Basics of Metasploit Framework

In this part, we will looking at some of the basic operations of the Metasploit Framework.

Launching the Metasploit Framework

To launch and open Metasploit Framework, simply use:

msfconsole

IIIIII    dTb.dTb        _.---._
  II     4'  v  'B   .'"".'/|\`.""'.
  II     6.     .P  :  .' / | \ `.  :
  II     'T;. .;P'  '.'  /  |  \  `.'
  II      'T; ;P'    `. /   |   \ .'
IIIIII     'YvP'       `-.__|__.-'

I love shells --egypt

       =[ metasploit v6.3.5-dev                           ]
+ -- --=[ 2296 exploits - 1202 auxiliary - 410 post       ]
+ -- --=[ 965 payloads - 45 encoders - 11 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: Search can apply complex filters such as 
search cve:2009 type:exploit, see all the filters 
with help search
Metasploit Documentation: https://docs.metasploit.com/

[msf](Jobs:0 Agents:0) >>

Looking for some basic help

You can try to find some help on how to use metasploit, just by entering:

help

Core Commands
=============

    Command       Description
    -------       -----------
    ?             Help menu
    banner        Display an awesome metasploit banner
    cd            Change the current working directory
    color         Toggle color
    connect       Communicate with a host
    debug         Display information useful for debugging
    exit          Exit the console
    features      Display the list of not yet released features that can be opted in to
    get           Gets the value of a context-specific variable
    getg          Gets the value of a global variable
    grep          Grep the output of another command
    help          Help menu
    history       Show command history
    load          Load a framework plugin
    quit          Exit the console
    repeat        Repeat a list of commands
    route         Route traffic through a session
    save          Saves the active datastores
    sessions      Dump session listings and display information about sessions
    set           Sets a context-specific variable to a value
    setg          Sets a global variable to a value
    sleep         Do nothing for the specified number of seconds
    spool         Write console output into a file as well the screen
    threads       View and manipulate background threads
    tips          Show a list of useful productivity tips
    unload        Unload a framework plugin
    unset         Unsets one or more context-specific variables
    unsetg        Unsets one or more global variables
    version       Show the framework and console library version numbers

This produces a very comprehensive listing of all the possible commands of the tool.

Search for something

If you wish to search for something inside metasploit you simply use the “search” command followed by your search parameter.

search vsftpd (”vsftpd” is just an example of something we might search)

Matching Modules
================

   #  Name                                  Disclosure Date  Rank       Check  Description
   -  ----                                  ---------------  ----       -----  -----------
   0  exploit/unix/ftp/vsftpd_234_backdoor  2011-07-03       excellent  No     VSFTPD v2.3.4 Backdoor Command Execution

Interact with a module by name or index. For example info 0, use 0 or use exploit/unix/ftp/vsftpd_234_backdoor

Interacting with a specific Metasploit module

At the time of writing, Metasploit is composed of thousands of different modules (and you can even add your own specific modules). So you need to select the specific module to use. There are two basic commands to interact with a module: info and use.

Get information on a module

Ini order to get more information about a module, it is possible to use the info command. In order to do that, simply type info followed by the name of the module.

For instance:

info exploit/unix/ftp/vsftpd_234_backdoor (”exploit/unix/ftp/vsftpd_234_backdoor” is the name of the module)

Name: VSFTPD v2.3.4 Backdoor Command Execution
     Module: exploit/unix/ftp/vsftpd_234_backdoor
   Platform: Unix
       Arch: cmd
 Privileged: Yes
    License: Metasploit Framework License (BSD)
       Rank: Excellent
  Disclosed: 2011-07-03

Provided by:
  hdm <x@hdm.io>
  MC <mc@metasploit.com>

Available targets:
      Id  Name
      --  ----
  =>  0   Automatic

Check supported:
  No

Basic options:
  Name    Current Setting  Required  Description
  ----    ---------------  --------  -----------
  RHOSTS                   yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
  RPORT   21               yes       The target port (TCP)

Payload information:
  Space: 2000
  Avoid: 0 characters

Description:
  This module exploits a malicious backdoor that was added to the 
  VSFTPD download archive. This backdoor was introduced into the 
  vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 
  according to the most recent information available. This backdoor 
  was removed on July 3rd 2011.

References:
  OSVDB (73573)
  http://pastebin.com/AetT9sS5
  http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html

View the full module info with the info -d command.

You’ll see information about module and what it does, as well as the different options the module supports. In this particular module, the two possible options are RHOSTS and RPORT.

Use a specific module

To be able to use a specific module from metasploit you need to use the “use” command, followed by the name of the module.

use exploit/unix/ftp/vsftpd_234_backdoor (”exploit/unix/ftp/vsftpd_234_backdoor” is the name of the module)

msf6 > use exploit/unix/ftp/vsftpd_234_backdoor 
[*] No payload configured, defaulting to cmd/unix/interact
msf6 exploit(unix/ftp/vsftpd_234_backdoor) >

After this you’ll enter in the specific commands for the module. Bellow there is a list of commands that can used with a particular module:

Module Commands
===============

    Command       Description
    -------       -----------
    advanced      Displays advanced options for one or more modules
    back          Move back from the current context
    clearm        Clear the module stack
    favorite      Add module(s) to the list of favorite modules
    favorites     Print the list of favorite modules (alias for `show favorites`)
    info          Displays information about one or more modules
    listm         List the module stack
    loadpath      Searches for and loads modules from a path
    options       Displays global options or for one or more modules
    popm          Pops the latest module off the stack and makes it active
    previous      Sets the previously loaded module as the current module
    pushm         Pushes the active or list of modules onto the module stack
    reload_all    Reloads all modules from all defined module paths
    search        Searches module names and descriptions
    show          Displays modules of a given type, or all modules
    use           Interact with a module by name or search term/index

In order to learn about the specific options of a module you can use either the options or the advanced commands.

