How to Add New Exploit to Metasploit / Kali Linux / BackTrack [Screenshots included]

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

Sooner or later, penetration testers might feel the modules that are auto included in the Metasploit framework to be lacking. In such a case, they will want to add a new exploit to Metasploit.

Lets say you dig up a new vulnerability from cvedetails.com and notice that there is a public exploit available for this vulnerability on 'exploit-db' or '1337day'.

Goto exploit-db or 1337day and download the public exploit. It will be a .rb (ruby) script (or may be a python script).

Once you have the .rb exploit code, you need to add this to a hidden folder '.msf4' in your home folder (/root)

Note that the period, '.', before a file or folder name in Linux indicates that it is hidden.

Metasploit provides you a way to add new exploits. All you need to do is to add the .rb or .py file to this hidden .msf4 folder in your home folder and reload 'msfconsole'.

Here's a screenshot of 'msfconsole' before adding a new exploit:

Notice that total exploits equal 1090.
Here's a screenshot of the commands to copy the new exploit to .msf4 folder:

   

Now reload 'msfconsole'.

And here's a screenshot after the new exploit has been added:

Notice that the total number of exploit now equal 1091. We have successfully added a new exploit to Metasploit.

Persistant Meterpreter Service Backdoor | Making a Backdoor on Hacked Machine for later entry | Pranshu

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

After penetrating a system during testing, it's wise to make a backdoor on the system for easy entry later on. I followed the Metasploit Unleashed examples to make a persistent Meterpreter Service.

So payload was the Meterpreter module, and the 'lhost' and 'lport' belong to my attacking machine.

It created the vbs script in the victim computer's "C:\\WINDOWS\TEMP\" directory, executed this agent with process ID 3676, and manipulated start up Registry entries to make sure it runs after each reboot.

Email Harvesting in Kali Linux (Find out Login IDs to Bruteforce) | Kali Linux

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

 For the purpose of mass spamming or spear phishing, hackers use a module available in Metasploit that pulls email accounts of a particular organization from 'Google', 'Bing' and 'Yahoo'.

Hackers find it useful to perform online password attacks later on--it is important to know the IDs or usernames to before commencing the cracking process--during targeted attacks. As I mentioned, the list of email addresses can also be used for the purpose of mass mailing, phishing, or spear phishing.

So I conduct a such a test to pull email addresses from an organization of interest to me. First, I list all the options available to me relating to this module--using a standard Metasploit command 'show options'

Then, I set the 'domain' of the organization and the 'output' file where I wants the results (email addresses) saved, and 'execute' the module.

After a while, these are the results given back to me:

 
Bots crawl over the Internet looking for email addresses. In order to avoid being spammed, a mitigation strategy is to insert the email address in a graphic file, or to mention it in a custom format that the bot will not be able to comprehend as an email address. For instance, name [at] gmail [dot] com.

Dumping Windows Password Hashes using Meterpreter | Kali Linux / Backtrack | Post Exploitation

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

After successfully establishing a meterpreter session on the victim's system, you can use the 'hashdump' module to dump the Windows password hashes.

Self-explanatory:

You can try to crack these hashes online or crack locally on your own machine using john the ripper.

db_connect to Connect to a Database in Metasploit Framework

I recently tried loading Nessus .nbe file into the msfconsole using db_connect. It failed to connect :

msf > db_import /root/e7f0de273bdcf3a7e757244c064eb9ce.nbe
[-] Database not connected

msf > db_status
[*] postgresql selected, no connection

So I tried to connect it to the mysql server running on port 3306 on my localhost, but :

msf > load db_mysql
[-] Failed to load plugin from /opt/metasploit/apps/pro/msf3/plugins/db_mysql: cannot load such file -- /opt/metasploit/apps/pro/msf3/plugins/db_mysql

msf > db_driver
[-] The db_driver command is DEPRECATED

Because Metasploit no longer supports databases other than the default
PostgreSQL, there is no longer a need to set the driver. Thus db_driver
is not useful and its functionality has been removed.

So I guess I can't connect to my Mysql database in metasploit anymore. I would have to use postgres.

root@Xtr3M3-Mach:~# service postgresql start
[ ok ] Starting PostgreSQL 9.1 database server: main.

Now set postgres, if you get a problem refer to this link.

 OR you can do this :

msf > go_pro
[*] Starting the Metasploit services. This can take a little time.
insserv: warning: current start runlevel(s) (empty) of script `metasploit' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `metasploit' overrides LSB defaults (0 1 6).
[*] Starting PostgreSQL 9.1 database server: main.
[*] Configuring Metasploit...
[*] Creating metasploit database user 'msf3'...
[*] Creating metasploit database 'msf3'...
[*] Starting Metasploit rpc server: prosvc.
[*] Starting Metasploit web server: thin.
..............................

 This would automatically start all services relating to Metasploit