/bind_tcp E
This will exploit the Windows XP PC and we will get a shell.

ARMITAGE

Developed by Raphel Mudge, Armitage is the graphical GUI version for Metasploit. This
interface is highly impressive, feature rich, and available for free. We won’t be covering much
armitage in depth, but it is definitely worth mentioning as something to explore. In Armitage
we can open more than one terminal and search our exploits either GUI or CUI at the same

time.

Best Features available in Armitage:

Graphical User Interface (GUI)
Automatically recommend exploits
Exploit Browsing/ Custom Exploit
Exposes Metasploit’s SOCKS proxy

Armitage is already pre-installed in all Kali Linux versions. To launch Armitage, run the
command “armitage“. During startup, select Start MSF, which will allow Armitage to connect to
your Metasploit instance.

To start Armitage in Kali Linux, just type armitage in a terminal or click the icon


Then, you will get pop-up windows. Click “Connect” and “Yes”

If everything goes well, you should see the following GUI interface of Armitage.

Click on the “Hosts” tab and then click on “Add Hosts”

In the pop-up Window, type the IP address of the Metasploitable2-Linux machine. Then, click
“add”



After you add the Metasploitable2 Linux as a target host, right click the host entry and select
“Scan”. This will scan the host and identify its vulnerabilities.

Before you can attack, you must choose your weapon. Armitage makes this process easy. Select
“Attacks” table and then click on “Find Attacks” to generate a custom Attack menu for the host.

Next, we will use the vulnerability, Vsftpd backdoor, mentioned to launch an attack. Right click
on the target host, select “Attack” -> “fpt” -> “vsftpd_234_backdoor”.

Select “Use a reverse connection” and press “Launch”

The console in Armitage shows the exploitation is successfully launched.



Right Click on the host entry and select “Shell 1” -> “Interact”

A new tab with the shell will open in the area below. I have typed commands “whoami” and
“uname –a” to show you that I have indeed successfully exploited the host.



References:

Metasploit Pro Console User Guide Release 4.6

https://www.scribd.com/document/226981104/ProConsole-4-6

Metasploit Guide

https://www.scribd.com/document/282604965/Met-as-Ploit-Guide

Armitage – In Dept Windows Exploitation (GUI) 2017
https://www.yeahhub.com/armitage-in-depth-windows-exploitation-gui-2017/