Week 2 - Exploit beginnings
a noobs look at metasploit
This week
I was back to University this Monday, luckily this has not distracted me from keeping this going. This week I have done a few things:
Firstly: I have finally installed GIMP and uninstalled adobe from my environment as much as I can. It is rather parasitic having to spent £16.24 a month on adobe products (and I know that cost only went up after I quit way back in September). Old habits die hard and so it does seem that way. As this journaling progress, I do pray that the images only get better. As you may have seen from the front page, there was an excerpt image. That was made using GIMP. My photoshop-rotted brain has had a hard time adjusting but it’ll only get better, I promise.
Secondly: Metasploit. This week I had a look into metasploit and experimented.
Metasploit
What is metasploit? Well, from the guys themselves:
Metasploit is a penetration testing platform that enables you to find, exploit, and validate vulnerabilities.1
Okay, thats great! How exactly do we use these exploits? Well, after you set up metasploit on your local machine, you can visit your Bash console and run the following command:
user@your-pc:~# msfconsole
You’ll then be loaded into the Metasploit Framework where we can launch many exploits and be greeted by some nice ASCII art. At the time of writing this, there are over 2500 exploits and well over 1000 auxilaries present on Metasploit. In here, we have a range of exploits at our disposal, ethically of course. The oldest I can find on here, when sorted by disclourse date, is from 1st January 1999. That’s older than me. It is a persistence exploit that makes use of the /etc/update-motd.d/ to launch a script everytime a user logs into the machine. It executes with root privileges everytime too, handy.
That’s not all we can do tho, we can also search by CVE. This helps narrow down our search to more recent exploits. When we search for CVEs from 2025. We get a handful of results back.
msf6 > search cve:2025
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/linux/http/beyondtrust_pra_rs_unauth_rce 2024-12-16 excellent Yes BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
1 exploit/linux/http/dtale_rce_cve_2025_0655 2025-02-05 excellent Yes D-Tale RCE
2 auxiliary/gather/glpi_inventory_plugin_unauth_sqli 2025-03-12 normal Yes GLPI Inventory Plugin Unauthenticated Blind Boolean SQLi
3 exploit/windows/fileformat/winrar_ace 2019-02-05 excellent No RARLAB WinRAR ACE Format Input Validation Remote Code Execution
4 auxiliary/admin/scada/mypro_mgr_creds 2025-02-13 normal Yes mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
As we can notice, not all of these exploits share their disclosure date with the year 2025. That’s because these exploits may have existed for much longer before they were allocated a CVE or may have been known without an official CVE id for quite a long time.
Knowing the machine you are attacking is really helpful. There is no point placing an explosive charge on the side of the wall if the front door is wide open. Therefor we should use a few tools for finding our front door. Nmap is a great example… however, metasploit can also provide this capability for us. there are a multitude of scanner options available to us in metasploit. This isn’t a full blown tutorial however so you’ll just have to download it yourself and play around. It’s a better way to learn than reading through this and having the confidence of “Yeah, I kinda get this” and then, when required, freeze on the spot. We can also launch nmap from within the msfconsole itself.
Metasploit is an incredible resource and I’ve only scratched the surface of this vast framework. For those interested, visit metasploit’s ‘help’ section. If you are following it from this web page, I’m sure your bored_status does in fact equal true. You’ll be slightly confused but hey, anything to cure the boredom. またね