Adblock Detected

Metasploit Object Model, Mixins and Plugins | Metasploit Tutorials

Reviewed by 0x000216 on Saturday, January 26, 2019 Rating: 5

Metasploit Modules and Locations | Metasploit Tutorials

Read

Metasploit Framwork Modules and Locations | Metasploit Tutorials

Almost all of your interaction with Metasploit will be through its many modules, which it looks for in two locations. The first is the primary module store under /usr/share/metasploit-framework/modules/ and the second, which is where you will store custom modules, is under your home directory at ~/.msf4/modules/.

All Metasploit modules are organized into separate directories, according to their purpose. A basic overview of the various types of Metasploit modules is shown below.

Exploits: In the Metasploit Framework, exploit modules are defined as modules that use payloads.

Auxiliary: Auxiliary modules include port scanners, fuzzers, sniffers, and more.

Payloads, Encoders and Nops: Payloads consist of code that runs remotely, while encoders ensure that payloads make it to their destination intact. Nops keep the payload sizes consistent across exploit attempts.

Loading Additional Module Trees
Metasploit gives you the option to load modules either at runtime or after msfconsole has already been started. Pass the -m option when running msfconsole to load additional modules at runtime.
If you need to load additional modules from with msfconsole, use the loadpath command:

From Offensive Security

Metasploit Modules and Locations | Metasploit Tutorials

Reviewed by 0x000216 on Saturday, January 05, 2019 Rating: 5

Metasploit Filesystem and Libraries | Metasploit Tutorials

Read

Metasploit Framwork Filesystem and Libraries

Understanding the Metasploit Framework Architecture
One can more easily understand the Metasploit architecture by taking a look under its hood. In learning how to use Metasploit, take some time to make yourself familiar with its filesystem and libraries. In Kali Linux and other distros (like Parrot Security OS), Metasploit is provided in the metasploit-framework package and is installed in the /usr/share/metasploit-framework directory.

Metasploit Framework Filesystem
The Metasploit Framework filesystem is laid out in an intuitive manner and is organized by directory. Some of the more important directories are briefly outlined below.

data directory: The data directory contains editable files used by Metasploit to store binaries required for certain exploits, wordlists, images, and more.

data

documentation directory: As its name suggests, the documentation directory contains the available documentation for the framework.

documentation

lib directory: The lib directory contains the ‘meat’ of the framework code base.

lib

modules directoty: The modules directory is where you will find the actual MSF modules for exploits, auxiliary and post modules, payloads, encoders, and nop generators.

modules

plugins directory: As you will see later in this course, Metasploit includes many plugins, which you will find in this directory.

plugins

scripts directory: The scripts directory contains Meterpreter and other scripts.

scripts

tools directory: The tools directory has various useful command-line utilities.

tools

Metasploit Libraries:
There are a number of MSF libraries that allow us to run our exploits without having to write additional code for rudimentary tasks, such as HTTP requests or encoding of payloads. Some of the most important libraries are outlined below.

Rex
* The basic library for most tasks.
* Handles sockets, protocols, text transformations, and others.
* SSL, SMB, HTTP, XOR, Base64, Unicode.

Msf::Core
* Provides the ‘basic’ API.
* Defines the Metasploit Framework.

Msf::Base
* Provides the ‘friendly’ API.
* Provides simplified APIs for use in the Framework.

From Offensive Security

Metasploit Filesystem and Libraries | Metasploit Tutorials

Reviewed by 0x000216 on Wednesday, January 02, 2019 Rating: 5

Metasploit Filesystem and Libraries | Metasploit Tutorials

Read

data

documentation directory: As its name suggests, the documentation directory contains the available documentation for the framework.

documentation

lib directory: The lib directory contains the ‘meat’ of the framework code base.

lib

modules directoty: The modules directory is where you will find the actual MSF modules for exploits, auxiliary and post modules, payloads, encoders, and nop generators.

modules

plugins directory: As you will see later in this course, Metasploit includes many plugins, which you will find in this directory.

plugins

scripts directory: The scripts directory contains Meterpreter and other scripts.

scripts

tools directory: The tools directory has various useful command-line utilities.

tools

From Offensive Security

Metasploit Filesystem and Libraries | Metasploit Tutorials

Reviewed by 0x000216 on Wednesday, January 02, 2019 Rating: 5

Requirements to build Metasploit Lab Environment | Metasploit Tutorials

Read

Prepare your Metasploit Lab Environment
Before learning how to use the Metasploit Framework, we first need to make sure that our setup will meet or exceed the system requirements outlined in the following sections. Taking the time to properly prepare your Metasploit Lab Environment will help eliminate many problems before they arise later in the course. We highly recommend using a system that is capable of running multiple virtual machines to host your labs.

