Linux PHP and Website Security

Simple Tips In Metasploiting (101)

Metasploit Framework
Msfconsole

The Metasploit Project and Framework has been a very big help in the area of Information Security and Vulnerability Assessment. What’s good about it is that it is Open Source and available for all. In this article I will introduce some basics of the Msfconsole and how simple vulnerability assessment or exploit is done.

Metasploit contains a lot of exploits compiled when you download the framework which includes buffer overflows, application vulnerabilities and exploits, dos, service overflows, etc. In order to see all the exploits type, show exploits.

Exploit Compilations
Exploit Compilations

Metasploit enables users to run arbitrary commands against the host or control the box. These scripts are called payloads which performs malicious actions on the host. Payloads includes command shell and meterpreter, to see all the payloads, type show payloads.

Payloads

And because there are a lot of exploits to choose from, you can filter your search query by typing search <keyword>. For example: search exim

Exim4
Exim4 <= 4.69 string_format Function Heap Buffer Overflow

Thus, the matching module which is Exim4 <= 4.69 string_format Function Heap Buffer Overflow should show up.

To use this exploit type, use <nameoftheexploit>: use exploit/unix/smtp/exim4_string_format

Okay, after that all you need to do is to set your target and change the settings. To check what needs to be set type: show options.

how to set an exploit

As what you can see from this exploit, you can set the EHLO_NAME (although it says not required), MAILFROM, MAILTO, RHOST, and RPORT.

For example: I want to change MAILFROM settings, I can change it by typing set MAILFROM <new mail>: set MAILFROM anonymous@theprojectxblog.net.

anonymous@theprojectxblog.net

Alright, I was able to change the settings. So if all things are set then I can just run the exploit now by typing exploit.

Ohw and wait, I can also set my payload by typing, set payload <name of the payload>.

Well that’s it for now! Till next time guys. Merry Christmas!

Related Articles:

Android Data Stealing with Metasploit

Scan SSH Logins with Metasploit

Webcam Picture Capturing with Metasploit

Email Gathering with Metasploit

Leave a Reply