Server-side attacks – Metasploit basics

In this section, we're going to look at an example of a very simple thing: a backdoor. Some programs or services are shipped with backdoors embedded in them. We're going to exploit this, and we are choosing this very simple exploit because we are going to look at a framework called Metasploit. We will be using this framework a lot. We are going to start with something simple and then we're going to go deeper into the framework. First, let's look at how we can find that exploit. Again, using the same method that we've always been using, we have an Nmap scan; as we know, we're going to go on each port and Google them, looking for exploits. We are going to Google the service name vsftpd 2.3.4 exploit. It's the service name followed by exploit. We can see that the first result comes in from a website called Rapid7. Rapid7 is a company that makes the Metasploit framework, so that's why we chose this particular exploit. We're going to exploit this service, or this problem, using Metasploit. Rapid7 will tell us that the 2.3.4 version of FTP has a backdoor command execution, so we can basically execute commands on the target computer if it has this program installed. And from Nmap, we know that this program is installed, which means that we can execute commands on the target machine.

Metasploit, as we have said, is made by Rapid7. It is a huge framework that contains a large number of exploits. It allows you to exploit vulnerabilities or create your own exploits. If you are an expert and you know how to discover and make exploits, then Metasploit will help you do that. For now, we're making use of a very simple existing vulnerability. The commands on Metasploit are very easy. They might seem a bit complicated at first, but once we get used to them, they are very easy to use, and a lot of them are generic commands. Here, we will show you the basic generic commands.

There are other commands that we will get used to in time:

  •  msfconsole: This just launches the Metasploit program.
  • help: With this, we can get information about the commands and a description of how we can use them.
  •  show: This shows the available exploits. We can show the available auxiliaries and the available payloads. We'll talk about what each of these mean in the future.
  • use: This command is used to use something that we have shown. For example, we show the exploits and we pick a certain exploit that we want to use. Then we use the use command and we type in the exploit name to run it.
  • set: The set command is used to set specific options for the exploit. For example, if we want to set the IP address of our target, we set the IP and then we enter the value of the IP that we want to set it to. 
  • exploit: At the end, once we finish configuring, we can type in exploit to execute that exploit.

We went on Nmap, we Googled the name of the service, and the first thing that came up is that this service has a backdoor command execution. Because this is on Rapid7, the vulnerability is exploitable using Metasploit, and the module name that we're going to be using is exploit.unix/ftp/vsftpd_234_backdoor to exploit this vulnerability.

Now we will go to our console, and we will launch Metasploit using the msfconsole command, and we're going to run use and then put the name of the exploit, which is exploit.unix/ftp/vsftpd_234_backdoor:

use exploit/unix/ftp/vsftpd_234_backdoor

As we can see in the following screenshot, the name changed to exploit and then the name of exploit that we're using:

Then we're going to use the show command to show the options that we need to set. As we know, show is a generic command that we can use in a number of cases. In this case, we're doing show options to see all the options that we can change for this particular exploit. As you can see in the following screenshot, the second option is the port that the service is running on. It's already set to port 21:

If we go back to Nmap, we will see that our target FTP client, or server, is running on port 21. We don't need to change any of that. What we need to change is RHOST. RHOST is the target IP address, and we're going to set RHOST, and that's the IP address of my target Metasploitable machine. We use set, and after set we put the option name. If we want to change the port, we set RPORT, but we are changing the RHOST to 10.0.2.4. As explained at the start of this topic, we're going to use the set option, or the set command. The command is going to be as follows:

set RHOST 10.0.2.4

Press Enter, and as we can see now, in the next screenshot, the RHOST is set to 10.0.2.4:

Now we will do show options again just to make sure that everything is configured correctly, and as you can see in the following screenshot, RHOST has been changed to 10.0.2.4:

Everything is ready now. To execute the exploit, we just type in exploit. We can see in the following screenshot that the exploit was run successfully, and now we have access to the target computer. If we do id we will see that our UID is root:

Now basically we are running Linux commands here, so if we do a uname -a we will see that this is my Metasploitable machine, and if we do ls then it'll list the files for us. If we do pwd it'll show us where we are, and we can use Linux commands to do anything we want on the target machine:

Now this was a very simple use of Metasploit. In the future, we're going to be using it for more advanced actions.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.149.233.72