Hello friends how are you there ? I would like to apologize for not being able to write regularly, I was really busy with some stuff so from now on. In this section i will be taking a look at the new features and new Metasploit Commands 2017. This section will be divided in two parts:
- An overview of the new features and commands.
- Tutorials covering how to you them.
So first of all we will take a look at the new changes, commands and functionalities integrated in new Metasploit.
First of all I for all those who don’t know what Metasploit is it is a framework with all the modern tools and techniques that can be used in performing complex attacks against the victims.
Also Read : How to Hack Android Smartphone Using Metasploit
With the new release of Kali Linux all the mostly used tool have been listed under the favorites menu under Applications.
Starting Metasploit via Favorites Menu:
The easiest way to start Metasploit is by clicking on the Metasploit Button in the Favorites Menu bar. What this does is it automatically starts everything and when you open it for the first time it will automatically create database needed by Metasploit to work properly and then starts Metasploit.
Starting Metasploit via Terminal:
Setting up Metasploit in Kali Linux 2 by the help of terminal is slightly different than in the earlier versions .
In terminal window type these commands:
- /etc/init.d/postgresql start
- msfdb init
After successfully running Metasploit because there was a whole rocket science stuff going on in running Metasploit 🙂 .
But what ever now we need to do is check is the database is working fine so open up the terminal and type this command:
The key differences that you will notice are the speed of Metasploit it opens up much faster in Kali Linux 2 then the original version of Kali. And it is a blessing if you use Metasploit frequently .
Metaspoit Version :-
Now you may have noticed that Kali 2 does not come with the community / Pro version of the product the default installation of Metasploit in Kali 2 is the ” Framework” edition and you can install the Pro version if you want to.
You can read more information on that over here: https://community.rapid7.com/community/metasploit/blog/2015/08/12/metasploit-on-kali-linux-20
Also Read : What is Kali Linux ?
New Metasploit Commands 2017:-
Here come the sweet part the new commands and features that come with newer version of Metasploit and you can do really crafty stuff with it too.
So here we go lets take a look at those commands.
This is a really interesting command integrated into Metasploit what this command does is “check” and see if the individual system is vulnerable to any of the available exploits without actually exploiting the system. Now this command have been updated and can be used against multiple range of hosts. But the down side is that not many Metasploit modules support it yet but it can be useful in some situations.
- Use an exploit
- Enter ” set THREADS 4 (5 or higher depending on your system) “
- Enter ” check 192.168.1.10-192.168.1.100 “
After that Metasploit will start and check the target system is vulnerable to this or not.
Using Check against the target.
Hashdump for Domain Controllers:-
An other feature which is added to Metasploit is Domain Hashdump command. Once you get the shell on windows Domain Controller, just set the session number and run the module and it will pull a lot of information related to the account on DC, including the current and up to 20 prior password hashes for each user.
PowerShell Interactive Shells:-
Module Creators: Dave Hardy and Ben Turner.
PowerShell has become a go to scripting language for security testers and professionals for windows environment and these new payloads are huge help i testing using PowerShell.
Before these scripts were released when you get a reverse shell on the machine the powershell command were not echoed back to us, so in order to make that work we had to encrypt them from and pass them through Meterpreter shell at once in a single command. But now with they scripts we can directly interfere with the PowerShell in real time.
Transports – Changing Shells on the Fly:-
Transport are the way to change shells on the fly. Basically after you get a shell, you set up additional transports or shells that act as a level of fault tolerance and persistence.
Choice for transport shells are:
- and reverse_https
If you lose the current shell Metasploit will automatically roll your session to the secondary shell you can also change the active shell on command by using ” transport next ” or ” transport previous ” at this time this feature is still under progress and will be launching soon so keep your eyes open for that.
Lester the Local Exploit Suggester:-
What this module does is it scans a system and suggest local exploits for a current session.
- Open Terminal and type ” msfconsole “
- Then if you have a session open then use this ” use post/multi/recon/local_exploit_suggester “
Paranoid Meterpreter Payload:-
This is a new feature supported by Metasploit which is know as ” Paranoid Mode ” it is a new way of delivering payloads that contain unique ID numbers and are signed by SSL certificate. Once the payload and listener pair is created, the listener will only allow that specific payload to get connected. Full instructions over here:-
And here is a handy utility created by r00t-3xp10it :-
Stageless Meterpreter Payload:-
Staged Payloads are what we have been using Metasploit right along. When a target system is exploited the payload is delivered in stages. With stageless Meterpreter the payload is completely delivered all at once, making it much more streamlined. Which means there is no longer sending stage message during exploit, you directly get session.
Here is a list of payloads and their locations:
|Reverse TCP IPv6||windows/meterpreter_reverse_ipv6_tcp|
These can also be used with Msfvenom to make stageless standalone shells
As usual numerous new exploits are constantly being developed and are being added to Metasploit commands this includes from the origional MS10-046 and new MS15-020 Stuxnet, multiple new flash exploitsincluding the one made public by the ” Hacking team ” data leak, the Apple OS x 10.10 Print to File ” one line exploit ” So keep your self updated to enjoy all he features it have to provide.
New articles will be coming everyday stay connected and happy learning.