Module options (exploit/unix/ftp/vsftpd_234_backdoor):

   Name    Current Setting  Required  Description
   ----    ---------------  --------  -----------
   RHOSTS                   yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT   21               yes       The target port (TCP)

Payload options (cmd/unix/interact):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------

Exploit target:

   Id  Name
   --  ----
   0   Automatic

View the full module info with the info, or info -d command.

If you which to leave the module, simply use the “back” command.

Location of Metasploit Framework

Metasploit Framework is located on Kali Linux on the following directory:

/usr/share/metasploit-framework

──(kali㉿kali)-[~]
└─$ cd /usr/share/metasploit-framework 
                                                                                                                                                                                                                                
┌──(kali㉿kali)-[/usr/share/metasploit-framework]
└─$ ls -la
total 176
drwxr-xr-x  14 root root  4096 Mar 10 08:47 .
drwxr-xr-x 368 root root 12288 Mar 24 08:01 ..
drwxr-xr-x   5 root root  4096 Mar 10 08:47 app
drwxr-xr-x   2 root root  4096 Mar 10 08:47 .bundle
drwxr-xr-x   3 root root  4096 Mar 17 10:54 config
drwxr-xr-x  26 root root  4096 Mar 10 08:47 data
drwxr-xr-x   3 root root  4096 Mar 10 08:47 db
drwxr-xr-x   6 root root  4096 Mar 10 08:47 docs
lrwxrwxrwx   1 root root    27 Feb 24 03:22 documentation -> ../doc/metasploit-framework
-rw-r--r--   1 root root  1483 Feb 24 03:22 Gemfile
-rw-r--r--   1 root root 13521 Feb 24 03:22 Gemfile.lock
drwxr-xr-x  16 root root  4096 Mar 10 08:47 lib
-rw-r--r--   1 root root  9773 Feb 24 03:22 metasploit-framework.gemspec
drwxr-xr-x   9 root root  4096 Mar 10 08:47 modules
-rwxr-xr-x   1 root root   798 Feb 24 03:22 msfconsole
-rwxr-xr-x   1 root root  2807 Feb 24 03:22 msfd
-rwxr-xr-x   1 root root  5854 Feb 24 03:22 msfdb
-rw-r--r--   1 root root  1313 Feb 24 03:22 msf-json-rpc.ru
-rwxr-xr-x   1 root root  2212 Feb 24 03:22 msfrpc
-rwxr-xr-x   1 root root  9580 Feb 24 03:22 msfrpcd
-rwxr-xr-x   1 root root   166 Feb 24 03:22 msfupdate
-rwxr-xr-x   1 root root 14074 Feb 24 03:22 msfvenom
-rw-r--r--   1 root root   427 Feb 24 03:22 msf-ws.ru
drwxr-xr-x   2 root root  4096 Mar 10 08:47 plugins
-rwxr-xr-x   1 root root  1316 Feb 23 11:02 Rakefile
-rwxr-xr-x   1 root root   876 Feb 24 03:22 ruby
-rwxr-xr-x   1 root root   140 Feb 24 03:22 script-exploit
-rwxr-xr-x   1 root root   141 Feb 24 03:22 script-password
-rwxr-xr-x   1 root root   138 Feb 24 03:22 script-recon
drwxr-xr-x   5 root root  4096 Mar 10 08:47 scripts
drwxr-xr-x  13 root root  4096 Mar 10 08:47 tools
drwxr-xr-x   3 root root  4096 Mar 10 08:47 vendor

You may go to this directory and take a look at its structure and components and at the same time have a look at some metasploit scripts (they are written in Ruby programming language).

For instance edit:

nano /usr/share/metasploit-framework/modules/exploits/unix/ftp/vsftpd_234_backdoor.rb

And have a look at the source-code:

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::Tcp

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'VSFTPD v2.3.4 Backdoor Command Execution',
      'Description'    => %q{
          This module exploits a malicious backdoor that was added to the       VSFTPD download
          archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between
          June 30th 2011 and July 1st 2011 according to the most recent information
          available. This backdoor was removed on July 3rd 2011.
      },
      'Author'         => [ 'hdm', 'MC' ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'OSVDB', '73573'],
          [ 'URL', 'http://pastebin.com/AetT9sS5'],
          [ 'URL', 'http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html' ],
        ],
      'Privileged'     => true,
      'Platform'       => [ 'unix' ],
      'Arch'           => ARCH_CMD,
      'Payload'        =>
        {
          'Space'    => 2000,
          'BadChars' => '',
          'DisableNops' => true,
          'Compat'      =>
            {
              'PayloadType'    => 'cmd_interact',
              'ConnectionType' => 'find'
            }
        },
      'Targets'        =>
        [
          [ 'Automatic', { } ],
        ],
      'DisclosureDate' => '2011-07-03',
      'DefaultTarget' => 0))

    register_options([ Opt::RPORT(21) ])
  end

References

Here are some more additional references about Metasploit:

PreviousAbout the Metasploit FrameworkNextExploitation with Metasploit Framework

Last updated