Null-Byte
Would you like to react to this message? Create an account in a few clicks or log in to continue.

How to Hack Like a Pro: Getting Started with Metasploit

Go down

How to Hack Like a Pro: Getting Started with Metasploit Empty How to Hack Like a Pro: Getting Started with Metasploit

Post by Admin Fri Jun 19, 2015 11:53 am

This is my first contribution in an ongoing series on detailing the best free, open source hacking and penetration tools available. My goal is to show you some of the quality tools that IT security experts are using every day in their jobs as network security and pen-testing professionals. There are hundreds of tools out there, but I will focus and those that meet four key criteria:

Open source
Free
High quality
Widely used and trusted in the IT security/pen-testing community
As such, no hacker/penetration tool box is complete without the addition of the versatile and powerful Metasploit.

What Is Metasploit?
Metasploit is among the most widely used exploitation tools in the hacking/security field. It's used by both novices and advanced professionals. Insecure.Org, run by Fyodor, the founder of Nmap, annually surveys security professionals for their opinion on the top security software. Metasploit has consistently ranked among the top ten since its inception and currently ranks second. That should give you some idea of how important Metasploit is in the security community.

How to Hack Like a Pro: Getting Started with Metasploit Hack-like-pro-getting-started-with-metasploit.w654

Metasploit is a self-described "framework" for cyber exploitation. As a framework, it eases the effort to exploit known vulnerabilities in networks, operating systems and applications, and to develop new exploits for new or unknown vulnerabilities. As of last Thursday, Project Basecamp announced the development of a Stuxnet-like module for Metasploit.

Metasploit has developed a Meterpreter that when loaded into a target system, makes maintaining access and controlling the target much easier. As such, every self-respecting hacker (and even those without self-respect) should have some basic knowledge of Metasploit. This series of articles will initially focus on conferring at least a rudimentary understanding of how Metasploit works and how it can be utilized by the hacker/penetration tester to own the box, download data and cover your tracks.

A Little Background
Metasploit was developed in 2003 as an open source project by H.D. Moore. Originally developed in PERL, the developer team rewrote Metasploit in Ruby in 2007. This is critical, because you need to have Ruby on your system in order to run Metasploit and to develop your own exploits.

After many years of success in the hacker/penetration tester community, it was purchased by Rapid7 in 2009. After its purchase, the Metaspoloit framework was split into three versions. Two are commercial versions; Metasploit Express and Metasploit Professional, the latter selling for $1800. These two have nice GUIs and numerous bells and whistles, including the automation of several attacks, but there is still a free and open source community edition known as the Metasploit Community.

Fortunately, some independent developers at Armitage have created a free and open source GUI for Metasploit that is both beautiful and elegant, for those that prefer the point-and-click mode of operation.

How to Hack Like a Pro: Getting Started with Metasploit Hack-like-pro-getting-started-with-metasploit.w654

There is a Windows version of Metasploit, but many of the features (raw IP packet injection, wireless driver exploitation, SMB relaying attacks, etc.) are unavailable in the Windows environment, though some of these limitations can be overcome by using Cygwin or running Windows in a virtual environment on Linux.

For these and other reasons, we will commence this series using the more flexible command line interface (CLI) version in Linux, and eventually we will install and use the Armitage GUI.

Download and Installation
The first step in our process is to download and install Metasploit. Although there is a Windows version, I will focus on the Linux version because of its greater flexibility and capability. Let's walk through the download and installation on my favorite Linux distro, Ubuntu.

To install the latest version of the Metasploit 4 Framework (MSF4) on Ubuntu 10.04 (or any other Debian-based distros), use the following commands. This downloads and installs the generic Linux binary which comes bundled with all the necessary components you need for Metasploit to install and run. This should work for most users and is the easiest and quickest way to get the Metasploit Framework running under Ubuntu and other Debian-based Linux distros.

First open a terminal window and type:

wget http://updates.metasploit.com/data/releases/framework-4.0.0-linux-full.run

If you're installing on a 64-bit build of Ubuntu, use this instead:

wget http://updates.metasploit.com/data/releases/framework-4.0.0-linux-x64-full.run

This downloads the current version of the Metasploit framework via Wget.

Before you can run the installer, you need to make it executable. In the terminal, you must change the mode to execute (x) for Metasploit:

chmod +x framework-4.*-linux-full.run

And now execute the installer by getting root privileges by typing sudo and ./ with the name of our package:

sudo ./framework-4.*-linux-full.run

You should then be prompted for your root password. After entering that, you should get a screen that looks something like this:

How to Hack Like a Pro: Getting Started with Metasploit Hack-like-pro-getting-started-with-metasploit.w654

Go ahead and click Forward.

How to Hack Like a Pro: Getting Started with Metasploit Hack-like-pro-getting-started-with-metasploit.w654

Agree to the terms of the license agreement and click Forward.

How to Hack Like a Pro: Getting Started with Metasploit Hack-like-pro-getting-started-with-metasploit.w654

I suggest that you select Yes for automatic updates so that your exploit framework has the latest and greatest updates. Click Forward.

How to Hack Like a Pro: Getting Started with Metasploit Hack-like-pro-getting-started-with-metasploit.w654

Here, Metasploit is asking whether you want to insert a different service script. You can just accept the default and hit Forward.

How to Hack Like a Pro: Getting Started with Metasploit Hack-like-pro-getting-started-with-metasploit.w654

Be patient now; it will take Metasploit a few minutes to install and build your database. After it's done, you are ready to run Metasploit. Simply type:

msfconsole

Finally, you should be greeted by this screen.

How to Hack Like a Pro: Getting Started with Metasploit Hack-like-pro-getting-started-with-metasploit.w654

You have now successfully installed the world's best open source exploit framework and you are ready to begin system/network exploitation and pen testing!

Please note that in my installation here, it warns me that updating is recommended as the last update was 249 days ago. If you want to update your framework, then type:

sudo msfupdate

In my next article, we will look at the terminology and components of Metaspolit and then initiate a tried and true exploit.
Admin
Admin
Admin

Posts : 34
Join date : 2015-06-18

https://null-byte.board-directory.net

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum