Metasploit 5.0 for Beginners E-Book

Metasploit 5.0 for Beginners Second Edition

Perform penetration testing to secure your IT environment against threats and vulnerabilities

Sagar Rahalkar

BIRMINGHAM—MUMBAI

Metasploit 5.0 for Beginners Second Edition

Copyright © 2020 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin Boricha

Acquisition Editor: Rohit Rajkumar

Senior Editor: Rahul Dsouza

Content Development Editor: Alokita Amanna

Technical Editor: Sarvesh Jaywant

Copy Editor: Safis Editing

Project Coordinator: Neil Dmello

Proofreader: Safis Editing

Indexer: Pratik Shirodkar

Production Designer: Aparna Bhagat

First published: July 2017

Second edition: April 2020

Production reference: 1080420

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-83898-266-9

www.packt.com

Packt.com

Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

Contributors

About the author

Sagar Rahalkar is a seasoned InfoSec (IS) professional, having 13 years of comprehensive experience in various verticals of IS. His domains of expertise are mainly cybercrime investigations, digital forensics, AppSec, VAPT, compliance, and IT GRC. He holds a master's degree in computer science and several industry-recognized certifications, such as Certified Cyber Crime Investigator, CEH, ECSA, ISO 27001 LA, IBM certified Specialist-Rational AppScan, CISM, and PRINCE2. He has been closely associated with Indian law enforcement agencies for more than 3 years, dealing with digital crime investigations and related training, and has received several awards and appreciation from senior officials of the police and defense organizations in India.

About the reviewers

Vaibhav Tole (MCA, CCISO, CRISC, CISA, CEH, Prince2 Foundation) is a multidisciplinary Cyber Security Professional with wide experience in areas including cyber threat intelligence, anti-cybercrime investigations, big data analytics, incident response advisory, vulnerability assessment, application and product security, IS risk, and project management. Apart from being a cybersecurity professional, Vaibhav is an accomplished musician (a pianist with a Grade 8 – Piano Solo from Trinity College London) and a composer and has also founded a band named RURRER. His special interests include conceptualizing and implementing cross-functional interdisciplinary projects in fields such as computational music, healthcare, and IS.

Parag Patil is an IS professional currently associated with Qualys Incorporation as a manager for cloud security and compliance research. For more than 10 years, Parag has extensively worked on digital forensics, IAM, security monitoring/Sec-OPs, security training, security compliance audits, vulnerability management, penetration testing, and IS research. He is the author of CIS benchmarks for AWS, Azure, and GCP.

Thanks to my friends Mahesh Navaghane and Sagar Rahalkar (the author of this book), my sister, Aditi Sahasrabudhe, and my wife, Monika, and daughter, Ira, who have always been there for me through all the ups and downs I have ever experienced in my life.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Preface

Who this book is forvii

What this book coversviii

To get the most out of this bookix

Download the color imagesx

Conventions usedx

Get in touchxi

Reviewsxii

Section 1: Introduction and Environment Setup

Chapter 1: Introduction to Metasploit and Supporting Tools

Technical requirements4

The importance of penetration testing4

Understanding the difference between vulnerability assessments and penetration testing4

