In this lesson, I'll talk about Metasploit. Metasploit is really essentially framework, that's what it's actually called Metasploit framework. Where we have a bunch of different tools that are combined together to come up with a penetration testing platform. There's a lot of things that Metasploit can do. If we actually look at the Metasploit framework here., we're going to go into, this is our Linux system, and we're going to look at the modules that it has. If we go into auxiliary, we can run a lot of different auxiliary tools within Metasploit. So we have things like inside of a scanner, we have imap. We have sniffers built-in, we have pdf writers. Anything that helps us either evaluate a system or compromise a system. Metasploit will actually help you if you want to use just one tool. And remember that, the penetration testing process is not directly about tools, it's about the process. But, it can help you with the entire process because it has built-in imap, it has built-in vulnerability scan, or we can do that as well. And it will also help you, definitely help you with exploitation. So if we drill down into, we also have in coders, this allows us to create better exploits. The actual exploits are located in exploits. So let's say that I want a windows exploit. And I want to, Exploit something on ftp. Okay, here are all the exploits for Windows, and these are updated constantly. If you go to exploit-db.com, a lot of the information that you're going to get off of exploit-db.com could be put into the Metasploit framework. Exploits are also done for other operating systems such as Apple or Linux, Android for example. Anything that's running on operating system essentially we can write exploit for. We can even use Metasploit to create phishing messages as well. We have nops. Nops sleds are, Basically no-operations that would tell the operating system, don't do any action, and that increases the chance of are getting an exploit to work. There's nops sleds for a variety of different platforms, x64, x86. Our payloads are what we're going to actually once we've exploited the system, we're going to deploy a payload to interact with that system. We can either do singles, or there's stagers such as Meterpreter, which is basically a reverse handler that allows us to connect and to interact with the system. So let's use something that we've already looked at before. We're going to go back to Nessus. And we're going to open up our uncredentialed scan. Our uncredentialed scan has few critical vulnerabilities. And these are all very easy to exploit because VNC, we can just, well, let's do that real quick. Let's use some information that we got of Nessus, so we're not going to even worry about Metasploit at the moment. But if we just type in vncviewer, and the IP address, 128.198.44.210, it's going to ask me for password and because, the password is password, it was identified as a default password. I'm just going to type that in and look here is my system that I just compromised and I'm root. Here, if I just type in, who am I? I can see that I'm root. We're going to get out of there, and let's go back to the scan. Now remember, that we looked at all the information, all the plugins you can identify some part of the operating system. Let's first look at this FTP Server Detection. So, it was identified that vsFTPd 2.3.4 is in the system. Now, it didn't actually say that it was vulnerable, however, this is a vulnerable version. You can use Nessus to gain the information that you need in order to exploit it. So we're going to go to the Metasploit framework. The Metasploit framework is the easiest command line option in my opinion. There's other software that you can run, such as Armitage, which is the graphical user interface for Metasploit. Or you can run the community edition of Metasploit. There's also professional versions of Metasploit that will compromise systems for you. So let's search for vsftpd. Came back with the module located in exploit and then unix ftp and here's my actual back door in the version 2.3.4 version of vsftbd. So we're going to type in use, And Copy the string. And let's show what options we need to set to make sure it works. I need to set the receiving host and the receiving port, but the port is already at port 21, which it has identified here as having the vulnerable version. So I'm going to type in, set RHOST, and the IP address. And just type in, exploit, because those are the only two options, or the only one option, that I need. Looks like backdoor service has spawned handling. Looks like it grabbed my UID, its root. And its opened a command shell. And let's see what I can type in. So I'm going to type in, whoami. I am root. If I type in hostname, and there it is, metasploitable. Now, metasploitable is a vulnerable distribution, designed to show you what you can do with Metasploit. But, it is a safe version because no production information should be on this system. Exit out and we're going to abort that session. Okay, let's look at one more exploit real quick. Let's go back to our Nessus session, and look back at the vulnerabilities. Now if we scroll down, let's look for another one. Here we go, IRC. The IRC server is running Unreal3.2.8.1. Running on port 6667. So let's go back to our Linux system here and, Search for unreal. Okay, and here is a backdoor program, so I'm going to use this instead, let's Copy this. We'll say, use. So now our exploit has changed. And let's show options here. And all we need to do on this one as well is set the receiving host. So set RHOST 128.198.44.210, And exploit. Let's try that one more time. Okay, so it's able to run that command, exploited the system. It didn't tell me much when I entered the command, but I was able to execute whoami, and again, it showed up as root. So, there's a lot of different ways that you can use Metasploit. I've used Metasploit before for ShellShock, I've used it for Heartbleed. There's a lot more that you can do, especially using other payloads. You don't have to open a session. You could actually look at VNC Viewer, that's also built into to Metasploit. We could execute that and look at somebody's Windows machine, for example. There's all kinds of things that we can use Metasploit for. But, it's an easy framework that we can use to exploit systems. But again, you need to be careful that you're only doing this and you're only using this with your own systems.
