Digital Bond

For Secure & Robust ICS

Metasploit Basics – Part 3: Pivoting and Interfaces

by Leave a Comment

There are two aspects to Metasploit that I would like to cover today. The first is pivoting, a topic I mentioned in a previous post, and the second is the way a user interfaces with Metasploit. Pivoting allows an attacker to use a compromised system to attack other systems on the same network. For example, an attacker compromises a web server on a corporate network, the attacker can then use the compromised web server to attack other systems on the network.

Pivoting is a powerful tool that allows Metasploit to penetrate deep into a network. Core Security’s Core Impact and Immunity Inc.’s CANVAS have this feature as well. The Metasploit version of pivoting is not quite as clean as Core Impact but for the price, free, it works well enough. Of all of the payloads included in Metasploit, the only one which supports pivoting in Metasploit is the Meterpreter.

Metasploit has a few interfaces which can be used when attacking a system. The Metasploit framework provides a web interface, a GUI, the msfconsole and the msfcli. For those who are new to Metasploit, the web interface is the simplest way to get comfortable with the layout.

  • The web interface, shown below, is fairly easy to use. The attacker loads the interface on his machine. He then searches for the appropriate exploit, payload and options. Once the attack is launched, the built-in console can be used to interact with the compromised host.

    • The Metasploit GUI, shown below, is similar in function to the web interface, though less polished. The attacker can search for and select an exploit, chose a payload, set the option and run the exploit without much knowledge of the underlying commands necessary to run Metasploit. The current GUI is no longer supported but there is a new GUI provided with Metasploit Express which is a product sold by Rapid7.

    • The msfconsole is a very powerful interface to Metasploit and it is the most often used interface. Typically an attacker will use the basic options, selecting an exploit, a payload and the options. There are many other commands that can be run from the msfconsole but they are beyond the scope of this article.
    • The msfcli is run from the command line. The attacker sets all arguments on the command line and executes the command. A shell, Meterpreter shell or VNC window will spawn after the exploit has been performed.

    In my next installment, I’ll show an exploit I wrote for an application and how it can be leveraged in an attack.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    About Us

    Digital Bond was founded in 1998 and performed our first control system security assessment in the year 2000. Over the last sixteen years we have helped many asset owners and vendors improve the security and reliability of their ICS, and our S4 events are an opportunity for technical experts and thought leaders to connect and move the ICS community forward.

    Recent Comments