Every year, breaches of users’ information and privacy cause huge financial and credit losses to organizations, half of which are caused by cyber-attacks. By conducting a penetration test, companies can prevent data breaches caused by cyber-attacks. Because penetration testing projects include attack simulation along with other techniques. Penetration testing allows businesses to identify vulnerabilities in their IT infrastructure. In the rest of this article, we will tell you how to become a Metasploit Expert on Kali Linux.
Understanding the basics of penetration testing
Penetration testing, also known as Pen Test, is one of the most common and standard methods of security and penetration testing of web applications. Pen Test runs simulated attacks on the website from inside and outside to find out which parts of our website have security weaknesses. It is recommended that all websites in the world use Pen Test so that they can find out the security weakness of their site before hackers and correct it quickly.
The main issue here is that many web applications request sensitive user data and store it in their database. This makes web applications a mine of valuable information. Therefore, hackers have shown great interest in databases. The situation becomes dire when we consider the generality of web applications!
By performing pen test, we pursue the following goals:
- Detecting system vulnerabilities that were previously unknown
- Checking the effectiveness of the current website security rules
- Testing active security components on a site such as a firewall and DNS
- Identifying the weakest parts of the program
- Identifying the appropriate parts of the site for data leakage
Getting started with Kali Linux
Kali Linux is a security distribution of Linux derived from Debian and used specifically for computer crime prevention and advanced penetration testing. This version was developed through the BackTrack rewrite by Mati Aharoni and Devon Kearns of Offensive Security.
Kali Linux includes several hundred tools that have been assembled to perform various tasks in the field of information security, such as penetration testing, security research, computer crimes, and reverse engineering.
Kali Linux has more than 600 penetration testing applications installed on it, each of which you need to discover. Each program has its own flexibilities and uses. Kali Linux has done a great job of separating these useful tools into the following categories:
- Information gathering
- Vulnerability analysis
- Wireless attacks
- Web applications
- Exploit tools
- stress test
- Criminological tools
- wiretapping and forgery
- Password attacks
- Maintenance accesses
- Reverse Engineering
- Reporting tools
- Hardware hacking
In the rest of this article, we will teach how to install and set up Metasploit on Kali Linux.
Installing and setting up Metasploit on Kali Linux
Before starting the installation and configuration process, we recommend you use the Linux VPS server plans provided on our website. In this section, we want to teach you how to install and run Metasploit. To do this, simply run the following command in the Kali terminal:
sudo apt install metasploit-framework
One thing to note is that the Metasploit Service Framework requires the PostgreSQL database service to run. Therefore, you can activate the PostgreSQL service using the following command:
sudo systemctl enable --now postgresql
Now you can start PostgreSQL by running the following command:
sudo /etc/init.d/postgresql start
Confirm PostgreSQL using the following command:
systemctl status postgresql@*-main.service
sudo /etc/init.d/postgresql status
Considering that PostgreSQL’s default port is 5432, it is necessary to confirm that the service is active:
sudo ss -ant | grep 5432
In the next step, it is necessary to enter the Rapid7 signature key with the following command:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb> msfinstall && chmod 755 && msfinstall && ./msfinstall
Start the Metasploit PostgreSQL database by running the following command:
sudo msfdb init
sudo msfdb run
sudo msfdb init && msfconsole
You can now configure the Metasploit Framework Service and launch the Metasploit Service Framework (msf) console on your system. Therefore, in the first step, you need to check the database connection:
sudo msfconsole -q
msf5 > db_status
Metasploit modules and functionalities
Metasploit modules are the main components of the Metasploit framework. A module is a piece of software that can perform a specific action such as scanning or exploiting. Every task you can do with Metasploit is defined in a module.
There are four main types of Metasploit modules:
1) Exploit modules: These modules execute code on a target using a vulnerability. Exploit modules can be used to gain access, elevate privileges, or execute commands on a target system.
2) Auxiliary modules: These modules perform various support tasks such as scanning, fingerprinting, sniffing, or brute-forcing. Auxiliary modules can be used to gather information, test for vulnerabilities, or launch denial-of-service attacks.
