Kali Linux comes pre-equipped with all of the instruments essential for penetration testing. One such software is the Metasploit framework that enables pink teamers to carry out reconnaissance, scan, enumerate, and exploit vulnerabilities for all sorts of purposes, networks, servers, working methods, and platforms.
Though the primary performance of Metasploit focuses on pre- and post-exploitation pentesting duties, it’s also useful in exploit growth and vulnerability analysis.
This text introduces the primary elements of the Metasploit framework. It demonstrates how you can use Metasploit modules for scanning, enumeration, and exploitation on a susceptible MySQL database hosted on a machine often called Metasploitable 2.
Metasploit is essentially the most generally used pentesting software that comes pre-installed in Kali Linux. The primary elements of Metasploit are msfconsole and the modules it provides.
What Is msfconsole?
msfconsole is essentially the most generally used shell-like all-in-one interface that means that you can entry all options of Metasploit. It has Linux-like command-line assist because it provides command auto-completion, tabbing, and different bash shortcuts.
It is the primary interface that’ll help you work with Metasploit modules for scanning and launching an assault on the goal machine.
Metasploit has small code snippets that allow its predominant performance. Nevertheless, earlier than explaining the modules, you have to be clear in regards to the following recurring ideas:
- Vulnerability: It’s a flaw within the design or code of the goal that makes it susceptible to exploitation resulting in the disclosure of confidential data.
- Exploit: A code that exploits the discovered vulnerability.
- Payload: It is a code that helps you obtain the aim of exploiting a vulnerability. It runs contained in the goal system to entry the goal knowledge, like sustaining entry through Meterpreter or a reverse shell.
Now transferring in the direction of the 5 predominant modules of Metasploit:
- Auxiliary: The auxiliary module comprises a set of packages akin to fuzzers, scanners, and SQL injection instruments to collect data and get a deeper understanding of the goal system.
- Encoders: Encoders encrypt the payloads/exploits to guard them towards signature-based antivirus options. As payloads or exploits include null or dangerous characters, there are excessive probabilities for them to be detected by an antivirus answer.
- Exploit: As mentioned earlier, an exploit is a code that leverages the goal vulnerabilities to make sure system entry through payloads.
- Payload: As talked about earlier than, payloads assist you to obtain the specified aim of attacking the goal system. Meaning they may both assist you to get an interactive shell or assist you to preserve a backdoor, run a command or load malware, and so forth. Metasploit provides two varieties of payloads: stageless payloads and staged payloads.
- Put up: The post-exploitation module will assist you to collect additional details about the system. As an illustration, it might probably assist you to dump the password hashes and search for consumer credentials for lateral motion or privilege escalation.
You should utilize the next instructions to view every module and its classes:
tree -L 1 module-name/
To start utilizing the Metasploit interface, open the Kali Linux terminal and sort msfconsole.
By default, msfconsole opens up with a banner; to take away that and begin the interface in quiet mode, use the msfconsole command with the -q flag.
The interface appears to be like like a Linux command-line shell. Some Linux Bash instructions it helps are ls, clear, grep, historical past, jobs, kill, cd, exit, and so forth.
Kind assist or a query mark “?” to see the record of all accessible instructions you should utilize inside msfconsole. A few of the most essential ones that we are going to use on this article are:
|search||Means that you can search from the Metasploit database primarily based on the given protocol/utility/parameter|
|use||Means that you can select a selected module and modifications the context to module-specific instructions|
|data||Offers details about the chosen module|
|present||Shows details about the given module identify and choices for the present module|
|test||Checks if the goal system has a vulnerability|
|set||It is a context-specific variable that configures choices for the present module|
|unset||Removes beforehand set parameters|
|run||Executes the present module|
Earlier than starting, arrange the Metasploit database by beginning the PostgreSQL server and initialize msfconsole database as follows:
systemctl begin postgresql
Now test the database standing by initializing msfconsole and working the db_status command.
For demonstration functions, arrange the open-source susceptible Linux machine Metasploitable2.
MySQL Reconnaissance With msfconsole
Discover the IP deal with of the Metasploitable machine first. Then, use the db_nmap command in msfconsole with Nmap flags to scan the MySQL database at 3306 port.
db_nmap -sV -sC -p 3306 <metasploitable_ip_address>
You possibly can run the common nmap -p- <metasploitable_ip_address> command to verify MySQL database’s port quantity.
Use the search choice to search for an auxiliary module to scan and enumerate the MySQL database.
search sort:auxiliary mysql
From the above record, you should utilize the auxiliary/scanner/mysql/mysql_version module by typing the module identify or related quantity to scan MySQL model particulars.
Now use the present choices command to show the required parameters required for executing the present module:
The output shows that the one required and unset choice is RHOSTS which is the IP deal with of the goal machine. Use the set rhosts command to set the parameter and run the module, as follows:
The output shows the same MySQL model particulars because the db_nmap operate.
Bruteforce MySQL Root Account With msfconsole
After scanning, you can even brute pressure MySQL root account through Metasploit’s auxiliary(scanner/mysql/mysql_login) module.
You may have to set the PASS_FILE parameter to the wordlist path accessible inside /usr/share/wordlists:
set PASS_FILE /usr/share/wordlistss/rockyou.txt
Then, specify the IP deal with of the goal machine with the RHOSTS command.
set RHOSTS <metasploitable-ip-address>
Set BLANK_PASSWORDS to true in case there is no such thing as a password set for the basis account.
set BLANK_PASSWORDS true
Lastly, run the module by typing run within the terminal.
MySQL Enumeration With msfconsole
msfconsole additionally means that you can enumerate the database with the assistance of the auxiliary(admin/mysql/mysql_enum) module. It returns all of the accounts with particulars akin to related privileges and password hashes.
To do this, you may should specify the password, username, and rhosts variable.
set password ""
set username root
set rhosts <metasploitable-ip-address>
Lastly, run the module by typing:
MySQL Exploitation With msfconsole
From the enumeration section, it is clear that the basis account has file privileges that allow an attacker to execute the load_file() operate. The operate means that you can exploit the MySQL database by loading all knowledge from the /and so forth/password file through the auxiliary(/admin/mysql/mysql_sql) module:
Once more, set the username, password, and rhosts variable. Then, execute a question that invokes the load_file() operate and masses the /and so forth/passwd file.
set sql choose load_file("/and so forth/password")
Metasploit modules assist in all phases of penetration testing. Metasploit additionally permits customers to create their very own modules.
This text summarizes some predominant modules of the Metasploit framework and demonstrates how you can scan, enumerate, and exploit a MySQL database on the Metasploitable 2 machine.
Metasploit is not the one penetration testing software that you will use as a cybersecurity skilled. There are a number of different utilities that you will have to familiarize your self with if you wish to develop into a safety professional.
In case you’re questioning how the professionals take a look at for penetration, this information will provide you with a serving to hand.
About The Creator