If we want to develop a Exploit code against a remote target machines then the best known tool for this is MetaSploit Framework

METASPLOIT

Metasploit is nothing but a Framework and Framework means collection of objects and we call them as Modules.

Metasploit Framework includes lot of Framework codes. So having only information about vulnerabilities is not enough & to hack a machine we need exploit codes.

For example :-

Knowing only about vulnerability ms08_067 is not enough

So we need to find exploit code for that vulnerability

This is the website to find exploit codes :- https://www.exploit-db.com/

Modules in Metasploit Framework are :-

Exploits :- Collection of codes . there are 1000’s of exploits in metasploit
Framework.
Payloads:- It is generally what you want to do inside target machine. More
Than 500’s of payloads available in MF.
Auxiliary :- Dangerous exploits are placed in this module.
Encoders :-To bypass security Mechanisms.
Nops :- No operations like skipping the section.
Post :- after having hacked the machine and you want to do beyond
yourPayload we use this.

Whatever are there in Metasploit Framework we can use them by using some commands.

Here, in the diagram you can see the Modules and all the useful commands

There are some useful options and they are:-

RHOST => VICTIM IP

RPORT => VICTIM PORT

LHOST => ATTACKER IP

LPORT => ATTACKER PORT

SRVHOST => ATTACKER IP or 0.0.0.0

SRVPORT => ATTACKER PORT

URIPATH => /

Now we’re going to see how to use these commands with examples:-

1. search Command Usage:

We can use “search” command to search for modules matching with the keyword we give.

Syntax:

search

Example:

search vlc
search chrome
search java
search windows
search ms08_167

2. info Command Usage:

We can use “info” command to get information about any module.

Syntax:

info

Example:

info post/smart_migrate
info payload/linux/x86/shell_reverse_tcp
info exploit/windows/smb/ms08_067_netapi

3. exploit Command Usage:

We can use “exploit” command to run any configured exploit on the target

Syntax:

exploit
exploit –j => to run as job for multi sessions
exploit –z => do not connect to session immediately(you have to take control manually)

Example:

exploit –j
exploit –z

4. use Command Usage:

We can use “use” command to select any module which we want to use.

Syntax:

use

Example:

use post/smart_migrate
use payload/linux/x86/shell_reverse_tcp
use auxiliary/scanner/windows/rdp/ms12_100_maxchannelids

5. set Command Usage:

We can use “set” command to set custom options which are required for our selected module

Syntax:

set

Example:

set RHOST 192.168.0.1 set FILENAME file.exe set SESSION 1 set URIPATH /

6. unset Command Usage:

We can use “unset” command to remove custom options which are already set for the selected module

Syntax:

unset

Example:

unset RHOST unset FILENAME unset URIPATH

7. show Command Usage:

We can use “show” command to see the options for any module, or we can list out the available objects in modules

Syntax:

show option

Example:

show exploits => will show available exploits in exploits module 
show payloads => will show available payloads in payloads module 
show auxiliary => will show available auxiliaries in auxiliary module 
show post => will show available posts in post module 
show nops => will show available nops in nops module 
show encoders=> will show available encoders in encoders module 
show options => will show available options for the selected modules

8. kill Command Usage:

We can use “kill” command to terminate an existing session.

Syntax:

kill

Example:

kill 1 kill 51 kill 698

9. jobs Command Usage:

We can use “jobs” command to list out available exploit jobs in our attacker machine.

Syntax:

jobs –l => lists out all jobs 
jobs –i => will give info about that job 
jobs –k => to kill given job 
jobs –K => to kill all available jobs

Example:

jobs –l jobs –i 1 jobs –k 1 jobs –K

10. sessions Command Usage:

We can use “sessions” command to list out as well as take control the sessions we have in our Metasploit Framework Console.

Syntax:

sessions –l => To list out available sessions 
sessions –i => To interact with selected session

Example:

sessions –l sessions –i 2

Hope you enjoyed reading this article!

Thank You…

LEAVE A REPLY

Please enter your comment!
Please enter your name here