3) Payload modules: These modules define the code that is executed on a target after a successful exploit. Payload modules can be used to create a shell, execute commands, upload or download files, or create processes on a target system.
4) Post-exploitation modules: These modules are executed after the successful implementation of the exploit and payload. Post-exploitation modules can be used to maintain access, collect data, rotate to other targets, or cover routes to a target system.
To use Metasploit modules you must search for them using the search command and appropriate search operators such as name, platform, type, program, author, etc. You can also use the show command to view a list of all available modules of a specific type.
For example, to search for an exploit module for Windows that has the name “ms08-067”, you can use the following command:
search name:ms08-067 platform:Windows type:exploit
To view all the payload modules, you can use the following command:
Exploitation techniques using Metasploit
Exploitation techniques using Metasploit are the methods and steps that you can use to exploit vulnerabilities in systems or applications with the help of Metasploit modules and tools.
These are some of the exploitation techniques using Metasploit that you can use to test or compromise systems or applications:
1) Automated exploitation: Metasploit Pro can build an attack plan based on the service, operating system, and vulnerability information it has for the target system and use it to execute an automated exploit. An attack plan defines the exploit modules that Metasploit Pro will use to attack target systems. To run an automated exploit, you need to specify the hosts you want to exploit and the minimum reliability settings that Metasploit Pro should use.
2) Autopwn: Autopwn is a tool that can be used to automatically execute all exploits against open ports of a target system. This is a feature of Metasploit Express and Metasploit Pro, but can also be used with the Metasploit framework using the db_autopwn command. Autopwn requires a database to store scan results and exploit options.
3) AutoSploit: AutoSploit is a Python-based tool that uses Shodan and Metasploit modules to automate mass exploitation of remote hosts. This allows you to search for targets based on keywords or filters in Shodan and then launch Metasploit exploits against them. You can also customize exploit options and load-outs or use random ones. Scan and/or exploit results appear in the Metasploit console and in the output file(s).
4) Manual Exploitation: Manual Exploitation is the process of selecting and configuring an Exploit Module according to the target system or application, setting required options such as RHOSTS, RPORT, LHOST, LPORT, etc. Manual exploitation gives you more control and flexibility over the exploitation process, but it also requires more knowledge and skill.
Post-exploitation and gaining control
Post-exploitation and gaining control are the processes of performing actions on a target system or network after successful exploitation. It can include collecting information, maintaining access, escalating privileges, pivoting to other targets, or covering tracks. Gaining control can involve creating shells, executing commands, uploading or downloading files, or spawning processes on a target system.
Some of the tools and techniques you can use to post-exploit and gain control include:
1) Meterpreter: Meterpreter is a powerful payload that runs in memory and provides an interactive shell for the target system. It supports various commands and modules that can perform post-exploitation tasks, such as collecting system information, removing passwords, taking screenshots, recording keystrokes, migrating processes, etc.
2) Post-Exploitation Modules: Metasploit has a class of modules called post-exploitation modules that are executed after the successful execution of the exploit and payload. These modules can perform various actions on the target system or network, such as collecting data, maintaining access, routing to other targets, or masking routes. For example, the post/windows/gather/hashdump module dumps password hashes from the SAM database on a Windows system.
3) C2 frameworks: C2 frameworks are tools that allow you to remotely control vulnerable machines through a command and control (C&C) infrastructure. C2 frameworks can help you manage multiple sessions, execute commands, transfer files, or perform further attacks on the target network. Some popular C2 frameworks include Cobalt Strike, Covenant, Empire, etc.
4) Privilege escalation techniques: Privilege escalation is the process of obtaining higher privileges or access rights on a target system or network. The increase in score can be vertical (from a lower score to a higher score) or horizontal (from one user account to another with the same score level). Elevation can be achieved by exploiting vulnerabilities in the system or application, misconfiguration, weak passwords, etc.
