A Beginner's Guide to Metasploit in Kali Linux (With Practical Examples)

A Beginner’s Guide to Metasploit in Kali Linux (With Practical Examples)

Leave a Comment / Tech / By

Kali Linux comes pre-equipped with all of the instruments essential for penetration testing. One such software is the Metasploit framework that enables pink teamers to carry out reconnaissance, scan, enumerate, and exploit vulnerabilities for all sorts of purposes, networks, servers, working methods, and platforms.

Though the primary performance of Metasploit focuses on pre- and post-exploitation pentesting duties, it’s also useful in exploit growth and vulnerability analysis.

This text introduces the primary elements of the Metasploit framework. It demonstrates how you can use Metasploit modules for scanning, enumeration, and exploitation on a susceptible MySQL database hosted on a machine often called Metasploitable 2.


Metasploit is essentially the most generally used pentesting software that comes pre-installed in Kali Linux. The primary elements of Metasploit are msfconsole and the modules it provides.

What Is msfconsole?

msfconsole is essentially the most generally used shell-like all-in-one interface that means that you can entry all options of Metasploit. It has Linux-like command-line assist because it provides command auto-completion, tabbing, and different bash shortcuts.

It is the primary interface that’ll help you work with Metasploit modules for scanning and launching an assault on the goal machine.

Metasploit Modules

Metasploit has small code snippets that allow its predominant performance. Nevertheless, earlier than explaining the modules, you have to be clear in regards to the following recurring ideas:

MAKEUSEOF VIDEO OF THE DAY
  • Vulnerability: It’s a flaw within the design or code of the goal that makes it susceptible to exploitation resulting in the disclosure of confidential data.
  • Exploit: A code that exploits the discovered vulnerability.
  • Payload: It is a code that helps you obtain the aim of exploiting a vulnerability. It runs contained in the goal system to entry the goal knowledge, like sustaining entry through Meterpreter or a reverse shell.

Now transferring in the direction of the 5 predominant modules of Metasploit:

  • Auxiliary: The auxiliary module comprises a set of packages akin to fuzzers, scanners, and SQL injection instruments to collect data and get a deeper understanding of the goal system.
  • Encoders: Encoders encrypt the payloads/exploits to guard them towards signature-based antivirus options. As payloads or exploits include null or dangerous characters, there are excessive probabilities for them to be detected by an antivirus answer.
  • Exploit: As mentioned earlier, an exploit is a code that leverages the goal vulnerabilities to make sure system entry through payloads.
  • Payload: As talked about earlier than, payloads assist you to obtain the specified aim of attacking the goal system. Meaning they may both assist you to get an interactive shell or assist you to preserve a backdoor, run a command or load malware, and so forth. Metasploit provides two varieties of payloads: stageless payloads and staged payloads.
  • Put up: The post-exploitation module will assist you to collect additional details about the system. As an illustration, it might probably assist you to dump the password hashes and search for consumer credentials for lateral motion or privilege escalation.


You should utilize the next instructions to view every module and its classes:

cd /usr/share/metasploit-framework/modules
ls
tree -L 1 module-name/

Load Msfconcole Modules

To start utilizing the Metasploit interface, open the Kali Linux terminal and sort msfconsole.

By default, msfconsole opens up with a banner; to take away that and begin the interface in quiet mode, use the msfconsole command with the -q flag.


msfconcole

The interface appears to be like like a Linux command-line shell. Some Linux Bash instructions it helps are ls, clear, grep, historical past, jobs, kill, cd, exit, and so forth.

Kind assist or a query mark “?” to see the record of all accessible instructions you should utilize inside msfconsole. A few of the most essential ones that we are going to use on this article are:

Command Description
search Means that you can search from the Metasploit database primarily based on the given protocol/utility/parameter
use Means that you can select a selected module and modifications the context to module-specific instructions
data Offers details about the chosen module
present Shows details about the given module identify and choices for the present module
test Checks if the goal system has a vulnerability
set It is a context-specific variable that configures choices for the present module
unset Removes beforehand set parameters
run Executes the present module

Earlier than starting, arrange the Metasploit database by beginning the PostgreSQL server and initialize msfconsole database as follows:

systemctl begin postgresql
msfdb init

Now test the database standing by initializing msfconsole and working the db_status command.