The need for a penetration testing framework5

Introduction to Metasploit6

Introduction to new features in Metasploit 5.06

When to use Metasploit7

Making Metasploit effective and powerful using supplementary tools10

Nessus10

NMAP12

w3af14

Armitage15

Summary16

Exercise17

Further reading17

Chapter 2: Setting Up Your Environment

Using Metasploit on a Kali Linux virtual machine20

Installing Metasploit on Windows22

Installing Metasploit on Linux27

Setting up Docker29

Setting up vulnerable targets in a VM31

Setting up the vulnerability emulator34

Summary35

Exercises35

Chapter 3: Metasploit Components and Environment Configuration

Technical requirements38

Anatomy and structure of Metasploit38

Metasploit components and environment configuration39

Auxiliaries39

Payloads41

Exploits42

Encoders43

NOPs43

Post44

Evasion45

Getting started with msfconsole45

Variables in Metasploit54

Updating the Metasploit Framework56

Summary57

Exercise58

Further reading58

Section 2: Practical Metasploit

Chapter 4: Information Gathering with Metasploit

Technical requirements62

Information gathering and enumeration on various protocols62

Transmission Control Protocol62

User Datagram Protocol63

File Transfer Protocol64

Server Message Block67

Hypertext Transfer Protocol69

Simple Mail Transfer Protocol73

Secure Shell74

Domain Name System78

Remote Desktop Protocol78

Password sniffing with Metasploit79

Advanced search using Shodan80

Summary82

Exercises83

Further reading83

Chapter 5: Vulnerability Hunting with Metasploit

Technical requirements86

Managing the database86

Managing workspaces87

Importing scans88

Backing up the database90

NMAP90

NMAP scanning approach91

Nessus92

Scanning using Nessus from within msfconsole93

Vulnerability detection with Metasploit auxiliaries94

Auto-exploitation with db_autopwn95

Exploring post exploitation96

What is Meterpreter?96

Introduction to msf utilities103

msf-exe2vbs104

msf-exe2vba104

msf-pdf2xdp105

msf-msf_irb106

msf-pattern_create106

msf-virustotal106

msf-makeiplist108

Summary109

Exercises110

Further reading110

Chapter 6: Client-Side Attacks with Metasploit

Understanding the need for client-side attacks112

What are client-side attacks?113

Exploring the msfvenom utility115

Generating a payload with msfvenom117

Using MSFvenom Payload Creator (MSFPC)120

Social engineering with Metasploit122

Generating malicious PDFs123

Creating infectious media drives127

Using browser autopwn128

Summary130

Exercises131

Chapter 7: Web Application Scanning with Metasploit

Technical requirements134

Setting up a vulnerable web application 134

Setting up Hackazon on Docker136

Setting up OWASP Juice Shop137

Web application scanning using WMAP139

Metasploit auxiliaries for web application enumeration and scanning144

Summary149

Exercise149

Chapter 8: Antivirus Evasion and Anti-Forensics

Technical requirements152

Using encoders to avoid antivirus detection152

Using the new evasion module156

Using packagers and encrypters158

Understanding what a sandbox is161

Using Metasploit for anti-forensics162

Timestomp163

Clearev166

Summary169

Exercises169

Further reading169

Chapter 9: Cyber Attack Management with Armitage

Technical requirements172

What is Armitage?172

Starting the Armitage console172

Scanning and enumeration175

Finding and launching attacks177

Summary182

Exercise182

Further reading182

Chapter 10: Extending Metasploit and Exploit Development

Technical requirements184

Understanding exploit development concepts184

Understanding buffer overflow185

Understanding fuzzers186

Understanding exploit templates and mixins186

Understanding Metasploit mixins189

Adding external exploits to Metasploit190

Summary193

Exercises194

Further reading194

Chapter 11: Case Studies

Case study 1196

Case study 2203

Summary216

Exercises216

Further reading216

Other Books You May Enjoy

Leave a review - let other readers know what you think219

Preface

For more than a decade or so, the use of technology has been rising exponentially. Almost all businesses are partially or completely dependent on the use of technology. From Bitcoin to the cloud to the Internet of Things (IoT), new technologies are popping up each day. While these technologies completely change the way we do things, they also bring threats along with them. Attackers discover new and innovative ways to manipulate these technologies for fun and profit! This is a matter of concern to thousands of organizations and businesses around the world. Organizations worldwide are deeply concerned about keeping their data safe. Protecting data is certainly important; however, testing whether adequate protection mechanisms have been put in place is equally important. Protection mechanisms can fail, hence testing them before someone exploits them for real is a challenging task. Having said that, vulnerability assessment and penetration testing have gained great importance and are now trivially included in all compliance programs. With vulnerability assessment and penetration testing done in the right way, organizations can ensure that they have put in the right security controls and they are functioning as expected! For many, the process of vulnerability assessment and penetration testing may look easy just by running an automated scanner and generating a long report with false positives. However, in reality, this process is not just about running tools but a complete life cycle. Fortunately, the Metasploit Framework can be plugged into almost every phase of the penetration testing life cycle, making complex tasks easier. This book will take you through some of the absolute basics of Metasploit Framework 5.x to the advanced and sophisticated features that the framework has to offer!

Who this book is for

If you are a penetration tester, ethical hacker, or security consultant who wants to quickly learn the Metasploit Framework to carry out elementary penetration testing in highly secured environments, then this book is for you. This book also targets users who have a keen interest in computer security, especially in the area of vulnerability assessment and penetration testing, and who want to develop practical skills in using the Metasploit Framework.

What this book covers

Chapter 1, Introduction to Metasploit and Supporting Tools, introduces the reader to concepts such as vulnerability assessment and penetration testing. Then, it explains the need for a penetration testing framework along with a brief introduction to the Metasploit Framework. Moving ahead, the chapter explains how the Metasploit Framework can be effectively used across all stages of the penetration testing life cycle, along with some supporting tools that extend the Metasploit Framework's capabilities. This chapter also introduces some of the new features of Metasploit 5.x.

