ebook img

Metasploit Pro User Guide PDF

295 Pages·2015·10.13 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Metasploit Pro User Guide

4.11 USER GUIDE Getting Started First things first. If you haven't installedMetasploit yet, check out this these instructions if you're a commercial user. Otherwise, if you already haveMetasploit installed, congratulations! You've come to the right place to get started. What's Metasploit? Metasploit is a penetration testing platform that enables you to find, exploit, and validate vulnerabilities. The platform includes theMetasploit Framework and its commercial counterparts: Metasploit Pro, Express, Community, and Nexpose Ultimate. Metasploit Framework TheMetasploit Framework is the foundation on which the commercial products are built. It is an open source project that provides the infrastructure, content, and tools to perform penetration tests and extensive security auditing. Thanks to the open source community and Rapid7's own hard working content team, new modules are added on a regular basis, whichmeans that the latest exploit is available to you as soon as it's published. There are quite a few resources available online to help you learn how to use theMetasploit Framework; however, we highly recommend that you take a look at theMetasploit Framework Wiki, which is maintained by Rapid7's content team, to ensure that you have themost up to date information available. You can also use the sidebar navigation on the left to view the documentation that is available on this site; just click on theMetasploit Framework topic or search for the topic you want. Either way, if you are unable to find what you need, let us know, and wewill add it to the documentation back log. Metasploit Pro and Other Commercial Editions The commercial editions of Metasploit, which include Pro, Express, Community, and Nexpose Ultimate, are available to users who prefer to use a web interface to pentest. In addition to a web interface, some of the commercial editions provide features that are unavailable in theMetasploit Framework. Most of the additional features are targeted towards automating and streamlining common pentest tasks, such as vulnerability validation, social engineering, custom payload generation, and bruteforce attacks. Getting Started 1 ! All features documented are available in Metasploit Pro. Certain features may not be available in other editions. For a comparison of features available in different editions, check out this handy page that breaks down the features in each edition. If you are command line user, but still want access to the commercial features, don't worry. Metasploit Pro includes its very only console, which is very much likemsfconsole, except it gives you access tomost of the features in Metasploit Pro via command line. Metasploit Implementation Rapid7 distributes the commercial editions of Metasploit as an executable file for Linux andWindows operating systems. You can download and run the executable to install Metasploit Pro on your local machine or on a remote host, like a web server. Regardless of where you install Metasploit Pro, you can access the user interface through a web browser. Metasploit Pro uses a secure connection to connect to the server that runs it. If you install Metasploit Pro on a web server, users can use a web browser to access the user interface from any location. Users will need the address and port for the server that Metasploit Pro uses. By default, theMetasploit service uses port 3790. You can change the port that Metasploit uses during the installation process. So, for example, if Metasploit Pro runs on 192.168.184.142 and port 3790, users can use https://192.168.184.142:3790 to launch the user interface. If Metasploit Pro runs on your local machine, you can use localhost and port 3790 to access Metasploit Pro. For example, type https://localhost:3790 in the browser URL box to load the user interface. ! Youmust have a license key to activate the product. If you do not have a license key, please contact the Rapid7 sales team at platforms. You can leverage the power of theMetasploit Framework to create additional custom security tools or write your own exploit code for new vulnerabilities. TheMetasploit team regularly releases weekly updates that contain new modules and bi-weekly updates that contain fixes and enhancements for known issues with Metasploit Pro. Modules A module is a standalone piece of code, or software, that extends functionality of theMetasploit Framework. Modules automate the functionality that theMetasploit Framework provides and enables you to perform tasks with Metasploit Pro. A module can be an exploit, auxiliary, payload, no operation payload (NOP), or post-exploitationmodule. Themodule type determines its purpose. For example, any module that opens a shell on a target is an exploit module. Services Metasploit Pro uses PostgreSQL, Ruby on Rails, and Pro Service. PostgreSQL runs the database that Metasploit Pro uses to store data from a project. Ruby on Rails runs the webMetasploit Pro web interface. Pro service, or theMetasploit service bootstraps Rails, theMetasploit Framework, and theMetasploit RPC server. Web Interface The component that you use to interact with Metasploit Pro. To launch the web interface, open a web browser and go to https://localhost:3790. Understanding Basic Concepts and Terms To help familiarize you with Metasploit Pro, the following are some basic terms and concepts that you should understand. Project All work in Metasploit Promust be done inside of a project. A project is basically a container for the data you use and collect during a penetration test. Workspace A workspace is the same thing as a project, except it's only used when referring to theMetasploit Framework. Understanding Basic Concepts and Terms 3 Task Everything you do inMetasploit is a task. A task is basically any action that you can perform inMetasploit, like running a scan or exploit. Module Most of the tasks that you perform inMetasploit require the use of amodule, which is a standalone piece of code that extends the functionality of theMetasploit Framework. A module can be an exploit, auxiliary or post-exploitationmodule. Themodule type determines its purpose. For example, any module that can open a shell on a target is considered an exploit module. A popular exploit module is MS08-067. Exploit Module An exploit module executes a sequence of commands to target a specific vulnerability found in a system or application. An exploit module takes advantage of a vulnerability to provide access to the target system. Exploit modules include buffer overflow, code injection, and web application exploits. Auxiliary Module An auxiliary module does not execute a payload and perform arbitrary actions that may not be related to exploitation. Examples of auxiliary modules include scanners, fuzzers, and denial of service attacks. Post-Exploitation Module A post-exploitationmodule enables you to gather more information or to gain further access to an exploited target system. Examples of post-exploitationmodules include hash dumps and application and service enumerators. Payload A payload is the shell code that runs after an exploit successfully compromises a system. The payload enables you to define how you want to connect to the shell and what you want to do