The Most Popular Pentesting Framework – Metasploit Framework

CyberPunk Information Gathering
The Most Popular Pentesting Framework – Metasploit Framework

Introduction

The Metasploit Framework is an open source Ruby-based penetration testing and development platform, developed by the open source community and Rapid7,  that provides you with access to the huge number of exploits, payloads, shellcodes, encoders, fuzzing tools, and much more.

Metasploit Framework (Rapid7)

Metasploit Framework: The Most Used Penetration Testing Framework

Metasploit Framework can be used to test security vulnerabilities, enumerate networks, execute attacks, and evade detection. It simply helps you to find, exploit, and validate vulnerabilities. If you are a pentester, cybersecurity researcher, tester, programmer or freestyler, the Metasploit Framework is all you need. Can be used for both legitimate and unauthorized activities, but we’re strongly suggest you to behave, and use this awesome pentesting framework to test your systems, help attack prevention and rise cybersecurity awareness.

History:
Metasploit was created as a portable network tool written in Perl, but by 2007 the Metasploit Framework has been completely rewritten in Ruby. In 2009, Metasploit Project has been acquired by Rapid7 (still owned maintained by them).

It contains a fully loaded pentesting toolkit (short explanation):

  • Exploits: An exploit is a method by which the attacker takes advantage of a flaw within a system, service, application etc. Exploits are always accompanied by payloads.
  • Payloads: A payload is the piece of code which is run in the successfully exploited system.
  • Auxiliary: Provides additional functionality such as – fuzzing, DoS attack, scanning, recon, but it doesn’t inject a payload like exploits.
  • Encoders: Obfuscate modules to avoid detection by a protection mechanism such as an antivirus or a firewall. (e.g. backdoor creation).
  • Nops: Prevents payload from crashing while using jump statements in its shellcode.
  • Post-exploitation: A post-exploitation module enables you to gather more information or to gain further access to an exploited target system.
  • Shellcode: Set of instructions that an exploit uses as the payload.

Metaslopit Editions

Rapid7 distributes the commercial and open source versions of Metasploit:

Metasploit Framework
FREE
For developers and security researchers
Metasploit Community
FREE
For students and small companies
Metasploit Pro
PAID
For penetration testers and IT security teams

There are also more commercial editions: Metasploit Express and Nexpose Ultimate.

Metasploit Framework Main Features:

  • Penetration testing framework with more than 1800 exploits.
  • It has 1000+ auxillary modules, 300+ post-exploitation modules, 500+payloads, a lot of encoders and nops.
  • Metasploit has a meterpreter module, an advanced, dynamically extensible payload (see bellow).
  • Command-line interface (mfsconsole – see bellow), manual exploitation, manual credentials brute forcing, and much more.

Metasploit Pro Features:

  • Web Interface & Metasploit Pro console (create and manage projects, scan and enumerate hosts, import and export data, configure and run modules, run automated exploits, view information about hosts, collect evidence from exploited systems, etc.).
  • Team collaboration capabilities  (share host data, view collected evidence, create host notes, divide pentest into multiple parts, assign members a specific network segment to test, etc.).
  • It runs the following services: PostgreSQL (database), Ruby on Rails (Metasploit Pro Web Interface), Metasploit service, bootstraps Rails, the Metasploit Framework, and the Metasploit RPC server.
  • Penetration testing workflow with smaller and more manageable tasks and database exploit through a web based user interface.
  • Web app testing for OWASP Top 10 vulnerabilities, phishing awareness management and spear phishing, and much more.

If you want to see comparative features of the different editions, visit Metasploit features page.

mfsconsole

MSFconsole provides a command line interface to access and work with the Metasploit Framework. The MSFconsole is the most popular interface to work with the Metasploit Framework. The console lets you do things like scan targets, exploit vulnerabilities, and collect data.

meterpreter

Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more.

Metasploit Framework Install

It comes preinstalled in Kali Linux & ParrotOS.

Supported Platforms:

  • Linux, Windows, and OS X.

Requirements:

  • Obtain Administrator Privileges (You must have administrator privileges on the systemto run Metasploit)
  • Disable Anti-virus Software (It detects the framework as malicious and may cause problems with the installation)
  • Disable Firewalls (Local firewalls/Windows Firewall, may interfere with exploits and payloads)

Windows:

  • Download the Windows Installer.
  • Double-click the installer icon to start the installation process
  • Follow the installation instructions

To lunch mfsconsole, run the following:

$ msfconsole.bat

Linux & OS X:

Open the terminal and run the following:

$ curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
  chmod 755 msfinstall && \
  ./msfinstall

After installation start mfsconsole as follows:

$ ./msfconsole

Then type y or yes  to create the initial database. You should now see:

 ** Metasploit Framework Initial Setup Complete **

                                                  

                                   .,,.                  .
                                .\$$$L..,,==aaccaacc%#s$b.       d8,    d8P
                     d8P        #$$$$$$$$$$$$$$b.    `BP  d888888p
                  d888888P      '7$$\""""''^^`` .7$$|D*"'```         ?88'
  d8bd8b.d8p d8888b ?88' d888b8b            _.os#$|8*"`   d8P       ?8b  88P
  88P`?P'?P d8b_,dP 88P d8P' ?88       .oaS###S*"`       d8P d8888b $whi?88b 88b
 d88  d8 ?8 88b     88b 88b  ,88b .osS$$*" ?88,.d88b, d88 d8P' ?88 88P `?8b
d88' d88b 8b`?8888P'`?8b`?88P'.aS$$Q*"`    `?88'  ?88 ?88 88b  d88 d88
                          .a#$$$"`          88b  d8P  88b`?8888P'
                       ,s$$$$"`             888888P'   88n      _.,,,ass;:
                    .a$$$$P`               d88P'    .,.ass%#S$$$$$$$'
                 .a$###$$P`           _.,,-aqsc#SS$$$$$$$$$$$$$'
              ,a$###$P`  _.,-ass#S$$$$$$$$$$$$$$$$####SSSS'
           .a$$$$$SSS$$$$$$$$$$$$$$SS##==--""''^^/$$$'
_______________________________________________________________   ,&$$$'_____
                                                                 ll&&$$'
                                                              .;;lll&&&&'
                                                            ...;;lllll&'
                                                          ......;;;llll;;;....
                                                           ` ......;;;;... .  .


       =[ metasploit v4.17.18-dev-                        ]
+ -- --=[ 1818 exploits - 1029 auxiliary - 315 post       ]
+ -- --=[ 539 payloads - 42 encoders - 10 nops            ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

To read Metasploit Framework wiki, click the documentation button bellow.

Documentation Box
Download Box
ExploitlinuxOS XVulnerability ScanningWindows