Go hack yourself

Free Newsletters

Log-in | Register

SECURITY ADVISER

Go hack yourself Metasploit tips make it easy to learn about tools that hackers may use against you
By Roger A. Grimes April 21, 2006			E-mail Printer Friendly Reprints Slashdot It!

I’ve always been a firm believer in the concept of hacking yourself. After all, if you don't hack yourself, the hackers will. So if you’re a good security administrator, you must learn about the various hacking tools that might be used against your environment, become familiar with them, and use them (see my previous columns about port knocking and malware analysis).

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Microsoft

The Metasploit Framework is one of those tools. Created and maintained by four full-time analysts and additional part-time contributors, Metasploit is “click-click-click” hacking. It comes in both Windows and Unix flavors and has several interfaces -- command line, interactive console, and Web. The interactive console is the mostly commonly used interface.

With any of the interfaces, you can choose from many exploits (133 at latest count) and dozens of payloads (75 at last count). Exploits are how you break into a victim host; payloads are what you do when you’re in. For example, you can break in using the Windows RPC-DCOM exploit (MS-Blaster) and then shovel a cmd.exe shell to yourself, install VNC, or add a new user account to the administrator’s group. It is not usual for the Metasploit framework to have working zero-day exploits hours after their initial release.

You should run Msfupdate –uax to update the framework database engine in real time to make sure you have the latest code samples. You can type in "show exploits" to show all the available exploits, then type in "use <exploit>," where <exploit> is the full name of the exploit module.

Most exploits have predefined memory variables you must define. Type in "info <exploit>" to list required variables. Then use the set command to set the variables, such as "set RHOST 10.1.1.1 or RPORT 135," where RHOST stands for the remote victim’s IP address and RPORT stands for the remote port to attack. Most variables and commands are case-sensitive.

Next, you must choose which payload to execute after the exploit. Type in "show payloads" to show available payloads and then key in "set <payload>," where <payload> is one of the available payload module names. Type in "info <payload>" to list required variables. Then use the set command to set the variables. To make sure all the required variables are filled in, type "show options."

You can type in the keyword "check" to see whether the intended victim machine is vulnerable. This check should only query the host for the vulnerability hole and should not exploit the victim. Lastly, type in "exploit" by itself to launch the attack. If you shovel a shell back to yourself, you can usually break out of it by hitting Ctrl-C and Y and Enter.

If you start the Web-based console, the Metasploit framework launches a local Web server. Just browse to the local Web server using http://127.0.0.1:55555 and you will be able to click-click-click your way through the exploit and payload setup screens. You can launch a successful attack with about five clicks of the mouse, after filling in the required exploit and payload variables.

Commercial vulnerability assessment tools (one of which I will cover next week) usually have more exploits to choose from, better interfaces, easier automation, report options, and other improvements, but Metasploit Framework is an excellent testing tool, especially for the price. It is worth your time to fully explore Metasploit’s Web site -- it has many more hacking programs than just the Framework. Full Metasploit Framework documentation is available at http://www.metasploit.org/projects/Framework/documentation.html.

See my related blog entry for a document with more Metasploit details, better instructions, and step-by-step pictures.

E-mail

Printer Friendly

Reprints

Slashdot It!


	InfoWorld Test Center Contributing Editor Roger A. Grimes is a Foundstone Ultimate Hacking instructor/consultant teaching Windows, Linux, Unix, and Solaris security. • More of Roger A. Grimes' column Newsletter Check out all of our free newsletters! Enter e-mail address:

TOP NEWS:

» Four quick tips for choosing an IM security product
71 percent of businesses will invest in real-time messaging this year. If you're one of them, be sure to protect your enterprise

» Forrester analysts ID hot IT jobs
Research group finds 16 IT roles with a promising future

» Nvidia claims 10 hours of HD video on Tegra chip
The Tegra 600 and 650 can be used with hard disk drives and are designed partly for mobile Internet devices

» Database vendors add Google's MapReduce
Greenplum and Aster Data Systems will support Google's programming technique, developed for parallel processing of large data sets across commodity hardware

» Network management: Tips for managing costs
New technologies, changing requirements, and ongoing equipment maintenance and upgrades cost money, but there are ways to manage expenses

» EMC targets SMBs, branch offices with new low-end storage
Celerra NX4 highlights include thin provisioning, snapshot technology for data recovery and backups, and Web-based console for management of storage volumes

VIRTUAL MACHINES: SUN'S XVM VIRTUALIZATION PORTFOLIO
This Webinar discusses how software companies and IT organizations can leverage virtualization and management technologies from Sun and VMLogix to consolidate lab infrastructure and automate build and test processes so that software can be delivered more quickly, cost-effectively and reliably. Sponsored by Sun