to the target system after you take control of it. A payload can open aMeterpreter or command shell. Meterpreter is an advanced payload that allows you to write DLL files to dynamically create new features as you need them. Bind Shell Payload A bind shell attaches a listener on the exploited system and waits for the attackingmachine to connect to the listener. Understanding Basic Concepts and Terms 4 Database The database stores host data, system logs, collected evidence, and report data. Discovery Scan A discovery scan is aMetasploit scan that combines Nmap and several Metasploit modules to enumerate and fingerprint targets. Exploit An exploit is a program that takes advantage of a specific vulnerability and provides an attacker with access to the target system. An exploit typically carries a payload and delivers it to a target. For example, one of themost common exploits is windows/smb/s08-067_netapi, which targets aWindows Server Service vulnerability that could allow remote code execution. Listener A listener waits for an incoming connection from either the exploited target or the attackingmachine and manages the connection when it receives it. Meterpreter Meterpreter is an advancedmulti-function payload that provides you an interactive shell. From the Meterpreter shell, you can do things like download a file, obtain the password hashes for user accounts, and pivot into other networks. Meterpreter runs onmemory, so it is undetectable by most intrusion detection systems. Modules A prepackaged collection of code from theMetasploit Framework that performs a specific task, such as run a scan or launch an exploit. Payload A payload is the actual code that executes on the target system after an exploit successfully executes.A payload can be a reverse shell payload or a bind shell payload. Themajor difference between these payloads is the direction of the connection after the exploit occurs. Understanding Basic Concepts and Terms 5 Project A project is a container for the targets, tasks, reports, and data that are part of a penetration test. A project contains the workspace that you use to create a penetration test and configure tasks. Every penetration test runs from within a project. Reverse Shell Payload A reverse shell connects back to the attackingmachine as a command prompt. Shellcode Shellcode is the set of instructions that an exploit uses as the payload. Shell A shell is a console-like interface that provides you with access to a remote target. Task A task is an action that Metasploit Pro can perform. Examples of tasks include performing a scan, running a bruteforce attack, exploiting a vulnerable target, or generating a report. Vulnerability A vulnerability is a security flaw or weakness that enables an attacker to compromise a target. A compromised system can result in privilege escalation, denial-of-service, unauthorized data access, stolen passwords, and buffer overflows. Metasploit Pro Workflow The overall process of penetration testing can be broken down into a series of steps or phases. Depending on themethodology that you follow, there can be anywhere between four and seven phases in a penetration test. The names of the phases can vary, but they generally include reconnaissance, scanning, exploitation, post-exploitation, maintaining access, reporting, and cleaning up. TheMetasploit Pro workflow can be tailored based on the various phases of penetration testing. Generally, theMetasploit Pro workflow includes the following steps: Metasploit ProWorkflow 6 1. Create a project - Create a project to store the data that you collect from your targets. 2. Gather information- Use the discovery scan, Nexpose scan, or import tool to supply Metasploit Pro with a list of targets and the running services and open ports associated with those targets. 3. Exploit - Use smart exploits or manual exploits to launch attacks against target machines. Additionally, you can run bruteforce attacks to escalate account privileges and to gain access to exploitedmachines. 4. Perform post-exploitation - Use post-exploitationmodules or interactive sessions to interact gather more information from compromised targets. Metasploit Pro provides you with several tools that you can use to interact with open sessions on an exploitedmachine. For example, you can view shared file systems on the compromised target to identify information about internal applications. You can leverage this information to obtain evenmore information about the compromised systems. 5. Clean up open sessions - Use the Clean Up option to close any open sessions on an exploited target and to remove any evidence of any data used during the penetration test. This step restores the original settings on the target system. 6. Generate reports - Use the reporting engine to create a report that details the findings of the penetration test. Metasploit Pro provides several types that let you to determine the type of information that the report includes. Accessing Metasploit Pro To access the web interface for Metasploit Pro, open a browser and go to https://localhost:3790 if Metasploit Pro runs on your local machine. If Metasploit Pro runs on a remotemachine, you need to replace localhost with the address of the remotemachine. To log in to the web interface, you will need the username and password for the account you created when you activated the license key for Metasploit Pro. If you can't remember the password you set up for the account, you'll need to reset your password. Supported Browsers If the user interface is not displaying all of its elements properly, pleasemake sure that you are using one of the supported browsers listed below: l Google Chrome 10+ l Mozilla Firefox 18+ l Internet Explorer 10+ l Iceweasel 18+ AccessingMetasploit Pro 7 Touring the Projects Page Now that you are familiar with some of the basics of Metasploit, let's take amore in depth look at Metasploit Pro. After you log in toMetasploit Pro, the first screen that appears is the Projects page. The Projects page lists all of the projects that are currently stored in theMetasploit Pro instance and provides you with access to the quick start wizards, global tools, and product news. Regardless of where you are in the application, you can select Project > Show All Projects from the Global toolbar or click on theMetasploit Pro logo to access the Projects page, as shown below: Global Toolbar TheGlobal toolbar is located at the top of web interface. This toolbar is available from anywhere in Metasploit Pro. You can use theGlobal toolbar to access the Projects menu, your account settings, and the Administrationmenu. Touring the Projects Page 8 Quick Start Wizards Each quick start wizard provides a guided interface that walks you through a common penetration testing task, such as scanning and exploiting a target, building social engineering campaigns, scanning and exploiting web applications, and validating vulnerabilities. You can click on any of the quick start wizard icons to launch its guided interface. Product News The Product News shows you themost recent blogs from Rapid7. If you want to keep up with the newest modules and security news from Rapid7 and the community, the Product News panel is a great place to check for the latest content. Touring the Projects Page 9

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.