hakin9 teaser

8/11/2019 Hakin9 Teaser

1/11

TEASER


2/11

Hakin9 Magazine| Metasploit

Hakin9 Magazine|

2

About the Metasploit Framework Workshop

This course will give you an overview about Metasploit Framework and will guide you through the

installation process on different platforms (Linux, Windows, and Mac OS X).

We also provide a forum for our students in order to be able to contact the author ABDELLI

Nassereddine for any further questions.

Hardware Requirements

Minimum System Requirements

2 GHz+ processor

2 GB RAM available (4 GB recommended)

500MB+ available disk space

10/100 Mbps Network Interface Card (NIC)

Supported Operating Systems

Windows XP, 2003, Vista, 2008 Server, and Windows 7

Red Hat Enterprise Linux 5.x, 6.x x86 and x86_64

Ubuntu Linux 8.04, 10.04 x86 and x86_64

For Mac OS X, which is built on FreeBSD; Metasploit should run on Mac OS X properly when it is

configured correctly.

Required Browser Versions

Mozilla Firefox 4.0+

Microsoft Internet Explorer 9

Google Chrome 10+

This course introduces the step-by-step instructions on how to install Metasploit on Mac OSs.

Preparation and Requirements

Linux (Ubuntu)

We start by making sure that we have the latest packages by updating the system using

apt-get command:

sudo apt-get update

sudo apt-get upgrade

Now, we know that we are running an updated system. Hence, we can install all the dependentpackages that are needed by Metasploit Framework using this command:

The Metasploit Workshop


3/11

Metasploit | Hakin9 Magazine

| Hakin9 Magazine

3

sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev

libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf

pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3

As we know metasploit have been fully rewritten with Ruby language, so we need to install the

required Ruby libraries that metasploit framework depends on:

sudo gem install wirble sqlite3 bundl

Metasploit depends on Nmapas an external tool for network scanning, so we should install it as

well using the following command.

mkdir~/Development

cd~/Development

svn co https://svn.nmap.org/nmap

cd nmap

./congure

make

sudo make install

make clea

Since the framework depends on external databases in order to load faster and to respond to

exploit or modules searches efficiently in time needed, so well need to install the Relational

database management system (RDBMS) such as MYSQL, PostgreSQL .., etc.

For this course, we will be using PostgreSQLas a database system an well cover both installation

and configuration for it.

We install PostgreSQLusing apt-get command like so:

apt-get install postgres

Then, We switch to the postgres user apace where we can create a user and a database that we

will use for Metasploit later:

sudo -s

su postgres

Now, we create a user and database, you should record the database that you gave to the user

since it will be used in the database.ymlfile that Metasploit will use to connect to the database.

createuser msfuser-P-S-R-D

createdb-Omsfuser msf

Windows

Windows operating system is always much easier than other operating systems regarding the

installation of a new software, and all what you will need to do before installing the MSF is to get

your proper action key from the RAPID7 website here: http://www.rapid7.com/products/metasploit/

download.jsp, after clicking on Download Metasploit Community

After that, you should disable any Anti-virus programs or Firewalls in place, because of the MSF

nature as it uses Exploitsand Payloadsfor its operations, hence, anti-virus products may identify it

as malicious and may start deleting important files from its folder. So we highly recommend that you

create a folder METASPLOIT under the C:\ drive and add it as a trusted folder.

Mac OSX

Before we start installing Metasploit Framework, we need to make sure the system has already

installed Apples Development Tool Xcode, it can be downloaded from (https://developer.apple.

com/) or directly obtained from Apples App Store.
http://www.rapid7.com/products/metasploit/download.jsphttp://www.rapid7.com/products/metasploit/download.jsphttps://developer.apple.com/https://developer.apple.com/https://developer.apple.com/https://developer.apple.com/http://www.rapid7.com/products/metasploit/download.jsphttp://www.rapid7.com/products/metasploit/download.jsp


4/11


Hakin9 Magazine|

4

Once you have Xcode installed on your system, open a new terminal, run xcode-select, and click

the Install button to install the required command line developer tools As shown in the figure

If you see a message telling you the software cannot be installed, because it is not currently

available on the Software Update Server. This usually means you already have the latest version

already installed.