Advanced Metasploit techniques and tools
Advanced Metasploit techniques and tools are methods and features that you can use to perform more complex and sophisticated penetration testing tasks with Metasploit. Some advanced Metasploit techniques and tools include:
1) Database Support: Metasploit can integrate with a database to store and manage scan results, hosts, services, vulnerabilities, credentials, loot, etc. It can help you organize and analyze data and share it with other users or tools. Metasploit supports PostgreSQL, MySQL, and SQLite databases.
2) Evading anti-virus: Metasploit can help you evade antivirus detection by using various techniques such as encoding, encryption, obfuscation, or polymorphism. You can use the msfvenom tool to generate payloads with different codecs or formats or use escape modules to create executables that can bypass standard antivirus solutions.
3) Exploit ranking: Metasploit assigns a ranking to each exploit module based on its reliability, stability, and side effects. The ranking can help you choose the best exploit for your target system or application. The ranking levels are excellent, great, good, normal, average, low, and manual.
4) Hashes and password cracking: Metasploit can help you collect and crack password hashes from various sources such as Windows SAM database, Linux shadow files, or network protocols.
5) Metasploit plugins: Metasploit plugins are Ruby scripts that extend the functionality of Metasploit by adding new features or commands. You can use the load command to load a plugin or the show plugins command to view the available plugins. Some useful plugins are auto_add_route, sounds, wmap, etc.
6) Payload UUID: Payload UUID is a feature that allows you to track and identify your shipments by assigning an identifier (UUID). This can help you manage loads and multiple meetings more easily and also avoid conflicts or collisions. You can use msfvenom tool to generate payload with UUID.
Metasploit best practices and ethical considerations
Regarding Metasploit’s best practices, you should know that you need to use a VPS or VPN server or a proxy to hide your real IP address and protect your anonymity. In other words, it is recommended not to expose your identity or location to the target or third parties. The next thing is to watch out for payloads that can cause damage to the target system or network. Do not use payloads that can delete files, corrupt data, or disrupt services unless you have a specific reason and permission to do so.
Keep your Metasploit up to date with the latest exploits and patches. Do not use outdated or unreliable exploits that may fail or cause unintended consequences.
In the following, we will explain some ethical considerations that you should keep in mind when using Metasploit.
Do not harm the target system or network beyond the scope of penetration testing or exploitation. In other words, don’t use Metasploit to harm, disrupt, or steal data or resources. We recommend that you do not violate the laws or regulations of the country or region where you are conducting penetration testing or exploitation. Do not use Metasploit to attack systems or networks protected by law or owned by government, military, or critical infrastructure entities.
One of the most important ethical issues when using Metasploit tools is not to disclose vulnerabilities or exploits you discover or use to anyone who might exploit them. Do not share or sell information or tools you obtain from Metasploit to hackers, criminals, or competitors. Do not impersonate the owner or administrator of the target system or network. We also recommend that you do not use Metasploit to gain unauthorized access to accounts, credentials, or privileges that do not belong to you.
Becoming a certified Metasploit expert
If you want to become a certified Metasploit expert, you have a few options to learn. You must learn how to:
- Perform network discovery and vulnerability scanning
- Exploit and validate vulnerabilities
- Conduct phishing campaigns and test web applications
- Use post-exploitation modules and pivot techniques
- Report production and project management
- Master the Metasploit console and command line interface
- Use Metasploit modules, exploits, payloads, and utilities
- Avoid antivirus detection and bypass security controls
- Conduct spear-phishing attacks and social engineering campaigns
- Use Meterpreter for post-exploitation detection and manipulation
These are some of the options you can consider if you want to become a certified Metasploit expert.
Today, the Metasploit framework has more than 1,677 Metasploit applications organized on more than 25 platforms and operating systems, including Java, Android, Python, PHP, Cisco, and more. Static payloads that enable port forwarding and communication between networks and shell worker payloads that allow users to execute random scripts or commands against the host and target are among Metasploit payloads. In this article, we tried to explain Metasploit Zero to Hero to you to become a Metasploit Expert on Kali Linux.