Secuneus Labs – TryHackMe Walk-through : Metasploit-Framework CTF

Secuneus Room : TryHackme

Join Room : https://tryhackme.com/jr/secuneusctf

Overview of Metasploit tool

The Metasploit Framework is a free, open source penetration testing solution developed by the open source community and Rapid7.

In Metasploit Framework 4.0 you can create your own exploits and then audit your website and network security by just launching the exploits along with the respective payloads.

In Kali Linux, Metasploit is provided in the metasploit-framework package and is installed in the /usr/share/metasploit-framework directory.

METASPLOIT MODULES AND LOCATIONS

Almost all of your interaction with Metasploit will be through its many modules, which it looks for in two locations.

The first is the primary module store under /usr/share/metasploit-framework/modules/ and the second, which is where you will store custom modules, is under your home directory at ~/.msf4/modules/.

Basic terms of Metasploit

Exploits
An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug.

Auxiliary
Auxiliary modules include port scanners, fuzzers, sniffers, and more.

Payloads, Encoders, Nops:
Payloads consist of code that runs remotely, while encoders ensure that payloads make it to their destination intact. Nops keep the payload sizes consistent across exploit attempts

TASK –

Run msfconsole command and start the metasploit console.

—-QUESTIONS —

Q1) We can start the Metasploit console on the command line without showing the banner or any startup information as well. What switch do we add to msfconsole to start it without showing this information? This will include the ‘-‘

ANS 1) Msfconsole -q 

q stand for quiet mode 

Q2) Before starting Metasploit, we can view some of the advanced options we can trigger for starting the console. . What command do we run to msfconsole to check the help of metasploit?

ANS 2) Help command is used 

Q3) There is short one character to check the help menu, what is it?

ANS 3) ? (Used as alternative of help command)

Q4) After Metasploit has started, let’s go ahead and check that we’ve connected to the database. Do this now with the command db_status. which type of database does Metasploit 5 use?

ANS 4 ) Postgresql database is used by msf6 msf5 

Q5) Metasploit has an amazing banner. What command we can use to show the metasploit banner?

ANS 5 ) banner 

Q6) We can use the various exploits that already present in metasploit framework. What is the base command we use for searching?

ANS 6) search command is best.

Q7) Once we’ve found the module we want to leverage, what command we use to select it as the active module?

ANS 7 ) use command is used when we want to use any module.We can use module by using command like use 0(number of module) or by writing use then full path of module.

Q8) Metasploit has a built-in netcat-like function where we can make a quick connection with a host simply to verify that we can ‘talk’ to it. What command is this?

ANS 8) connect 

Q9) what command we use to close the metasploit console?

ANS 9) exit command is used for exiting or closing the msfconsole.

Metasploit consists of six core modules.These modules are named as exploit, payload, auxiliary,post,encoder,evasion.

Q10) Which module is most commonly used in scanning and verification machines are exploitable?

ANS 10) Auxiliary

Q11) Easily the most common module utilized, which module holds all of the exploit code we will use?

ANS 11) exploit 

Q12) Which module contains the various bits of shell-code we send to have executed following exploitation?

ANS 12) payload

Q13) One of the most common activities after exploitation is looting and pivoting. Which module provides these capabilities?

ANS 13) post

Q14) Not every module is loaded in by default, what command can we use to load different modules?

ANS 14) load or use command can  also be used in this case.

Q15) What command we use to background the session ?

ANS 15) “background session number “ is the syntax for it. For example  background session 1.

Q16) which module allows us to modify the ‘appearance’ of our exploit such that we may avoid signature detection?

ANS 16)  encoder .This module will encode the exploit and put various layer on the exploit which makes difficult for the antivirus to detect the signature pattern.

Exploitation:

After learning basic metasploit now we need to do recon for exploitation. In the metasploit have a good feature Nmap, we can use the nmap in metasploit console

Database should be up if not then run sudo msfdb init

Let’s do the recon by using nmap, run that now by using the command sudo +  IP

STEPS-

1. First step is  to use the nmap command which is “nmap -sC -sV machine ip” .We use -sC for default scripts, -sV for service versions .
2. So by using this command we got result as

Q17) What service does nmap identify running on port 8000? You might have to run the command ‘services’ to see the results of the scan again here?

ANS 17) icecast

Q18) What is the Host name of victim os ?

ANS 18) DARK-PC

Q19) There is one ‘icecast’ vulnerable server running on the target system,  search for this exploit in msfconsole:  search icecast
What is the full path for our exploit that now appears on the msfconsole prompt? *This will include the exploit section at the start

ANS 19) exploit/windows/http/icecast_header