Also, We will need to install MacPorts. It can be downloaded from http://www.macports.org/install.php

After installation, we should update it to the latest version using the following command:

sudo port-v selfupdate

After MacPorts and XCode have been correctly configured, we can go ahead to instal Rubyand

RubyGem, we will use our previously installed MacPorts in this step.

sudo port install ruby19+nosufx

And in order to take the full advantage of the features of Metasploit Framework, we need to install

an external database system (PostgreSQL).

sudo port install postgresql93-server

gem install pg-v 0.16.0-- --with-pg-cong=/opt/local/lib/postgresql93/bin/pg_cong

Installation

Linux (Ubuntu)

Once we have completed with the installation of all previous dependencies, we can go now and

install the framework and connect it to the database we have created using PostgreSQL, we will

install it from githubsince its the most updated one, and we can later use MSFUPDATEcommand in

order to update the framework as follows:

cd/opt

git clone https://github.com/rapid7/metasploit-framework.git

Now, we run budler to install the gems:

cd/opt/metasploit-framework

bundle install
http://www.macports.org/install.phphttp://www.macports.org/install.php


5/11


| Hakin9 Magazine

5

Once we are done, we should create the links to different commands (msfconsole, msfpayload .., etc.)

so we can use them under any user and not being limited to use only under the framework folder:

sudo bash-c forMSFin $(ls msf*);doin-s/opt/metasploit-framework/$MSF/usr/local/

bin/$MSF;done

And for not being forced to run commands that connect to the MSF to the Postgres database each

time we launch the framework, we need to create a configuration file under the framework folder:

cd/opt/metasploit-framework

touch database.yml

And past this content inside, using your favorite text editor (I prefer nano :)):

production:

adapter:postgresql

database:msf

username:msfuser

password:

host:127.0.0.1

port:5432

pool:75

timeout:5

Windows

Start with locating the Windows installer fileand double-click on the installer icon, when the setup

screen appears, click Next to continue.


6/11


Hakin9 Magazine|

6

Accept the licence afreement and click Next

On the next screen, choose an installation directory for Metasploit. The directory you choose

must be empty. Click Next to continue (As we described earlier the installation folder must be

trusted by the Anti-virus product you are using otherwise the installation will fail)

When the Disable Anti-virus and Firewall screen appears, click Next, if it detects an active Anti-

virus or Firewall in place itll show up this error:


7/11


| Hakin9 Magazine

7

When the installation finishes, the web browser will automatically open up, and itll show you this

page, all you have to do now is to create a username and password for the WEBGUIuse. After you

are done with that, youll find the metasploit console under Windows -> All Programs -> Metasploit.

Mac OSX

After downloading and installing all the dependencies mentioned in the previous section, now we are

ready to go ahead and install MSF. In order to take full advantage of the Metasploit Framework, well

want to connect it to the PostgreSQL.

Hence, In PG Admin III, create a database called metasploitdb and a user name called msfuser

with password msfpassword, then assignmsfuser to metasploitdb.

After that we should download the MSF from githubas follows:

cd/opt/

sudo git clone https://github.com/rapid7/metasploit-framework.git

Next, you should install the required gems and versions using bundler. For this we have to navigate

to the metasploit-framework folder and then execute the command bundle install like so:

cd/opt/metasploit-framework/

bundle install


8/11


Hakin9 Magazine|

8

Now, that we are almost done, we create symlinks for msfconsole and msfpayload. This is in order

to be able to execute the framework from any shell on any location using the following command:

sudo ln-s/opt/metasploit-framework/msf*/opt/local/bin/

We have successfully installed and configured Metasploit and now for the first run just type msfconsole.

Well, this is Metasploit Console, one form of taking advantage of the MSF. We will break down to the

other forms of interfaces in the next chapter.

Fundamentals

First of all and before diving deep into the framework, we want to have a look at its architecture and

how its designed.

We see as in figure, the framework provides a truly impressive work environment. Its far from being just

a collection of exploits. Its an infrastructure that you can build upon and utilize for your custom needs.

Modules

Payloads: This module is composed of the various payloads a penetration tester may wish to

deposit into a target system. Payloads usually consist of some codes to run as well as some

parameters defining how a connection to the compromised system might be made.

