Impact
Site Admin Joined: 01 May 2004 Posts: 3255 Location: Pinecrest, FL	Posted: Wed Aug 04, 2004 2:56 pm    Post subject: Metasploit Project :: A Brief Intro   A few days ago we posted a news article about the new version of the Metasploit Project coming out in the near future. In this article, we take you on a test drive of the current version (2.1), so you can be ready for 2.2. As with any tutorial, we start with getting the product in question. Go ahead and download the Metasploit Project 2.1 Framework from: http://www.metasploit.com/projects/Framework/downloads.html Grab the appropriate version for your operating system and install it. Installation directions can be found on the Metasploit website. For this tutorial, I will be using Windows as my attacking box. Once inside the tool, every command should be identical, so following along shouldn't be a problem. Once Metasploit is installed, open up a console version. In windows, I opened MSFConsole from the Metasploit entry in my Start --> Programs menu. If all goes well, you should see a Metasploit logo and a quick intro on how many exploits and payloads are available. Mine had 21 and 27 respectively: Instinctively, typing 'help' at the command line will provide you with the possible commands. It also lists the basic function of each of the commands. Let's go ahead and find out what those 21 exploits that we can use are. To do this, use the simple command 'show exploits'. Metasploit will spit out the name of each exploit and again, a short description of the exploit. With the same 'show' command, we can also list the payloads available. Use a 'show payloads' to list the payloads. Quote: Note: There are some more payloads above the cut off for my screenshot. If you want specific information on an exploit or payload, you are able to use the 'info' command. For our purposes, lets get some extra info on the msrpc_dcom_ms03_026 exploit. To do this, just type 'info exploit msrpc_dcom_ms03_026'. You should see a screen with additional info about the exploit. Next, let's find a payload to use. To get additional information on a payload, use the same command as above (info <type> <name>). I chose to get info on 'winbind' using the command 'info payload winbind'. Now to get to the good part, setting settings and using the exploit. First, we need to tell Metasploit which exploit we plan to use. To do this, simply type 'use msrpc_dcom_ms03_026'. You should see your shell prompt change from 'msf' to 'msf msrpc_dcom_ms03_026'. This tells us we are in a temporary environment (the MSRPC exploit environment). Let's get some data about what we need to have a successful attack. Use the command 'show options' to get a list of the options you are able to set and need to set. Metasploit tells us we need two settings for this exploit: RHOST and RPORT. RHOST tells Metasploit what Remote Host to attack and RPORT is what port on the remote computer to connect to. RPORT is set to default to 135, so leave that alone; however, the RHOST is blank. To change a setting in Metasploit you use the 'set' command. I am going to set my RHOST value to 192.168.1.97 (my laptop, the computer I'll be attacking). To do this, I type 'set RHOST 192.168.1.97'. You should see a 'RHOST -> 192.168.1.97' appear confirming the value you set. If you ever set the wrong value, you can either reset it by issuing another 'set <name> <value>', or you can 'unset' the value (unset <name>). Now that we have the two values we need for the exploit set, we need to choose our payload. To see a list of payloads compatable with the exploit we chose, just type 'show payloads'. The one we want is there (winbind), so lets choose our payload. Setting a payload is just like setting a RHOST or RPORT. To use winbind, I just type 'set PAYLOAD winbind'. Now that we have a payload set, its a good idea to check if there are any options the payload needs. If you run a 'show options', you will notice we have two more options. One of the optional, but both already have defaults. The LPORT option is what port to have the bind shell listen on (listen port). It defaults to 4444, so lets just use that. You can also set a different way for the shell to close, but 'seh' should be fine for our purposes. Now we need to choose a target. To get a list of targets, use the 'show' command: 'show targets'. It seems like an easy choice for targets (only one listed). For other exploits, you may see many different targets, but not this one. To set the target, go ahead and type 'set TARGET 0'. Now that we have all of the options set (or at least we think so), it is a good idea to go back and make sure they are all correct. To view the options you have set, just type 'set'. This will show the settings you have previously set. It is ttime for the fun part: using the exploit. Normally you would be able to use the command 'check' to see if the exploit/payload would work (without actually taking over the remote box). Unfortunately this exploit doesn't have a check function, but to start the actual exploit, just type 'exploit'. While this concludes the introduction to the Metasploit project, I urge you to use Metasploit responsibly. It is a very powerful tool, and can easily be used for good and for evil purposes. Use it on your own computers to test security and to learn how processes work, but do NOT use it on computers you don't own. In my example, I used it to exploit my laptop which was within two feet of me the entire time. More exploits and payloads are available for download at the Metasploit Project website.
Back to top