Monday, August 3, 2009

Backtrack 4. MSF - Part 1

A couple of emails have come just at the right time to help me get back into the swing of things. They were both regarding Metasploit which fits nicely into my planned blog entries about tools from the BackTrack disto.

I plan to focus the next series of post on the basics of Metasploit then i hope to be moving into more advanced features that I think are cool within the framework. Please bear in mind though that I am in no way an expert on the MSF so I'll be learning as I go along, which is the whole point of my blog anyway. To learn and to share. I have covered some of the stuff i'll be blogging about in previous posts but as I don't use MSF every day i'll go over some of it again as a reminder for myself.



Part 1 - Which Metasploit looks good on me?


As I'm basing these posts on Metasploit and as I mentioned previously I wanted to focus on the new BackTrack 4 tools i'll dispense with the installation instruction. Metasploit can be found under BackTrack > Penetration > Framework Version 3.



Now you have a few options here:

  • msfcli
  • msfconsole
  • msfgui
  • msfweb


All the flavours of the framework have a purpose but as far as i'm concerned as you get familiar with the framework you'll probably find one that works best for you. When I first started with the Framework I liked to use msfgui and msfweb. Both of these were pretty similar wen used locally but msfweb does have the benefit of being able to run remotely because as indicated in the name it's a web server version. Whenever I go back to Metasploit after some time I often like to use msfgui, as this allows me to easily navigate through the list of exploits, payloads or auxiliary modules and to read the descriptions of them to find exactly what will work best for the thing i'm doing rather than just throwing anything and everything at a target. That type of behavior is very uncool and will get you noticed.

Now before I go any further I should take a few minutes to explain what the Metasploit Framework is and what it can do. The framework is a collection of programs and scripts that can be used amongst other things to identify, exploit targets. Apart from the 4 options listed above there are many other tools such as msfpayload that can be used for creating standalone executables or msfencode that can be used to bypass antivirus with those executables. These might are fantastic tools that might not be obvious if you don't have a look for them. The framework is written in Ruby and is open source so it can be extended and tweaked to suit individual needs. Other script such as those written by Dark Operator can be integrated into the framework to enhance the functionality.


I really encourage anyone interested in Metasploit to have a good look around in the /pentest/exploits/framework3/ directory. There is also documentation and samples available.


Okay, back to the versions. I'm sure there are many other uses but here's what I have used them for so far:

msfcli

If your very familiar with the syntax and know exactly what is you want to do then msfcli might be the option for you. I have used this in the past to create msfpayloads and it works very well.

An example of using msfcli might be:

./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/bind_tcp LPORT=2482 RHOST=192.168.1.110 DisableCourtesyShell=TRUE E


msfconsole

I really like the working in the console, it's pretty intuitive and i always feel cooler working from the commandline. Navigating through the console is pretty easy with the tab completion and help options. After becoming familiar with metasploit I found that I can work most effectively in the console.



msfgui

As mentioned above I like to use msfgui to familiarize myself with exploits, payloads and options. But if you find yourself living in msfgui you really need to "Man up Nancy Boy!" and get to msfconsole, you'll feel much better about yourself if you do.



msfweb

Similar thoughts as msfgui but it can also be configured to connect to remotely (as can msfd as i'll show in a later post). First launch msfweb and then point a browser at at (as described in the console message).






Okay, so this was brief overview because I wanted to get a post out and it may be a bit boring for anyone already familiar with MSF. I'll be going into more detail in upcoming posts and I hope things will get a lot more exciting as I cover the following:

  • Updating the Framework.
  • Navigating through msfconsole.
  • Using Auxiliary modules, Exploits and Payloads.
  • Launch successful attacks against a vulnerable host.
  • Adding new functionality with external scripts.
  • Integrating other tools with MSF
  • Anything else i can think of.........

Back soon.......

No comments: