Summary
Kali comes with exploit tools. What you use will depend on the systems you are tar‐
geting. You might use some of the Cisco exploit tools. You might also use Metasploit.
This is pretty much a one-stop shop for exploiting systems and devices. Ideas to take
away from this chapter include the following:
• Several utilities will target Cisco devices, since Cisco switches and routers are so
common in networks.
• Metasploit is an exploit development framework.
• Regular exploits are released for Metasploit that can be used without alteration.
• Metasploit also includes auxiliary modules that
can be used for scanning and
other reconnaissance activities.
• The database in Metasploit will store hosts, services, and vulnerabilities that it
has found either by scanning or by import.
• Getting a command shell is not the only outcome
that might happen from an
exploit module.
Useful Resources
• Offensive Security’s free ethical hacking course,
“Metasploit Unleashed”
• Ric Messier’s
“Penetration Testing with the Metasploit Framework” video
(Infin‐
ite Skills, 2016)
• Felix Lindner’s Black Hat slide deck,
“Router Exploitation”
• Rapid7’s
blog post,
“Cisco IOS Penetration Testing with Metasploit”
Summary | 173
CHAPTER 6
Owning Metasploit
In this chapter, we are going to extend the content of the preceding chapter. You
know the basics of interacting with Metasploit. But Metasploit is a deep resource,
and, so far we’ve managed to just scratch the surface. In this chapter, we’re going to
dig a little deeper. We’ll walk through an entire exploit from start to finish in the pro‐
cess. This includes doing scans of
a network looking for targets, and then running an
exploit to gain access. We’ll take another look at Meterpreter, the OS-agnostic inter‐
face that is built into some of the Metasploit payloads. We’ll see how the payloads
work on the systems so you understand the process. We’ll
also take a look at gaining
additional privileges on a system so we can perform other tasks, including gathering
credentials.
One last item that’s really important is pivoting. Once you have gained access to a sys‐
tem in an enterprise,
especially a server, you will likely find that it is connected to
other networks. These networks may not be accessible from the outside world, so
we’ll need to take a look at how to gain access from the outside world by using our
target system as a router and passing traffic through it
to the other networks it has
access to. This is how we start moving deeper into the network, finding other targets
and opportunities for exploitation.
Ethical Note
As you are moving deeper into the network and exploiting addi‐
tional systems, you need to pay close attention to the scope of your
engagement. Just because you can pivot
into another network and
find more targets doesn’t mean you should. Ethical considerations
are essential here.
