Metasploit Community Unleashed
Background
Metasploit Community Edition is a free subset of the paid versions of Metasploit available from Rapid 7. It is initendied to simplify network discovery and vulnerability verification.
Further information about this excellent project can be obtained at: http://www.rapid7.com/products/metasploit-community.jsp
To install Metasploit Community on Backtrack, simply type apt-get install Metasploit at a shell prompt. The wizards at backtrack-linux made the install seamless.
Once the install is complete, start the Metasploit web interface, by selecting the Backtrack Miscellaneous menu or /opt/metasploit/ctlscript.sh start. Metasploit Community Edition runs as a ssl web application on port 3790. On first run, you must license your copy with Rapid 7 and create a user.
Metasploit Community Edition Scanning
Begin by creating a new project and filling in the project name, description and network range. On the new workspace select the scan button. Enter the IP address or range to scan. Selecting Show Advanced Options allows fine grained tuning of the scan details including adding specific nmap scanning options. exclusions and timing options.
Once the scan is completed, the analysis section can be used to sort the discovered devices.
Clicking on Hosts will provide a summary of what was found.
You can also import scans from a variety of different vulnerability scanners. Metaspolit Community Edition will parse through the vulnerabilities and display the relevant Metasploit modules.
To run Metasploit modules against discovered devices, check zero or more devices in the Anlysis section and click on the Modules icon, or select the Modules section.
Search the modules to find the Metasploit module to run. Search keywords can be used as shown in the example for smb version scanning.
Depending on the module selected, extra options may need to be provided.
Exploiting
Select services and we cam see that one of our targets is running Windows XP SP2 so we will attempt to run the exploit for MS08-067 against it.
In the analysis section, select the XP machine and click on Modules and search for ms08-067. By default, a Meterpreter TCP connection will be used as the payload.
After a succesful exploit click on session and then click on the new session. Several ways are available to interact with the system including shells, file browsing and the numerous Post Exploitation Modules available in Metasploit.
Have Fun and consider making a donation to Hackers for Charity http://www.offensive-security.com/metasploit-unleashed/Donate
No comments:
Post a Comment