Hackers use Metasploit to exploit known vulnerabilities in systems, allowing them to gain unauthorized access, escalate privileges, or deploy malicious payloads during penetration testing.
Key takeaways:
Metasploit is an open-source penetration testing tool for reconnaissance and vulnerability detection.
Setting up the Metasploit console in Kali Linux is the first step.
Target systems can be set using the RHOST command for single or multiple IPs.
ARP sweep identifies active hosts on a local network using the ARP discovery process.
TCP port scanning helps identify open ports, which could be entry points for attacks.
HTTP version scanning identifies vulnerabilities in outdated HTTP services.
The database scanner, using brute force, can detect credentials to assess database security.
Metasploit offers additional scanners in the auxiliary directory for comprehensive vulnerability detection.
Metasploit, an open-source penetration testing framework, uses different tools to perform reconnaissance and exploit the identified vulnerabilities. Reconnaissance is the process of gathering information about the target system. This is done to identify the vulnerabilities within the system. Metasploit can be used for both offensive and defensive cybersecurity. However, in this Answer, we’ll explore cybersecurity’s defensive side and how Metasploit can help gather information and improve the system’s security posture.
Please note that unethical use of Metasploit can cause legal issues.
Let’s dive into the process of gathering information about the target system through Metasploit.
The first step is installing your Metasploit framework in your Kali Linux terminal. You can do it by running the following command:
apt-get install metasploit-framework
To start the Metasploit console, write the following command in the terminal:
msfconsole
Once you’ve done this, you will see the terminal shift to the Metasploit console.
msf6 >
Now, your system is up and ready to perform reconnaissance on the target system. You can switch back to Kali root by typing “exit” in the console.
Set the target system: In Metasploit, you define an IP or a range of IPs as the host for penetration and security testing. We can set up multiple IP addresses as hosts as well. To set the remote host, use the following command:
set RHOSTS <target_IP>
set RHOST
: The keyword telling the Metasploit to set its target IPs.
<target_IP>
: The host to perform reconnaissance on. You can replace <target_IP> with a specific IP or a range of IPs.
After you run this, you can set a range of IPs as hosts using RHOSTS.
set RHOSTS 192.168.1.1-192.168.1.10
ARP discovery is the process of identifying the active hosts within a range of IPs available on the local network. To use the feature, run the following command:
use auxiliary/scanner/discovery/arp_sweep
use
: The keyword to tell Metasploit to execute the given scanner.
auxiliary/scanner/discovery/arp_sweep
: The path to the ARP sweep scanner.
After that, you can start running the scanner using run
command.
run
For demonstration purposes, we have used ten IPs as hosts. At the end of the scan, you can determine the live IPs within the range specified.
TCP port scanning is the process of identifying the open ports on a network and the services running on these ports. The open ports on a target system are considered vulnerabilities as they can be the entry point to various malicious payloads.
use auxiliary/scanner/portscan/tcp
use
: The keyword to tell Metasploit to execute the mentioned scanner.
auxiliary/scanner/portscan/tcp
: The path to the TCP port scanner. You can set the host and run the scanner on it.
Target host is already set. Now, you can start running the scanner using run
command. The process can take some time to generate responses as it is a long and thorough scan process. You can use short IP ranges to save time.
The HTTP version auxiliary module scans HTTP services on the target host.
This can help identify the vulnerabilities associated with the target host being used. The older versions of HTTP have several unpatched vulnerabilities that serve as vulnerabilities within the system operating on those versions. To check the HTTP version of the target host, navigate to the HTTP version scanner using the following command:
use auxiliary/scanner/http/http_version
use
: The keyword to tell Metasploit to execute the given detector.
auxiliary/scanner/http/http_version
: The path to the HTTP version detector. Once you’ve done this, identify the host to identify the HTTP version and start the scanner. After that, you can start running the scanner using run
command.
The database scanning technique can be used to find the credentials to access the database. Once you have the credentials, you can use them to access the target system database, making it easy to identify the security posture of the database used in the target host. It’s important to note that this procedure uses brute force attacks to detect the password. To use the utility of the Metasploit, navigate to the scanner directory using the following command:
use auxiliary/scanner/mssql/mssql_login
use
: The keyword to tell Metasploit to execute the given detector.
auxiliary/scanner/mssql/mssql_login
: The path to the MySQL login detector. Next, identify the target host to detect the database credentials and run the utility.
After that, you can start running the scanner using run
command.
Metasploit has multiple other defensive scanners in the auxiliary directory of the installation. You can also test your target host IP with other scanners to identify as many vulnerabilities as possible.
Now that you’ve gone through a few reconnaissance techniques and the procedures to perform them. You can test it on your target IP. Remember, it is advised to use a vulnerable target host to identify maximum vulnerabilities for testing purposes.
In conclusion, Metasploit is a powerful framework for reconnaissance and vulnerability identification within target systems.
By leveraging a variety of scanning techniques, such as ARP sweeps, TCP port scans, HTTP version detection, and database credential scanning, security professionals can collect critical information to strengthen their organization's security posture.
However, it is essential to consider the ethical implications of its use, as the misuse of Metasploit can result in legal consequences.
By adhering to responsible security practices and utilizing the framework effectively, organizations can enhance the protection of their digital assets against potential threats.
Haven’t found what you were looking for? Contact Us
Free Resources