For demonstration functions, arrange the open-source susceptible Linux machine Metasploitable2.

MySQL Reconnaissance With msfconsole

Discover the IP deal with of the Metasploitable machine first. Then, use the db_nmap command in msfconsole with Nmap flags to scan the MySQL database at 3306 port.

db_nmap -sV -sC -p 3306 <metasploitable_ip_address>

You possibly can run the common nmap -p- <metasploitable_ip_address> command to verify MySQL database’s port quantity.


Msfconcole dbnmap Scan

Associated: Nmap for Rookies: Achieve Palms-On Expertise With Port Scanning

Use the search choice to search for an auxiliary module to scan and enumerate the MySQL database.

search sort:auxiliary mysql

msfconcole Auxiliary Module

From the above record, you should utilize the auxiliary/scanner/mysql/mysql_version module by typing the module identify or related quantity to scan MySQL model particulars.

use 11

Or:

use auxiliary/scanner/mysql/mysql_version

Now use the present choices command to show the required parameters required for executing the present module:


msfconcole Auxiliary Scan

The output shows that the one required and unset choice is RHOSTS which is the IP deal with of the goal machine. Use the set rhosts command to set the parameter and run the module, as follows:


Msfconsole MYSQL Version

The output shows the same MySQL model particulars because the db_nmap operate.

Bruteforce MySQL Root Account With msfconsole

After scanning, you can even brute pressure MySQL root account through Metasploit’s auxiliary(scanner/mysql/mysql_login) module.


msfconcole Pass File

You may have to set the PASS_FILE parameter to the wordlist path accessible inside /usr/share/wordlists:

set PASS_FILE /usr/share/wordlistss/rockyou.txt

Then, specify the IP deal with of the goal machine with the RHOSTS command.

set RHOSTS <metasploitable-ip-address>

Set BLANK_PASSWORDS to true in case there is no such thing as a password set for the basis account.

set BLANK_PASSWORDS true

Lastly, run the module by typing run within the terminal.


msfconcole Root Password

MySQL Enumeration With msfconsole

msfconsole additionally means that you can enumerate the database with the assistance of the auxiliary(admin/mysql/mysql_enum) module. It returns all of the accounts with particulars akin to related privileges and password hashes.

To do this, you may should specify the password, username, and rhosts variable.

set password ""
set username root
set rhosts <metasploitable-ip-address>


msfconcole Enumeration Root

Lastly, run the module by typing:

run

msfconcole-MySQL-Enumeration-Detail

MySQL Exploitation With msfconsole

From the enumeration section, it is clear that the basis account has file privileges that allow an attacker to execute the load_file() operate. The operate means that you can exploit the MySQL database by loading all knowledge from the /and so forth/password file through the auxiliary(/admin/mysql/mysql_sql) module:

Once more, set the username, password, and rhosts variable. Then, execute a question that invokes the load_file() operate and masses the /and so forth/passwd file.

set sql choose load_file("/and so forth/password")

msfconcole Load File

Metasploit modules assist in all phases of penetration testing. Metasploit additionally permits customers to create their very own modules.

This text summarizes some predominant modules of the Metasploit framework and demonstrates how you can scan, enumerate, and exploit a MySQL database on the Metasploitable 2 machine.

Metasploit is not the one penetration testing software that you will use as a cybersecurity skilled. There are a number of different utilities that you will have to familiarize your self with if you wish to develop into a safety professional.


Woman working on laptop
The Prime 10 Penetration Testing Instruments for Safety Professionals

In case you’re questioning how the professionals take a look at for penetration, this information will provide you with a serving to hand.

Learn Subsequent


About The Creator

Rumaisa Niazi
(11 Articles Revealed)

Rumaisa is a contract author at MUO. She has worn many hats, from a Mathematician to an Data Safety fanatic, and is now working as a SOC Analyst. Her pursuits embody studying and writing about new applied sciences, Linux distributions, and something round Data Safety.

Extra
From Rumaisa Niazi

Leave a Comment

Your email address will not be published. Required fields are marked *