This lecture focuses on the Exploitation phase of the playbook covered in lecture 08.
Metasploit is a powerful tool commonly used in penetrating testing. I suggest reading the basics page for more information.
In summary, Metasploit is a tool that allows you to quickly run scans, execute exploits and
payloads, set up command and control operations (C2) while saving all your progress in a database
for your reference in the future.
Thus, to start, one should ensure that Postgresql is running (that is Metasploit’s choice of
database). You might need to run sudo systemctl start postgresql and sudo msfdb init to start
it up if it isn’t already running.
To start Metasploit, run msfconsole. Here are a couple useful commands:
db_nmap: Runs nmap inside msf and saves the results in the databasedb_import: Alternatively, import your nmap scans into msfdb_status: Check the status of your Postgresql connectionsearch: Search for known vulnerabilities or CVEsuse: Use the appropriate modules (either by direct reference or from number shown from search)options: aliased to show options - Show all options of the current moduleshow payloads: Show all the payload options you can deployRun linpeas.
That’s the easiest way to get started on privilege escalation. Look through the report. You may find
it helpful to search for CVE to get a list of known CVEs that the system might be vulnerable to.
In general, setuid permission bits and root owned files that are manipulatable are all common
vectors of attack.
We (partially) covered the Interpreter machine on HackTheBox in lecture.
Make full use of Google. You can often find PoCs (Proof of Concepts) of known vulnerabilities online and on GitHub. Just because Metasploit hasn’t incorporated them doesn’t mean it doesn’t exist!
Here are some more (active) web scanning tools: