KL_Module_1

MODULE 1

Understanding the Concepts of Exploits

INTRODUCTION OF KALI LINUX
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration
testing. Offensive Security Ltd maintains and funds it. The core developers are Mati Aharoni,
Devon Kearns and Raphaël Hertzog.
Darren Rainey, who has more than four years of information systems security experience and
currently teaches ethical hacking basics, says that “the Offensive Security team took the best
out of BackTrack, deprecated some of its features, and introduced other better features to give
Kali Linux its modern power and robustness.”
Kali Linux is preinstalled with over 600 penetration-testing programs, including nmap (a port
scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), Aircrack-ng (a
software suite for penetration-testing wireless LANs), Burp suite and OWASP ZAP (both web
application security scanners). It can run inherently when installed on a computer’s hard disk or
it can be booted from a live CD or live USB, or it can run within a virtual machine. It is a
supported platform of the Metasploit Framework, a tool for developing and executing security
exploits.

INSTALLING OF KALI LINUX IN VMWARE
Generally, Kali Linux can be installed in a machine as an Operating System, as a virtual machine
which we will discuss in the following section. Installing Kali Linux is a more efficient option as it
provides more options to work and combine the tools. You can also create a live boot CD or
USB. All this can be found in the following link: https://www.kali.org/downloads/
BackTrack was the old version of Kali Linux distribution. The latest release is Kali 2016.1. It is
updated often.

To install Kali Linux:

• First, download the Virtual box and install it.
• Later, download and install Kali Linux distribution.

Download and Install the Virtual Box

A Virtual Box is particularly useful when you want to test something on Kali Linux that you are
unsure of. Running Kali Linux on a Virtual Box is safer in case you want to experiment with
unknown packages or when you want to test a code.

With the assistance of a Virtual Box, you can install Kali Linux on your system alongside your
primary OS which can MAC or Windows or another flavor of Linux. However, you cannot install
it directly in your hard disk.

Let’s understand how you can download and install the Virtual Box on your system.

Step 1: To download, go to https://www.virtualbox.org/wiki/Downloads. Depending on your
operating system, select the right package. In this case, it will be the first one for Windows as
shown in the following screenshot.

Step 2: Click Next.

Step 3: The next page will give you options to choose the location where you want to install
the application. In this case, let us leave it as default and click Next.

Step 4: Click Next and the Custom Setup dialog pops up. Select the features you want to be
installed and click Next.

Step 5: Click Yes to proceed with the installation.

Step 6: The Ready to Install screen pops up. Click Install.
Step 7: Click the Finish button.

The Virtual Box application will now open as shown in the following screenshot. Now, we can
install the rest of the hosts for this manual. This is also recommended for professional use.

Now that we have successfully installed the Virtual Box, let’s move on to the next step and
install Kali Linux.

Step 1: Download the Kali Linux package from its official site:
https://www.kali.org/downloads/

Step 2: Click VirtualBox -> New as shown in the following screenshot.

Step 3: Choose the right virtual hard disk file and click Open.

Step 4: The following screenshot pops up. Click the Create button.
Step 5: Start Kali OS. The default username is root and the password is toor.

Update Kali

It is important to keep updating Kali Linux and its tools to the latest versions, to remain
functional. Following are the steps to update Kali.
Step 1: Go to Application -> Terminal. type “apt-get update” and the update will take place as
shown in the following screenshot.

Step 2: Now to upgrade the tools, type “apt-get upgrade” and the new packages will be
downloaded.

Step 3: It will ask if you want to continue. Type “Y” and “Enter”.
Step 4: To upgrade to a newer version of Operating System, type “apt-get dist-upgrade”.
INSTALLING METASPPLOIT

In this section, we will set up another testing machine to perform the tests with the help of
tools of Kali Linux.
Step 1: Download Metasploitable, which is a Linux machine. It can be downloaded from the
official webpage of Rapid7: https://information.rapid7.com/metasploitable-
download.html?LS=1631875&CS=web

Step 2: Register by supplying your details. After filling the above form, we can download the
software.

Step 3: Click VirtualBox -> New.

Step 4: Click “Use an existing virtual hard disk file”. Browse the file where you have
downloaded Metasploitable and click Open.

Step 5: A screen to create a virtual machine pops up. Click “Create”.

The default username is msfadmin and the password is msfadmin.

METASPLOIT FRAMEWORK

The Metasploit Framework is an open source penetration testing and development platform
that provides exploits for a variety of applications, operating systems and platforms.

Metasploit is one of the most commonly used penetration testing tools. It comes built-in to Kali
Linux.

