PARTE I – INTERFACES

A poderosa ferramenta Metasploit foi criada por HD Moore em 2003 usando a linguagem de script Perl. Mais tarde, o Metasploit Framework foi totalmente reescrito na linguagem de programação Ruby. Em 21 de outubro de 2009, o Projeto Metasploit anunciou, que tinha sido adquirida pela Rapid7, uma empresa de segurança que fornece soluções de gerenciamento unificado de vulnerabilidade. É amplamente utilizada para testar a vulnerabilidades em sistemas informáticos.

Interfaces Metasploit

O Metasploit possui algumas interfaces e você escolhe qual a melhor opção.

  • Interface MSFCLI (Metasploit Framework Command Line Interface)
    Uma interface de linha de comando CLI apesar de poderosa é a menos amigável.
 msfcli

[*] Please wait while we load the module tree...
auxiliary/scanner/dcerpc/tcp_dcerpc_auditor                     DCERPC TCP Service Auditor
    auxiliary/scanner/dect/call_scanner                             DECT Call Scanner
    auxiliary/scanner/dect/station_scanner                          DECT Base Station Scanner
    auxiliary/scanner/discovery/arp_sweep                           ARP Sweep Local Network Discovery
    auxiliary/scanner/discovery/ipv6_multicast_ping                 IPv6 Link Local/Node Local Ping Discovery

      ...... RESULTADOS OMITIDOS ................
 msfcli -h
Usage: /opt/metasploit/msf3/msfcli   [mode]
=======================================================================

    Mode           Description
    ----           -----------
    (A)dvanced     Show available advanced options for this module
    (AC)tions      Show available actions for this auxiliary module
    (C)heck        Run the check routine of the selected module
    (E)xecute      Execute the selected module
    (H)elp         You're looking at it baby!
    (I)DS Evasion  Show available ids evasion options for this module
    (O)ptions      Show available options for this module
    (P)ayloads     Show available payloads for this module
    (S)ummary      Show information about this module
    (T)argets      Show available targets for this exploit module

Exemplo de utilização de exploit exploit ms08_067_netapi, repare o O ao final do comando para listar as opções:

 msfcli windows/smb/ms08_067_netapi O

[*] Please wait while we load the module tree...

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST                     yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)
  • A interface ARMITAGE
    Interface visual e amigável muito fácil de trabalhar

 

 

 

 

 

 

 

 

  • A interface MSFCONSOLE
    A mais eficaz interface, apesar de ser em modo texto também muito fácil de utilizar
 msfconsole

Stack: 90909090990909090990909090
       90909090990909090990909090
       90909090.90909090.90909090
       90909090.90909090.90909090
       90909090.90909090.09090900
       90909090.90909090.09090900
       ..........................
       cccccccccccccccccccccccccc
       cccccccccccccccccccccccccc
       ccccccccc.................
       cccccccccccccccccccccccccc
       cccccccccccccccccccccccccc
       .................ccccccccc
       cccccccccccccccccccccccccc
       cccccccccccccccccccccccccc
       ..........................
       ffffffffffffffffffffffffff
       ffffffff..................
       ffffffffffffffffffffffffff
       ffffffff..................
       ffffffff..................
       ffffffff..................

Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to kill the idle task!
In swapper task - not syncing

       =[ metasploit v4.2.0-release [core:4.2 api:1.0]
+ -- --=[ 805 exploits - 451 auxiliary - 135 post
+ -- --=[ 246 payloads - 27 encoders - 8 nops
       =[ svn r15549 updated 147 days ago (2012.02.23)

Warning: This copy of the Metasploit Framework was last updated 147 days ago.
         We recommend that you update the framework at least every other day.
         For information on updating your copy of Metasploit, please see:
             http://community.rapid7.com/docs/DOC-1306

Utilizando o MSFCONSOLE:

 msfconsole -h 
[*] exec: msfconsole -h

Usage: msfconsole [options]

Specific options:
    -d                               Execute the console as defanged
    -r                     Execute the specified resource file
    -o                     Output to the specified file
    -c                     Load the specified configuration file
    -m                    Specifies an additional module search path
    -p                       Load a plugin on startup
    -y, --yaml         Specify a YAML file containing database settings
    -e ,     Specify the database environment to load from the YAML
        --environment
    -v, --version                    Show version
    -L, --real-readline              Use the system Readline library instead of RbReadline
    -n, --no-database                Disable database support
    -q, --quiet                      Do not print the banner on start up

Common options:
    -h, --help                       Show this message
 msf> help

Core Commands
=============

    Command       Description
    -------       -----------
    ?             Help menu
    back          Move back from the current context
    banner        Display an awesome metasploit banner
    cd            Change the current working directory
    color         Toggle color
    connect       Communicate with a host
    exit          Exit the console
    help          Help menu
    info          Displays information about one or more module
    irb           Drop into irb scripting mode
    jobs          Displays and manages jobs
    kill          Kill a job
    load          Load a framework plugin
    loadpath      Searches for and loads modules from a path
    makerc        Save commands entered since start to a file
    popm          Pops the latest module off of the module stack and makes it active
    previous      Sets the previously loaded module as the current module
    pushm         Pushes the active or list of modules onto the module stack
    quit          Exit the console
    reload_all    Reloads all modules from all defined module paths
    resource      Run the commands stored in a file
    route         Route traffic through a session
    save          Saves the active datastores
    search        Searches module names and descriptions
    sessions      Dump session listings and display information about sessions
    set           Sets a variable to a value
    setg          Sets a global variable to a value
    show          Displays modules of a given type, or all modules
    sleep         Do nothing for the specified number of seconds
    spool         Write console output into a file as well the screen
    threads       View and manipulate background threads
    unload        Unload a framework plugin
    unset         Unsets one or more variables
    unsetg        Unsets one or more global variables
    use           Selects a module by name
    version       Show the framework and console library version numbers

Database Backend Commands
=========================

    Command        Description
    -------        -----------
    creds          List all credentials in the database
    db_connect     Connect to an existing database
    db_disconnect  Disconnect from the current database instance
    db_export      Export a file containing the contents of the database
    db_import      Import a scan result file (filetype will be auto-detected)
    db_nmap        Executes nmap and records the output automatically
    db_status      Show the current database status
    hosts          List all hosts in the database
    loot           List all loot in the database
    notes          List all notes in the database
    services       List all services in the database
    vulns          List all vulnerabilities in the database
    workspace      Switch between database workspaces

 

 

Autor: Sílvio César Roxo Giavaroto

É MBA Especialista em Gestão de Segurança da Informação, Tecnólogo em Redes de Computadores, C|EH Certified Ethical Hacker, atua como Pentest e Analista de Segurança em Servidores Linux no Governo do Estado de São Paulo, Professor Universitário ,  Instrutor C|EH e C|HFI.