.gif)
Yesterday I introduced the exploit module portion of Metasploit. In this installment of Metasploit Basics I will discuss the payload modules included in Metasploit.
The payload modules contain shellcode which can perform a number of interesting tasks depending on which payload is selected. There are seven main payload types available for Metasploit. These include VNC injection, file execution, an interactive shell, command execution, DLL injection, adding a user and the Meterpreter. Not all payloads types are available for every operating system. The table below shows which payload types are compatible with the different operating systems / operating environments.
- The add user payload is fairly straight forward. It simply adds a new user to the system being targeted. Once the new user is created, the attacker can simply log into the system remotely using any of the remote login services running on the target system. On a Linux system, the new user is given root privileges. The user added on a Windows system will be put in the Administrators group.
- The command execution payload will execute a command on the target system. This allows an attacker to perform any command on the attack system that does not require user interaction. This payload would be most beneficial on *nix based systems, where the command line is powerful. A number of commands can be strung together to produce multiple actions.
- DLL injection adds a custom DLL into the memory of the exploited application on the target system. This allows an attacker to add their own code to the code they just exploited. The DLL injection technique is used in the VNC injection payload described below.
- The interactive shell payload provides the attacker with a shell on the target system. The attacker can send commands to the target as if they were sitting in front of the system. For *nix based systems, this payload is extremely useful as it provides a full access to the system.
- The file execution payload simply uploads a file to the system then executes the uploaded file. A backdoor or rootkit can be sent to the system giving an attacker full access to the system.
- The Meterpreter payload is a Swiss army knife shell interface. It can change process IDs, set itself to be persistent on reboot, grab snapshots, obtain credentials, log keys, pivot and a number of other features. The Meterpreter is a very powerful tool.
- The VNC Injection payload sends a tiny VNC server to the Windows system and then connects to the VNC server. This provides full GUI interaction with the target system. The drawback to this payload is that anything you do on the system can be seen by a user if it is being used.
Since the payloads have already been created, an exploit writer simply needs to create the initial portion of the exploit, reducing the amount of work necessary to create a working exploit. With some of the exploits, due to payload size restrictions, not all payloads will work against a target. The payloads included in Metasploit provide an attacker with a great deal of control over the target system.
In my next post, I will discuss using Metasploit to pivot.