Hardware Requirements for Metasploit Lab
All of the values listed below are estimated or recommended. You can get away with less in some cases but be aware that performance will suffer, making for a less than ideal learning experience.

Hard Drive Space
You will need to have, at minimum, 10 GB of available storage space on your host. Since we are using virtual machines with large file sizes, this means that we are unable to use a FAT32 partition since large files are not supported in that filesystem, so be sure to choose NTFS, ext3, or some other filesystem format. The recommended amount of space needed is 30 GB.
If you decided to create clones or snapshots of your virtual machine(s) as you progress through the course, these will also take up valuable space on your system. Be vigilant and do not be afraid to reclaim space as needed.

Available Memory
Failing to provide enough memory to your host and guest operating systems will eventually lead to system failure and/or result in being unable to launch your virtual machine(s). You are going to require RAM for your host OS as well as the amount of RAM that you are dedicating for each virtual machine. Use the guide below to help in deciding the amount of RAM required for your situation.

Linux “HOST” Minimal Memory Requirements: 1 GB of system memory (RAM). Realistically 2 GB or more
Kali “GUEST” Minimal Memory Requirements: At least 1 GB of RAM. Realistically 2 GB or more with a SWAP file of equal value
Metasploitable “GUEST” Minimal Memory Requirements: At least 256 MB of RAM (512 MB is recommended)
Windows “GUEST” Minimal Memory Requirements: 1 GB is recommended. Realistically 1 GB or more

Processor: To ensure the best experience, we recommend a 64-bit quad-core CPU or better. The bare-minimum requirement for VMware Player is a 400MHz or faster processor (500MHz recommended) but these speeds are inadequate for the purposes of this course. The more horsepower you can throw at your lab, the better.

Internet Accessibility: Getting your lab set up will require downloading some large virtual machines so you will want to have a good high-speed connection to do so. If you choose to use “Bridged” networking for your virtual machines and there is no DHCP server on your network, you will have to assign static IP addresses to your guest VMs.

Software Requirements for Metasploit Lab
Before jumping in to the Metasploit Framework, we will need to have both an attacking machine (Kali Linux) and a victim machine (metasploitable 2) as well as a hypervisor to run both in a safe and secluded network environment.
You can install Metasploit Framework with command: sudo apt install metasploit-framework

Hypervisor for Metasploit Lab
Our recommended hypervisor for the best out-of-the-box compatibility with Kali Linux and metasploitable is VMware Player. While VMware Player is “free”, you will have to register in order to download it, and the virtualization applications and appliances are well worth the registration if you do not already have an account. You may also use VMware Workstation or VMware Fusion but neither of these is free.
There are also other options available when it comes to which hypervisor you would like to use. In addition to VMware, two other commonly used hypervisors are VirtualBox and KVM but they are not covered here. Instructions for installing Kali Linux can be found on the Kali Training site.

Latest Kali Linux
Kali Linux is an advanced Penetration Testing and Security Auditing Linux distribution that will be used throughout this course. Kali Linux comes with Metasploit pre-installed along with numerous other security tools that you can try out against your victim machine. You can download the latest version of Kali Linux at Kali Linux Downloads.
Once you have downloaded Kali Linux, you can update Metasploit to the latest version in the repos by running apt update && apt upgrade in Terminal.

Windows (Of course)
Microsoft has made a number of virtual machines available that can be downloaded to test Microsoft Edge and different versions of Internet Explorer. We will be able to use these VMs when working with some of the exploits and tools available in Metasploit. You can download the VMs from here.
Once you have met the above system requirements, you should have no trouble running any tutorials from the Metasploit Unleashed course.

Metasploitable
One of the problems you encounter when learning how to use an exploitation framework is trying to find and configure targets to scan and attack. Luckily, the Metasploit team is aware of this and released a vulnerable VMware virtual machine called ‘Metasploitable’.
Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox. You can download the image file of Metasploitable 2 from here.

Never expose Metasploitable to an untrusted network, use NAT or Host-only mode!

Once you have downloaded the Metasploitable VM, extract the zip file, open up the .vmx file using your VMware product of choice, and power it on. After a brief time, the system will be booted and ready for action. The default login and password is msfadmin:msfadmin.

For more information on the VM configuration, there is a Metasploitable 2 Exploitability Guide on the Rapid7 website but beware…there are spoilers in it.
To contact the developers of Metasploit, please send email to msfdev@metasploit.com

From Offensive Security