Introduction To Metasploit | Understanding The Framework | For Beginners

What is Metasploit ?
 

The Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development.It offers tons of tools that range from scanning utilities to easy to launch exploits that include encoders used to bypass common security defenses. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.

Why metasploit is recommended ?

1. metasploit is free and easy to use and one can develop his own exploits,payloads etc & use it with metasploit easily.
2.  It comes with over 690 exploits & which are updated on regular basis(0days also included).
3. We can use diffrent plugins,external tools to improve the productivity of metasploit for example SET(social engineering toolkit), beEF, XSSF, Nexpose , NMAP, W3af etc(we will continue to it in next posts) 

Metasploit Framework

The basic steps for exploiting a system using the Framework include:

1. Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
2. Optionally checking whether the intended target system is susceptible to the chosen exploit;
3. Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server);
4. Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload;
5. Executing the exploit.

This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers and payload writers.

Metasploit Available Versions:
Metasploit is now in version 4.9.3, which is included in our Kali Linux. It's also built into BackTrack. For those of you using some other version of Linux or Unix (including Mac OS), you can download Metasploit from Rapid7's website.

For those of you using Windows, you can also grab it from Rapid7, but I do not recommend running Metasploit in Windows. Although you can download and install it, some of the capabilities of this hacking framework do not translate over to the Windows operating system,
There are several interfaces for Metasploit available. The most popular are maintained by Rapid7 and Strategic Cyber LLC 

Metasploit Framework Edition

The free version. It contains a command line interface, third-party import, manual exploitation and manual brute forcing. This free version of metasploit project also includes Zenmap , a well known ports-scanner and a compiler for Ruby , the language in which this version of metasploit was written

Metasploit Community Edition

In October 2011, Rapid7 released Metasploit Community Edition, a free, web-based user interface for Metasploit. Metasploit Community is based on the commercial functionality of the paid-for editions with a reduced set of features, including network discovery, module browsing and manual exploitation. Metasploit Community is included in the main installer.

Metasploit Express

In April 2010, Rapid7 released Metasploit Express, an open-core commercial edition for security teams who need to verify vulnerabilities. It offers a graphical user interface, integrates nmap for discovery, and adds smart bruteforcing as well as automated evidence collection.

Metasploit Pro

In October 2010, Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers. Metasploit Pro adds onto Metasploit Express with features such as Quick Start Wizards/MetaModules, building and managing social engineering campaigns, web application testing, an advanced Pro Console, dynamic payloads for anti-virus evasion, integration with Nexpose for ad-hoc vulnerability scans, and VPN pivoting.

Working of Metasploit

 

 Basically metasploit works on these 5 things

1. EXPLOIT
2. PAYLOADS
3. AUXILIARY
4. NOPS & ENCODERS

  What is an exploit -

To take advantage of a vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system. Exploits often deliver a payload to the target system to grant the attacker access to the system.

Metasploit currently has over 1613 exploits, organized in different categories like:

• Firefox is a collection of (mostly) remote code execution for this browser.
• Android and Apple's iOs are dedicated to mobile phone.
• Linux, Windows, BSD, Irix, Solaris, … are targeting specific operating systems
• Multi for exploits that aren't tied to a specific platform
•  

What is a payload?
A payload is the piece of software that lets you control a computer system after it’s been exploited. The payload is typically attached to and delivered by the exploit. Just imagine an exploit that carries the payload in its backpack when it breaks into the system and then leaves the backpack there.

Basically payload is the way you want to hack your target.Meterpreter is the most reliable payload & we will use it in most of the cases ahead.

Metasploit currently has over 438 payloads. Some of them are:

• Command shell enables users to run collection scripts or run arbitrary commands against the host.
• Meterpreter enables users to control the screen of a device using VNC and to browse, upload and download files.
• Dynamic payloads enables users to evade anti-virus defenses by generating unique payloads.

What is auxiliary?

Metasploit comes with 358 auxiliary.Basically auxiliary is used for information gathering before exploitation for ex if the machine is vulnerable to an attack or not . Here is video on email extractor auxiliary.

 What are Nops & Encoders?

Metasploit comes with 8nops & 27 encoders these are used to bypass antiviruses/firewall via different techniques


 To start using Metasploit in CLI, open up a terminal, and type “msfconsole”. This brings up the msf > command prompt. Metasploit works by selecting a function defined in various folders such as windows exploits found under the exploit/windows/* folder. You can search the existing catalog of functions using “search” followed by a keyword such as searching RDP with hopes of finding a RDP based exploit. Its almost impossible to guess what exploit would work on a target so the typical use case is using a vulnerability scanner on a target to identify a weakness and matching that to an available exploit in Metasploit.
Type help in msf console to see the list of command available .

Armitage

Armitage is a graphical cyber attack management tool for the Metasploit Project that visualizes targets and recommends exploits. It is a free and open source network security tool notable for its contributions to red team collaboration allowing for shared sessions, data, and communication through a single Metasploit instance.^[11]

Cobalt Strike

Cobalt Strike is a collection of threat emulation tools provided by Strategic Cyber LLC to work with the Metasploit Framework. Cobalt Strike includes all features of Armitage and adds post-exploitation tools, in addition to report generation features.