Advanced exploitation toolkit
- Exploit: This module is the proof-of-concept code developed to take advantage of a particular vulnerability in a target system
- Payload: This module is a malicious code intended as a part of an exploit or independently compiled to run the arbitrary commands on the target system
- Auxiliaries: These modules are the set of tools developed to perform scanning, sniffing, wardialing, fingerprinting, and other security assessment tasks
- Encoders: These modules are provided to evade the detection of antivirus, firewall, IDS/IPS, and other similar malware defenses by encoding the payload during a penetration operation
- No Operation or No Operation Performed (NOP): This module is an assembly language instruction often added into a shellcode to perform nothing but to cover a consistent payload space
You will be dropped into an interactive console interface. To learn about all the available commands, you can type the following command:
This will display two sets of commands; one set will be widely used across the framework, and the other will be specific to the database backend where the assessment parameters and results are stored. Instructions about other usage options can be retrieved through the use of -h, following the core command.
Let us examine the use of the show command as follows:
msf> show -h[*] Valid parameters for the “show” command are: all, encoders, nops, exploits, payloads, auxiliary, plugins, options[*] Additional module-specific parameters are: advanced, evasion, targets, actions
This command is typically used to display the available modules of a given type or all of the modules. The most frequently used commands could be any of the following:
- show auxiliary: This command will display all the auxiliary modules.
- show exploits: This command will get a list of all the exploits within the framework.
- show payloads: This command will retrieve a list of payloads for all platforms. However, using the same command in the context of a chosen exploit will display only compatible payloads. For instance, Windows payloads will only be displayed with the Windows-compatible exploits.
- show encoders: This command will print the list of available encoders.
- shownops: This command will display all the available NOP generators.
- show options: This command will display the settings and options available for the specific module.
- show targets: This command will help us to extract a list of target OS supported by a particular exploit module.
- show advanced: This command will provide you with more options to fine-tune your exploit execution.
We have compiled a short list of the most valuable commands in the following table; you can practice each one of them with the Metasploit console. The italicized terms next to the commands will need to be provided by you:
|check||To verify a particular exploit against your vulnerable target without exploiting it. This command is not supported by many exploits.|
|connectip port||Works similar to that of Netcat and Telnet tools.|
|exploit||To launch a selected exploit.|
|run||To launch a selected auxiliary.|
|jobs||Lists all the background modules currently running and provides the ability to terminate them.|
|route add subnet netmasksessionid||To add a route for the traffic through a compromised session for network pivoting purposes.|
|info module||Displays detailed information about a particular module (exploit, auxiliary, and so on).|
|setparam value||To configure the parameter value within a current module.|
|setgparam value||To set the parameter value globally across the framework to be used by all exploits and auxiliary modules.|
|unsetparam||It is the reverse of the set command. You can also reset all the variables at once by using the unset all command.|
|unsetgparam||To unset one or more global variables.|
|sessions||Ability to display, interact, and terminate the target sessions. Use with -l for listing, -i ID for interaction, and -k ID for termination.|
|search string||Provides a search facility through module names and descriptions.|
|use module||Select a particular module in the context of penetration testing.|
We will demonstrate the practical use of some of these commands in the upcoming sections. It is important for you to understand their basic use with different sets of modules within the framework.