Metasploit Framework

MAIN COMPONENTS

Auxiliary: Scanners, crawlers, fuzzers, etc.

Encoders: Signature AV Evasion

Evasion: Better than encoders

Exploits

NOPs (No Operation): Used as a buffer to achieve consistent payload sizes

PAYLOADS

1) Singles

2) Stagers

3) Stages

Singles = Self-contained payloads that do not need to download an additional component to run

Stages = Downloaded by the stager. Tis will allow you to use larger sized payloads

Stagers = Responsible for setting up a connection channel between Metasploit and the target system. Useful when working with staged payloads.

"Staged payloads" will first upload a stager on the target system then download the rest of the payload (stage). This provides some advantages as the initial size of the payload will be relatively small compared to the full payload sent at once.

Single payloads format: shell_reverse

Staged payloads format: shell/reverse

POST = Post exploitation modules for privilege escalation/lateral movement

USING AN EXPLOIT

Example:

use exploit/windows/smb/ms17_010_eternalblue

show options: Shows context for modules

show payloads (self explanatory)

search = Searches modules 

set/unset PARAMETER VALUE

exploit/run = Runs the module

-z = Runs the module and backgrounds the session

Check = Checks if target is vulnerable

SESSIONS

Background/CTRL+Z = Backgrounds session

sessions -i NUM = Interacts with session

METASPLOIT DATABASE

How to use:

1) service postgresql start

systemctl start postgresql 

2)

msfdb init

3)

msfconsole -> dbstatus

Workspace : -a = Add workspace -d = Delete workspace

PROTIP: Metasploit also has vulnerability scanners for each service.

MISCELLANEOUS TRICKS

1) Searches for a specific CVE within the Metasploit framework

search cve:cve-XXXX-XXXXX