In this video guide, we’ll cover the basics of using the Metasploit framework to upload shell payload to an exploited system. Metasploit is a security tool used in penetration testing to attack a computer system; It can look for vulnerabilities within the target system and use exploits to upload payloads into the system.

We’ll be covering the basics in 5 steps: 

Step 1 – Launching Metasploit. This demonstration will be looking at a webapplication on IP address 10.1.1.102. To launch Metasploit, open up the terminal, and enter msfconsole. Metasploit may take some time to load – this is normal as it’s booting a database in to the terminal.

Step 2 – Finding a usable exploit As this web app has already been enumerated, we know that the web application is running Drupal, the open source Content Management System (or CMS), on a Linux server. We also know that the version of Drupal being run is out-dated, meaning that it’s susceptible to a vulnerability known as Drupalgeddon; a SQL injection flaw that allows remote-code execution. As Metasploit contains a database, we can search for Drupalgeddon variants that we can use to exploit the webapp. We’ll do this by typing “Druppalgeddon”. It will then display its results. This version of Drupalgeddon can work with a Unix webapp and we can see that, along with the disclosure date, this exploit is graded excellent, meaning that we have a the highest chance of being able to exploit the web app and a low chance of causing a crash.

Step 3 – Configuring and launching the exploit To use the exploit, type Use, double click and highlight the exploit and select the scroll wheel. Then select enter. We’re now in the exploit and need to configure it to be used in the webapp’s host system. First, check the options on the exploit by typing options. It will show a list of things that need to set. First, we notice the PHP function “Passthru” is required, but this is already set. However, we can see that the RHOSTS (which stands for remote hosts) need to be set. Make sure to check this, as sometimes it can be shown as RHOST (singular). We set the remote host by typing “set rhosts”, followed by the IP address of the target, and then selecting enter. It will now show the rhosts as set. We also need to check that the L-host, or Local Host, is set to our own IP address. We can check our address by typing IF config which shows that we are sat on 10.1.1.101. We will then need to set the L-host to call send information back to us, so we’ll type “set L-host” and press enter. Now that we can see that our options are set, we can simply type “run”.

Step 4 – Using a Meterpreter Shell The Drupalgeddon exploit has now begun. It has advised that it’s given us a MeterPreter Shell Session. A Meterpreter session gives us control over a targeted system. Meterpreters give us far more access than a normal shell script does. There’s a full help section available within Metasploit that will show us the options available to us; for example, we can find the session Users ID; we can use shells that already exist within the web app to run. We can utilize the Cat command line to read files from the system. We can find more information about the operating system by typing in “Sysinfo”; we can see the version of Linux and the kernel version that it is utilizing.

Step 5 – taking control of the Server As previously mentioned, you can see who you’ve entered the server as; in this case we’re in as user dub dub dub dash data. We’ve managed to get in but, as we’re not a system administrator, we need to escalate ourselves to gain further access. To do this, we can create a shell which will allow us to take command of the server. The Meterpreter shell has allowed us entry, but we need to create another one to give us control. We simply type “shell” into the console and it gives us a basic shell to use. If we now type in LS, we can get a list of what we have available in the working directory. From here, we could begin further enumeration to gain higher privileges and take total control of this server.

In this video guide, we’ve covered how to launch Metasploit, how to configure and launch an exploit, and how to take basic control over an exploited system.