The Metasploit Project is an open-source, computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine.
Metasploit helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments.
Minimum System Requirements:
- 2 GHz+ processor
- 2 GB RAM available (4 GB recommended, increase accordingly with VM targets on the same device)
- 500MB+ available disk space
- 10/100 Mbps network interface card
Supported Operating Systems:
- Windows XP, 2003, Vista, 2008 Server, and Windows 7
- Red Hat Enterprise Linux 5.x, 6.x – x86 and x86_64
- Ubuntu Linux 8.04, 10.04 – x86 and x86_64
Required Browser Versions
- Mozilla Firefox 4.0+
- Microsoft Internet Explorer 9
- Google Chrome 10+
Basics Terms of Metasploit
Vulnerability: Vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system. Vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities.
Exploit: “Exploit” refers to a well-known bug/hole that hackers can use to gain entry into the system.To take advantage of vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system.
Payload: A payload is the piece of software that lets you control a computer system after it’s been exploited. The payload is typically attached to and delivered by the exploit.
Metasploit Basic Command Tutorial
Msfconsole
Help
Help: it will show you the basic commands of Metasploit.
Show payloads
Show payloads: it will show you all the available payloads on Metasploit.
Show exploits
Show exploits: it will show you all exploits in Metasploit.
| msf> use <exploit> | to use a exploit or payload |
| msf exploit (name)> set payload <paload name> | To add specified payload |
| msf exploit (name)> set rhost <victim ip> | To add victim ip address to specified exploit# |
| msf exploit (name)> set lhost <localhost ip> | To add attacker ip address to specified exploit# |
| msf exploit (name)> unset rhost | To remove rhost value |
| msf exploit (name)> unset lhost | To remove lhost value |
| msf exploit (name)> setg rhost <victim ip> | To add victim ip address globally |
| msf exploit (name)> setg lhost <localhost> | To add localhost(attacker) ip address globally |
| msf exploit (name)> sessions -l -v | To see list of sessions |
Meterpreter Basic Commands
Help
The ‘help’ command, as may be expected, displays the Meterpreter help menu.
PS
The ‘ps’ command displays a list of running processes on the target.
LS
As in Linux, the ‘ls’ command will list the files in the current remote directory.
Ipconfig
The ‘ipconfig’ command displays the network interfaces and addresses on the remote machine.
Getuid
Running ‘getuid’ will display the user that the Meterpreter server is running as on the host.
Download
The ‘download’ command downloads a file from the remote machine. Note the use of the double-slashes when giving the Windows path.
Upload
As with the ‘download’ command, you need to use double-slashes with the ‘upload’ command.
Shell
The ‘shell’ command will present you with a standard shell on the target system.
ไม่มีความคิดเห็น:
แสดงความคิดเห็น