Metasploit Basic: How to hack Metasploitable2 using Metasploit tool
This article just for demonstrate what is Metasploit tool and how we can use for gaining access to another machines or devices. we are going to use two tools which are Nmap and Metasploit.
Let’s get started!
What is Metasploit
Metasploit is a pentesting framework that is very powerful tool which is used by cybersecurity experts and cybercriminals for exploit vulnerability of device or servers. Metasploit is free to download and pre-installed in kali Linux. it is a one of the most top 10 hacking tool.
Use of Metasploit
Use of Metasploit is quite simple. but we have to first go through information gathering phase for that we use Namp. This tool very useful for mapping network architecture. That gather information about target like service, open/close ports, OS detection etc.
After information gathering you’ve identify a weakness by services version and ports. Metasploit contain all types of payloads for various weakness and service. you have to find out suitable payload for those weakness which you found on target machine. payload carry their own shellcode depending on service.
once you choose your payload you have to run that payload by giving target ip address and service port number. and you get access of target machine through reverse shell but Metasploit only maintain few minute of session time, you can extend time if you want. but after session expire you have to bind connection again and again that's very frustrating thinks in Metasploit.
But after accessing revers shell you can able to do everything that owner of that machine can do. this is a real power of Metasploit but also that is depend on payload too.
let’s start practical approach.
For practical we are going to use kali Linux and metasploitable2 machine as a target server.
Metasploitable2 is a Linux base OS which is used for testing your skill and advanced your skills by doing practice on it. Metasploitable2 is extremely vulnerable to cyberattack because it has huge amount of vulnerability
First of all find out ip address of metasploitabele2 machine using command.
ifconfig
here is a metasploitable2 machine and the ip address of this machine is 192.168.56.101 take note here because ip address is most important for further hacking.
“ifconfig” command is used for display all Internet Protocol version 4 (IPv4) and IPv6 addresses, subnet mask, and default gateway for all adapters.
Reconnaissance
After that let’s start information gathering phase by running Nmap scan to find out which ports are open and which service are running on target machine.
namp –sV 192.168.56.101- -sV: detect service version.
We get following result showing various ports are open and service versions:
From this result we are going to use FTP service (file transfer protocol) for exploit the payload. Because software version of ftp is vsftpd 2.3.4 which are vulnerable to exploit.
Enumeration
let’s start Metasploit tool.
The msfconsole is probably the most popular interface to the Metasploit Framework (MSF). It provides an “all-in-one” centralized console and allows you efficient access to virtually all of the options available in the MSF.
Search payload for vsftp 2.3.4
search vsftpd 2.3.4
In Metasploit there are 4 (0–3) payloads for vsftpd service based on that we are going to use exploit/unix/ftp/vsftpd_234_backdoor (payload 3).
For use this exploit :
use exploit/unix/ftp/vsftpd_234_backdoor Set remote host :
set RHOST 192.168.56.101Run payload :
exploitAfter this step we got the shell. The direct access of shell through kali terminal. you can see how many sessions are created by using “session” command.
Now we got the root access of metasploitable2 machine (admin of machine). you can do everything you want, simply type “help” it will show you varies action that you can perform.
Conclusion:
This is a very basic methodology of Metasploit but in the real world it’s not that much easy to get access.
Nmap tool is most popular in cyber security word. Nmap can scan victim machine and find weak points.
Nmap display all vulnerability and open ports of victim machine and by knowing that information attacker can easily manipulate security of victims computer.
Metasploit is collection of framework. Metasploit contains over 200 different payloads.