Chapter 2, Setting up Your Environment, guides you through setting up the environment for the Metasploit Framework. This includes setting up the Kali Linux virtual machine, independently installing the Metasploit Framework on various platforms (such as Windows and Linux), and setting up exploitable or vulnerable targets in the virtual environment, along with Metasploit Vulnerable Services Emulator.

Chapter 3, Metasploit Components and Environment Configuration, covers the structure and anatomy of the Metasploit Framework, followed by an introduction to various Metasploit components. This chapter also covers the local and global variable configuration, along with how to keep the Metasploit Framework updated.

Chapter 4, Information Gathering with Metasploit, lays the foundation for information gathering and enumeration with the Metasploit Framework. It covers information gathering and enumeration for various protocols, such as TCP, UDP, FTP, SMB, HTTP, SSH, DNS, and RDP. It also covers extended usage of the Metasploit Framework for password sniffing, along with advanced search for vulnerable systems using Shodan integration.

Chapter 5, Vulnerability Hunting with Metasploit, starts with instructions on setting up the Metasploit database. Then, it provides insights on vulnerability scanning and exploiting using NMAP, Nessus, and the Metasploit Framework, concluding with the post-exploitation capabilities of the Metasploit Framework. It also provides a brief introduction to MSF utilities.

Chapter 6, Client-Side Attacks with Metasploit, introduces the key terminology related to client-side attacks. It then covers the usage of the msfvenom payload creator to generate custom payloads, along with the Social-Engineer Toolkit. The chapter concludes with advanced browser-based attacks using the browser_autopwn auxiliary module.

Chapter 7, Web Application Scanning with Metasploit, covers the procedure of setting up a vulnerable web application such as Hackazon and OWASP Juice Shop. It then covers the wmap module within the Metasploit Framework for web application vulnerability scanning, and concludes with some additional Metasploit auxiliary modules that can be useful in web application security assessment.

Chapter 8, Antivirus Evasion and Anti-Forensics, covers the various ways to prevent your payload from getting detected by various antivirus programs. These techniques include the use of encoders, binary packages, and encryptors, along with the latest evasion modules. The chapter also introduces various concepts for testing payloads and concludes with various anti-forensic features of the Metasploit Framework.

Chapter 9, Cyber Attack Management with Armitage, introduces a cyber attack management tool called Armitage, which can be used effectively along with the Metasploit Framework for complex penetration testing tasks. This chapter covers the various aspects of Armitage, including opening the console, performing scanning and enumeration, finding suitable attacks, and exploiting the target.

Chapter 10, Extending Metasploit and Exploit Development, introduces the various exploit development concepts, followed by how the Metasploit Framework can be extended by adding external exploits. The chapter concludes with an explanation of the Metasploit exploit templates and mixins that can be readily utilized for custom exploit development.

Chapter 11, Real-World Case Study, helps the reader to put all the knowledge they have learned throughout the book together to hack into targets in real-world scenarios. This will immensely help the reader to understand the practical importance of all the modules and plugins they've learned about throughout the book.

To get the most out of this book

You require the following:

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781838982669_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Download and install the msi file."

A block of code is set as follows:

#include <stdio.h>

void AdminFunction()

{

printf("Welcome!\n");

printf("You are now in the Admin function!\n");

}

void echo()

{

char buffer[25];

printf("Enter any text:\n");

scanf("%s", buffer);

printf("You entered: %s\n", buffer);

}

int main()

{

echo();

return 0;

}

Any command-line input or output is written as follows:

root@kali:~#apt-get install nmap

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Click on the Hosts menu."

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packt.com.

Section 1: Introduction and Environment Setup

You will learn to setup the Metasploit environment efficiently before getting into the details of the framework.

This section comprises the following chapters:

Chapter 1, Introduction to Metasploit & Supporting Tools

Chapter 2, Setting Up your Environment

Chapter 3, Metasploit Components and Environment Configuration

Chapter 1: Introduction to Metasploit and Supporting Tools

Before we take a deep dive into various aspects of the Metasploit Framework, let's first lay a solid foundation of some of the absolute basics. In this chapter, we'll conceptually understand what penetration testing is all about and where the Metasploit Framework fits in exactly. We'll also browse through some of the additional tools that enhance the Metasploit Framework's capabilities.

In this chapter, we will cover the following topics:

Technical requirements

The following software is required:

The importance of penetration testing

For over a decade or so, the use of technology has been rising exponentially. Almost all businesses are partially or completely dependent on the use of technology. From Bitcoins to the cloud to the Internet of Things (IoT), new technologies are popping up each day. While these technologies completely change the way we do things, they also bring along threats with them. Attackers discover new and innovative ways to manipulate these technologies for fun and profit! This is a matter of concern for thousands of organizations and businesses around the world.