Exploits: All standalone exploits belong in this module. It contains both passive and active

exploits. An example of an active exploit is the one that exploits a buffer overflow whereas a

passive exploit something along the lines of a fake DNS server that re-routes an unsuspectinguser to a malicious site.

Encoders: This module contains various encoders that are used to encode the payload before it

is being sent to a remote computer. This is done to prevent the payload from being detected by

an anti-virus program.

Nops: This module is composed of a few different generators which targetted to generate

operation instructions that are used as padding around some of the payloads in order to keep

their size consistent.

Aux (Auxiliaries): This module contains all the tools which a penetration tester would use in the

initial phases of planning out an attack. These are Tools such as packet sniffers, port scanners,

input fuzzers, etc.


9/11


| Hakin9 Magazine

9

Libraries

Rex (Ruby Extension Library): It contains most of the frameworks core features and tools, some of

which are specific to the application domain, which were built to enhance the default Ruby library.

The Rex module was designed to depend strictly on the default installation of Ruby (default

libraries) and is the centerpiece of the framework. Some examples from Rex are wrappersfor

socket subsystems, implementations of client server protocols, a logging subsystem, exploitation

utility classes, and a number of other useful classes

MSFCore: To expose its features to other modules, the Metasploit team developed the MSF Core

library, which works as an APIand extension for Rex and its purpose is to provide a low-level

interface that will allow peripheral modules to interact with Rex.

MSFBase: This core library is extended by the MSF Base library which is designed to provide a

simpler interface to interact with the core framework and some utility classes

Tools & Plug-ins

They work directly with the Metasploit API, and they manipulate the framework as a whole and also

automate specific tasks which would be tedious to do manually. For example, lets say you have 10

hosts that you have access to (sessions), and you want to upload and execute a specific file on all

the hosts, you can do it using a plugin that will automate the process.

Interfaces

MSFConsole: It provides an all-in-one centralized console that allows you efficient access to

virtually all of the options available in the Metasploit Framework. Msfconsole may seem intimidating

at first, but once you learn the syntax of the commands, you will learn to appreciate the power of

utilizing this interface. MSFcli: Its a single line command for Metasploit, it provides almost the same fonctionalities

as MSFconsole. So instead of running the whole metasploit project using MSFconsole just to

generate a payload, for example, you can do it using MSFcli in just one command.

Web: Its another way of browsing and using the functionalities provided by Metasploit via a web

interface from a web browser.

GUI: It is the tool which Metasploit uses to visualize targets and recommend exploits. It is called

Armitage and it provides you with a fast and easy hacking without ever having to use your

keyboard, just click and attack hosts. We will go in depth with Armitage in Module 3.

We will introduce both Modules (Payloads, Exploits, Encoders, Nops, Auxiliaries) and Interfaces in

depth in the next sessions.


10/11


11/11

www.ipexpo.co.uk

Co-located at

Cyber Security EXPO is the new place for everybody wanting to protect

their organisation from the increasing commercial threat of cyber

attacks. Cyber Security EXPO has been designed to provide CISOs andIT security staff the tools, new thinking and policies to meet the 21st

century business cyber security challenge.

Cyber Security EXPO delves into business issues beyond traditional

enterprise security products, providing exclusive content on behaviour

trends and business continuity. At Cyber Security EXPO, discover how

to build trust across the enterprise to securely manage disruptive

technologies such as: Cloud, Mobile, Social, Networks, GRC, Analytics,

Identity & Access, Data, Encryption and more.

FREE

REGIST

RATION

The most comprehensive analysis anywhere of how to protect

the modern organisation from cyber threats

Free to attend seminars delivered by Mikko Hypponen,Eugene Kaspersky and many more

Attend the Hack Den a live open source security lab toshare ideas with White Hat hackers, security gurus,Cyber Security EXPO speakers and fellow professionals

Network with industry experts and meet with CyberSecurity exhibitors

Discover what the IT Security team of the futurewill look like

for a new era ofcyber threats

A NEWevent,

Register NOW

www.cybersec-expo.com

Sponsors

www.cybersec-expo.com

hakin9 teaser

Documents