Metasploit

Copyright 2004 All Rights Reserved

Metasploit Framework

Version One

December 14, 2004

1


Laboratory Overview

Objective

At the end of this lab students will be able to setup and utilize the Metasploit Framework for writing, testing, and using exploit code.

Information for Laboratory

A. Students will install the Metasploit Framework in a Windows environment.

B. Students will select an exploit, configure options, select the payload and select a target system.

C. Students will launch the exploit and if successful, be provided with a command line on the exploited system.

Student Preparation

The student will have completed requisite reading. The student will require paper for notes and should be prepared to discuss the exercises upon completion. Students should also have a basic understanding of the command line in a Windows environment.

Instructor Preparation

Before class, the instructor or a lab assistant will ensure that a requisite Windows operating system (NT 4.0, 2000, XP, or 2003) is installed on the student computers. Optionally, the students could have access to a vulnerable (un-patched) computer in the lab. If this method is used, ensure that the student knows the IP address of the target machine for Step 4 below. The instructor or lab assistant should also ensure that the latest version of Metasploit is available for students. This may be found at http://www.metasploit.org/projects/Framework/downloads.html.

2


Warning[s] Ideally, this lab should be performed with computers in a classroom on their own switch, as not to disrupt a normal operating network. Students should attempt to “do no harm” to their targets, only test them for vulnerabilities. Estimated Completion Time

45 Minutes Metasploit Framework The Metasploit Framework is an environment utilized to write, test, and execute exploit code. It was developed to provide penetration testing on subject computers, as well as vulnerability research. Several new exploit modules have been developed since the release of version 2.2, and are available for download from the Metasploit site. For penetration testers, Metasploit is proving to be an invaluable tool. The framework is provided completely free of charge to users. The framework has been tested stable with four primary platforms; Linux, BSD, MacOS X, and Windows NT. A “User’s Guide” is also available from the Metasploit site. Step 1: Installing the Metasploit Framework

3


In a Windows environment, installing the framework is as simple as accepting the defaults through the installation, unless you wish to install to a different directory! The installation may take some time, since all of the exploits and payloads must be installed to the destination directory.

Step 2: Running the Console Interface

Once the framework has been installed, simply go to the Start Menu All Programs Metasploit Framework, and select MSFConsole. After a few seconds (depending on the speed of your

4


computer), the MSFConsole screen appears as above. Take a few moments to explore the console screen by typing help at the msf> prompt.

Step 3: Selecting an exploit From the msf>prompt, you can list available exploits with the show exploits command.

5


(Note: This list will vary depending on the updates available at the time that you attempt the lab) For information on a particular exploit, you can use the info command. You should always be certain of the exploit and it’s payload before you execute the exploit. Let’s look at information available for the lsass_ms04_011 exploit. Type info lsass_ms04_011 at the msf> prompt.

6


To use this exploit, type use lsass_ms04_011 at the msf> prompt. The prompt changes to msf lsass_ms04_011>. From this prompt, you can specify the remaining environment variables. Step 4: Selecting Target and Payload To view the available targets, type show targets at the prompt. This command returns a list of available targets for this exploit. Type show payloads for a list of available payloads for the exploit. To set the target, type set TARGET # (where # indicates the number of the target operating system). To set the payload, type set PAYLOAD, followed by the name of the payload you wish to use. Notice, when you set the payload, your prompt will change. For this example (with a Windows XP machine as the target), use set TARGET 2, and set PAYLOAD win32_bind. You may also use set TARGET 0 to

7


automatically set the target for either operating system. Feel free to explore other payloads!

For this particular exploit, there are other options available, as shown on the info screen. You must also set the RHOST and RPORT options, and may optionally configure the LPORT. By default, the RPORT value is 139, but you can change this manually by typing set RPORT ### (where ### is the desired port). Set the RHOST by typing set RHOST xx.xx.xx.xx (where xx represents the target IP address). For this lab, you may use the IP address of a lab partner or other computer in the lab as provided by your instructor. Step 5: Completing the Exploit When all of the variables have been set, you are now ready to complete the exploit. You may do so in one of two modes; by using the check command, the vulnerability check mode is invoked, by using the exploit command, the selected exploit is actually launched. (Note: In some modules, the check feature is not available) We will use the exploit command to launch the exploit.

8


If the target system is vulnerable, you will be presented with an interactive command line interface from the target machine. Do not be discouraged if you don’t get one! This just means that the machine that you are testing is not vulnerable to attack! Step 5: Analysis

1) Feel free to explore other exploits, payloads and options. This is an awesome tool for penetration testing.

2) Why do you think that the Metasploit Project made this program available for free when it could have charged for it?

3) Download any updates to the Framework at Metasploit’s Web site (http://www.metasploit.org) and run the lab again. You may also run MSFupdate utility included with the Framework to automatically contact the Web site and download updates.

9


4) The Framework also installs a Web interface for penetration testing. If time permits, explore this interface.

Summary Discussion A classroom discussion should follow the lab. Review the lab questions and your analyses as a group. Share your experiences and knowledge with the class. If You Want To Learn More Please read the detailed User’s Guide available from the Metasploit Web site. If you have access to a Linux or Mac box, install and run the appropriate version of the Framework on one of these systems. Appendix This lab was created using version 2.2 of the Metasploit Framework on a Windows XP Professional machine running Service Pack 1, and all other relevant security updates. Ideally, students should have access to an un-patched Windows system (either 2000 or XP) to fully utilize the software.

10

Government & Nonprofit

Metasploit