Metasploit

From Rory.wiki

Metasploit

I've spent some time looking at Metasploit so this page just has some notes and links to good metasploit resources.

Metasploit Usage Notes

Installation

install from subversion is svn co http://metasploit.com/svn/framework3/trunk/ <directory_name_to_put_metasploit_in>

Set-up on Ubuntu - need subversion, build-essential,ruby,irb,rubygems,libaio1 (for Oracle stuff),ruby-dev (causes mkmf errors if you don't have it), libsqlite-ruby, libsqlite3-dev, libsqlite3-ruby, libopenssl-ruby Gems - sqlite3-ruby, activerecord

for the GUI need libglade2-ruby and libgtk2-ruby

For installation pre-requisites of the Oracle stuff, see this page on the Metasploit wiki

Programs

msfconsole - Starts the console

msfcli <module name> <options (in the format of <OPTION=VALUE>)> [mode] . Usually running mode as E for execute.

msfgui - starts the gui (assuming all the pre-req's are installed)

msfweb - starts the web server on http://127.0.0.1:55555

msfpayload - Used for creating stand-alone payloads (eg, exe files) to deliver to systems.

msfencode - Used for obfuscating payloads to aid in defensive systems (eg, IDS/A-V) evasaion.

msfconsole - General commands and notes

Tab completion is your friend. Works in most places in the framework and is very useful for telling

help - provides help !

info <module name> - information on a module (can also just run info when a module is loaded to get info on that module)

search - Search for a string in module descriptions (useful for searching for MS0x numbers for Microsoft exploits)

Exploit Usage Notes

Initial syntax will be use <module name>

My Metasploit Modules

Metasploit Module - ora-enum

Meterpreter Notes =

From here

Meterpreter has a range of scripts that can be executed once the session is started. Located in scripts/meterpreter under the Metasploit installation directory. Basically to get a good idea of what's possible with meterpreter, a good plan is to read the source of the scripts in this directory. All of what's in the scripts can be executed manually, they just make things easier :)

getcountermeasure.rb - This script can be used to detect active A-V and remove both it and the Firewall. getcountermeasure -k -d will detect and disable a range of A-V products and also the windows firewall. It does this by killing the process of the A-V product after a search on process name, using the session.sys.process.kill command.

migrate.rb - This script allows for the meterpreter structures to be migrated to a different process (such as explorer.exe) handy for not being detected on the box.

credcollect.rb - This collects both system hashes from the target box and also tokens (delegation and impersonation). All these are stored to the database (if active)

enum_firefox.rb - If Firefox is installed on the box, this program is designed to enumerate the sqlite databases used to store user information (history, bookmarks, passwords) and download them.

get_application_list.rb - This uses the registry to get a list of software installed on the target system.