Metasploit Framework - Ethical Hacking
Steps:
- Start Postgres database service
- Start msfconsole:
Modules in Metaploit include:
-
Exploits - takes advantage of a system's vulnerabilty
-
Payloads - is what is planted on the target system to gain access to exploit a system's vulnerability
-
Post
-
Encoders
-
Auxiliary
-
Nops
📌Help command - show most of accepted commands in the console.
use Command:
Allow usage of modules e.g
show Command:
Gives more information about a module being used
show options Command:
Gives the options that can be changed for a module depending on the exploit
show payloads Command:
Provide alls the paylods compatible with the exploit
show targets Command:
Display the targets to be expoited
show info Command:
Gives more information about the exploit
search Command:
Gives one the ability to find the module that one needs
It has also keywords such as:
-
platform - search for the targeted platform
-
type - type of module being searched
-
name - specifying the name of the exploit if known
set Command:
Allows to change the options available for a module depending on an exploit
📌 use show options command to view if all the options are set
exploit Command:
Runs the exploit together using all the set options
back Command:
takes one a step back from the previous ran command
exit Command:
Quits the msfconsole
Embedding Payloads to PDF Documents
Create the PDF:
Search and use the exploit:
Set payload:
Set other options e.g LHOST, LPORT, FILENAME, INFILENAME e.t.c
📌 INFILENAME option is where you provide the path to the custom file to embed the payload with.
Then run the command exploit to create the pdf file.
Run the listener:
Run the listener:
Set the payload:
Set other options e.g LHOST, LPORT
Then run the command exploit to run the listener.
Serve the PDF w/ Apache Web Server:
Move the payload to apache server and serve it for it to be downloaded: