Exploits & Vulnerabilities with Introduction to Metasploit
Exploits and Vulnerabilities
In computer security, a vulnerability is a weakness which can be exploited by a Threat Actor like an attacker, to perform unauthorized actions within a computer system. These vulnerabilities have to be managed to inform the developers to patch it. Vulnerability management involves identifying,classifying,remediation and mitigating vulnerabilites in computer systems. The well known CVE (Common Vulnerabilities and Exposures) system is used to record and maintain the system. It is a database of vulnerabilities found in software packages. CVEs come with their own identifier of the format > > CVE Prefix + Year of Discovery + Arbitrary Digits >
Metasploit
Metasploit is a popular penetration testing tool maintained by Rapid7. It has a collection of all the well known vulnerabilities and exploits in software packages with their PoCs(Proof Of Concepts). These PoC scripts can be directly used by Penetration Testers. Metasploit also has a graphical version called Armitage. Exploiting any system involves the following steps:
1.Reconnaissance of the system. (With tools like Nmap)
2.Choosing the appropriate exploit.
3.Choosing and configuring the payload. (Code that will be executed on the system after successful entry)
4.Encoding the payload to avoid detection by the system firewalls or antivirus softwares and to remove the bad characters that may cause the exploit to fail.
5.Executing the exploit.
You can get Metasploit’s Open Source version here.
Follow the instructions to install Metasploit. If you are on a Penetration Testing based OS like Kali Linux or Parrot OS, Metasploit comes pre-installed.
Start the Metasploit console with msfconsole.
Metasploit downloads the exploits and vulnerabilites database from its servers and stores it offine. Make sure your offline Metasploit database is kept updated.
help will give you more information about using msfconsole.
show exploits will list out all the available exploits in the database. To search for a selected exploit use search software_package_name to get the list of available vulnerabilites and exploits.
Using the exploit is simple. (Ensure that you mention the exact path of the exploit while using it. )
For example:
use exploit/linux/ssh/symantec_smg_ssh
show info will give information about what the exploit does,the author of the exploit,parameters required etc.
Type show options to know the parameters that are required for the exploit.
Using this for the above exploit produces:
Module options (exploit/linux/ssh/symantec_smg_ssh):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 22 yes The target port
Exploit target:
Id Name
-- ----
0 Symantec Messaging Gateway 9.5
(RHOST indicates the host on which the exploit will be executed)
We set the RHOST IP address by set RHOST 192.168.1.2 (The IP address)
For any exploit make sure that you necessarily fill in all the required parameters.
To run the exploit enter run or exploit
Metasploit will then give the status of the exploit.
Here are some of the important commands in Metasploit
host website -> Gives the IP info
use exploit name -> Use the given exploit
search something -> Get exploit related information
show exploits-> Shows all the exploit related information
show options->Gives the exploit options
set SETTINGS -> Set the given exploit options
run->Runs the exploit
back->Go back
exploit-> Start the exploit
?->help
show payloads -> Lists all the playloads
set payload name -> Sets the payload
mfsupdate-> Update metasploit