In 2003, Metasploit was created by H. D. Moore as a portable network tool using Perl. By 2007,
the Metasploit Framework had been completely rewritten in Ruby. The Metasploit Project
announced on October 21, 2009 that it had been acquired by Rapid7, a security company that
provides unified vulnerability management solutions.

METASPLOIT ARCHITECHURE

Filesystem and Libraries
The MSF filesystem is laid out in an intuitive manner and is organized by directory

• lib: the 'meat' of the framework code base
• data: editable files used by Metasploit
• tools: various useful command-line utilities
• modules: the actual MSF modules
• plugins: plugins that can be loaded at run-time
• scripts: Meterpreter and other scripts
• external: source code and third-party libraries

Libraries

At the core of the Metasploit Framework are a set of libraries. These libraries contain a set of
classes and utilities that manage the various parts of the Metasploit Framework, such as
modules, plugins, and interfaces.

Rex

The Rex library, or Ruby Extension Library, is the most fundamental component of the
Metasploit Framework. It contains the necessary components to perform most of the basic
tasks in the Metasploit Framework. Some examples of components that the Rex library
provides include a wrapper socket subsystem, protocol clients and servers, exploit utility
classes, and a logging system.

• The basic library for most tasks
• Handles sockets, protocols, text transformations, and others
• SSL, SMB, HTTP, XOR, Base64, Unicode

Msf::Core

The Core library, or msfcore, enables exploits, sessions, and plugins to interact with the different
interfaces.

• Provides the ‘Basic’ API
• Define the metasploit Framework

Msf::Base

The Base library, or msfbase, provides wrapper routines and utility classes that you can use to
easily work with the Core library.

• Provide the ‘frendily’ API
• Provide simplified APIs for use in the framework

Interfaces

There are a few interfaces that you can use to access and utilize the functionality of the
Metasploit Framework. These interfaces include a console, command line, and graphical user
interface.

MSFconsole

The console interface, also known as msfconsole, provides an easy and interactive way to
access the features and options within the Metasploit Framework. It is the most commonly
used interface to perform exploitation tasks, such as execute an exploit, define payloads,
enumerate systems, and create listeners. To run msfconsole on Linux, open a terminal and
enter msfconsole.

To run msfconsole on Windows, select Start > All Programs > Metasploit > Framework >
Framework Console.

MODULES AND LOCATIONS

Modules are the core components of the Metasploit Framework. It is a piece of software that
can perform a specific action, such as exploitation, fuzzing, and scanning. Each task that you can
perform with the Metasploit Framework is defined within a module.

You can locate modules that are available in the following directory: <installation
directory>/metasploit/msf3/modules.

The modules are categorized by type and then by protocol. For example, you can find FTP
fuzzers in the following location: <installation
directory>/metasploit/msf3/modules/auxiliary/fuzzers/ftp.

There are a few types of modules. The type of module depends on the purpose of the module
and the type of action that the module performs.

The following are module types that are available in the Metasploit Framework:

• Exploit
• Auxiliary
• Post-Exploitation
• Payload
• NOP Generator
• Payload encoder

Exploit Modules

An exploit module executes a sequence of commands to target a specific vulnerability found in
a system or application. It takes advantage of a vulnerability to provide the attacker with access

to the target system. Exploit modules include buffer overflow, code injection, and web
application exploits.

• Defined as modules that use payloads
• An exploit without a payload is an Auxiliary module

Auxiliary Modules
An auxiliary module does not execute a payload and perform arbitrary actions that may not be
related to exploitation. Some Examples of auxiliary modules are scanners, fuzzers, and denial of
service attacks.

Post-Exploitation Modules
A post-exploitation module enables you to gather more information or to gain further access to
an exploited target system. Some examples of post-exploitation modules are hash dumps and
application and service enumerators.

Payloads
A payload is the shell code that runs after an exploit successfully comprises a system. The
payload enables you to define how you want to connect to the shell and what you want to do
to the target system after you take control of it. A payload can open a Meterpreter or
command shell. Meterpreter is an advanced payload that allows you to write DLL files to
dynamically create new features as you need them.

NOP generator
A NOP generator produces a series of random bytes that you can use to bypass standard IDS
and IPS NOP sled signatures. Use NOP generators to pad buffers. NOPs keep the payload sizes
consistent.

Payload Encoders
A payload encoder enables you to evade IDS and IPS signatures that are looking for specific
bytes of a payload. Encoders ensure that payloads make it to their destination.

References

• Kali Linux Tutorial
https://www.scribd.com/document/354356354/Kali-Linux-Tutorial

• Metasploit Pro Console User Guide
https://www.scribd.com/document/226981104/ProConsole-4-6

• MSF User Guide 4.2.0
https://www.scribd.com/document/83024927/MSF-UserGuide-4-2-0