Metasploit - Exploit


Advertisements

After vulnerability scanning and vulnerability validation, we have to run and test some scripts (called exploits) in order to gain access to a machine and do what we are planning to do.

Exploit using Armitage GUI

We have several methods to use exploits. The first and foremost method is to use Armitage GUI which will connect with Metasploit to perform automated exploit testing called HAIL MARY. Let’s see how it works.

Open Kali distribution → Application → Exploit Tools → Armitage.

Open Kali

Next, go to Attacks → Hail Mary and click Yes.

Click Yes

You will see the following screen which would show all the exploits that are being tested.

Test Exploits

Next, you will see the icon of the exploitable system (i.e., the system on which the exploit worked) will turn red in color with a thunderstorm pattern over it. At the console, you will see which exploit was successful, with its respective session ID.

Exploitable System

Now you can interact with the machine.

Exploit using Command Prompt

The second way (and probably a little professional way) to use an Exploit is by the Command Prompt.

From the Vulnerability Scanner, we found that the Linux machine that we have for test is vulnerable to FTP service. Now we will use an exploit that can work for us. The command is −

msf > use “exploit path”  

Exploit

Next, use the following command in order to see what parameters you have to set to make it functional.

msf > show options

This exploit shows that we have to set RHOST “target IP”

Target IP

Next, use the commands −

msf > set RHOST 192.168.1.101   
msf > set RPORT 21

Use Commands

Next, use the command −

msf > run

If the exploit is successful, then you will see one session opened, as shown in the following screenshot.

Exploit Successful

Now, you can interact with this system.

Advertisements