» Click here to view this Webcast

Enterprise Data Security Solutions Guide
Data security used to be about outside threats. These days the biggest challenge for data-driven organizations is the management of secure information from the inside out. Data is available on laptops, your network and even USB devices, but not always secure. Read this Solutions Guide to learn the best ways to keep it safe. Sponsored by ISC2

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

AT&T Article: Reinventing the Telephone with VoIP - After weighing Internet telephony's costs against its benefits, some managers are deciding that VoIP is vital to their organizations...
New from AT&T: Fixed-Mobile Convergence for High Performance - The newest fixed-mobile convergence (FMC) strategies could enable enterprises to increase the productivity and effectiveness...
IP Address Management Solutions White Paper - Infoblox IP Address Management Solutions Brief IP address management (IPAM) provides the ability to effectively manage, ...
Delivering Actionable Enterprise Architecture - Enterprise Architecture (EA) provides the crucial capability for aligning business and IT. By developing architecture-driven...
An AT&T White Paper: Enterprise IPTV Solution - Discover two components of a solution that allows you to produce and broadcast video to internal and external audiences:...
Securing the Converged Enterprise I - Balancing the many benefits of convergence with the associated security risks can be tricky. While convergence eases communications...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

FIND PRODUCTS AND COMPANIES

» COMPLETE PRODUCT GUIDE

TECHNOLOGY INDEX

• Applications
• Application Development
• Security
• Networking
• Wireless
• Platforms
• Hardware
• Data Management
• Storage
• Web Services
• Business
• Telecom
• Professional Services
• Standards

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
Oracle - Top 3 Ways to Cut Costs in 2009 with Oracle Content Management AMD - See the power of the new Quad-Core AMD Opteron(TM) processor ASG Software - Transform your IT Organization now! AT&T - The Top 10 Best Practices for Server Virtualization Planning ISC2 - Network Security Solutions Guide Infoblox - The Costs and Impacts of DNS and IP Address Management AMD - Learn how the new Quad-Core AMD Opteron(TM) processor improves performance Riverbed - Virtualization Solutions Guide Armstrong - Delivering Actionable Enterprise Architecture AT&T - AT&T Business Continuity Survey on Risk Management AT&T - New from AT&T: Discover Fixed-Mobile Convergence Now AT&T - AT&T Article: Reinventing the Telephone with VoIP HP - HP StorageWorks products-control, consolidation and confidence. Vision Solutions - Solving Downtime Challenges to Manufacturing and Supply Chain Operations Oracle - The Top Three Ways to Cut Costs in 2009 HP - Predict the future with HP Insight Power Manager Rackspace - The True Value of a Hosting Provider HP - Affordable technology-no compromise. HP server solutions. Motorola - The Enterprise Mobile Messaging Benchmark Report AT&T - Machines That Speak: The Machine-to-Machine Wireless Network Data Domain - IDC Workbook: Assess the Value of Deduplication for your Storage Consolidation Initiatives InterSystems - Development, integration, BPM, and BAM together in Ensemble AMD - The Future is Fusion. Only from AMD. Learn more. Vision Solutions - Real-Time, On-Demand Information for Business Intelligence and Data Integration (ISC)2 - I'm an SSCP Go-To Guy. See what I do. Click here! Villanova University - Increase Your Educational Bandwidth While Saving up to $945!		Zenprise - How to Manage BlackBerry on a Tight Budget Samsung Printing Solutions - control workflow, costs and operations Check Point - Check Point Endpoint Security White Paper Get to know - BlackBerry Professional Software-find out more Oracle - Oracle Universal Content Management Oracle - Information Workplace Platforms: Oracle vs. Microsoft Oracle - Performance Monitor: ERP at the Speed of Light Dell Equallogic - Comprehensive Data Protection and Disaster Recovery Sony - Discover the advantages of Sony LTO media at sony.com/lto. Sun - Virtual Machines: Sun's xVM Virtualization Portfolio Verisign - The Latest Advancements in SSL Technology CA - Plan IT better, Manage IT better. CA - Manage your IT more effectively. Intel - Processor-enabled Virtualization. That's IT as it should be. Microsoft - Get the virtualizing power of Windows Server 2008 with Hyper-V Microsoft - Microsoft SQL Server 2008. Read Case Studies & Try for Free Microsoft - Learn about the software-based VoIP solution from Microsoft. AT&T - Securing the Converged Enterprise I AT&T - Securing the Converged Enterprise II AT&T - An AT&T White Paper: Enterprise IPTV Solution AT&T - An AT&T Article: When Content is King AT&T - Maximizing Mobility in Communications AT&T - The Spirit of Innovation: 100 IT Leaders Speak Out Oracle - Nucleus Report: Who's ready for SMB? Adobe - Delivering On The Promise Of eLearning MKS - Get Power and Simplicity of UNIX while working in Windows Qwest - Learn how Qwest voice and data solutions can save you time.

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist