Learning Metasploit and need help PLEASE!

[subterra]

I am trying to learn Metasploit and have a few questions. Using nmap to scan computers in my lab and I get this return that I do understand because it is telling me just what to do in Metaspoit to execute the vulnerability. It is " MSF:AUXILIARY/SCANNER/HTTP/REWRITE_PROXY_BYPASS " so this basically is like holding my hand and walking me through it.

But my question here is that when I get those that I am not familiar with at all like  " SSV:20993    5.0   https://vulners.com/seebug/SSV:20993  *EXPLOIT* " and " MSF:ILITIES/LINUXRPM-RHSA-2013-1207/    5.4   https://vulners.com/metasploit/MSF:ILITIES/LINUXRPM-RHSA-2013-1207/  *EXPLOIT* ", How do I locate information online that helps me determain what to do inside Metaspoit to execute these. This one looks like I should find it in Metaspoit MSF:ILITIES/LINUXRPM-RHSA-2013-1207 but there is no category of ILITIES. I am not sure where I need to go to research this " MSF:ILITIES/LINUXRPM-RHSA-2013-1207 " to come up with the vulnerably that matches with meta spoit. Same question about this one " SSV:20993    5.0   https://vulners.com/seebug/SSV:20993  *EXPLOIT* " , Going to that link is no help in telling me what Metasploit module I need to use to exploit it and I have searched many sites I found on Google to no avail.

Without someone sharing their knowledge with me I am afraid I will be stuck and unable to learn further on how to protect myself so all input is welcome. Thank you!

[digininja]

Two of your links are to the same thing, a python script. That is nothing to do with Metasploit, it is a script you use on its own.

The Metasploit script, if you search for jboss, Metasploit has a bunch of modules, go through them and you might find the one you want.

 

[subterra]

What is jboss? I have been going through the modules for the last week and unable to find anything that even comes close to matching what I am seeing in nmap. That is my issue. Example, On this link https://vulners.com/seebug/SSV:20993, I looked for anything to do with "seebug" and "ssv:20993 and found nothing. I then proceeded to search each of those on Google and found nothing that connected to Metaspoit exploits. I found plenty of information on what the risk as if you had these on your system but nothing that said anything that would help me exploit them on my lab system. So after two weeks I decided I need help to get beyond this. I was hoping someone could find the method of exploiting these then give me an example of how they did it so I could apply that knowledge to the others I am also working on and be able to find those. I have as of now 4 systems in my lab that all have various exploits and viruses on them and I am trying to learn as much as I can.

                                       Thanks

[digininja]

I think you need to take a step back and learn a bit more about enumeration before trying to get into exploitation. Trying to exploit an application when you have no idea what it is is not a good idea, especially if you ever want to do this in the real world.

How are you building your lab, what are you using as learning material?

[subterra]

I have a relative next door who has no internet and they don't care to. The agreed to let me put Inet in their house and in a spare bedroom I have 4 computers I put online That I bought either at yard sales or through a trader paper for little or nothing. I also have a system I built over there that I don't use much. The ones I bough have many exploits and or viruses on them so they are perfect for my needs. I have another computer I have bought from someone that I have not set up yet which will give me 5.

I am willing to learn anything but really wanted to get at least a starter understanding of the relationship between these nmap scan and Metasploits abilities to take advantage of these exploits. Later I want to learn how to plant exploits or viruses on these systems. Paying for the Inet over there that no one is using but me for these purposes of learning was the best real world option I could come up with.

I am full of questions and eager to learn all I can if I can just get a handle on some of these thing that make no since to me. I don't understand why everyone seems to be like " I have the know how but I refuse to share it" When someone like me comes along trying to learn so I can help protect my family and friends stay safe it becomes nearly impossible to get questions answered as I ask them. Not saying this is whats happening here. But I would like to fully understand the relationship of a nmap scan in how it translates to a metasploit scan. I have read book after book and I am investing a lot of money to achieve this sole goal. Then I have plans to move onward and forward from here.

Along with the questions above I have one more that has me confused . On this one --> https://vulners.com/metasploit/MSF:ILITIES/FREEBSD-CVE-2020-9490/  *EXPLOIT*  <--  What does ILITIES mean.  What is this to do with Metasploit. My thinking was with the part where is said MSF:ILITIES/FREEBSD-CVE-2020-9490/  I could use this in Metasploit to find the correct module to exploit that computer. However I have learned since that this is not the case. I went to the link and researched hard the CVE mentioned but found nothing referring to Metasploit and how to use anything module wise to do the exploit. So I went through all of the mods in metasploit looking and couldn't find anything to closely match what I was thinking I needed. I just need someone to set me on the right path. Then I think I could do the rest.

[digininja]

ITLES looks like they've just done a typo when copying the word vulnerabILITIES.

There is no direct relationship between nmap and Metasploit, nmap will tell you what ports and services are there, Metasploit will help you exploit things (massively oversimplified).

If you've got a bit of cash to spend, I'd recommend getting on here and doing some actual courses.

https://www.pentesteracademy.com/

Getting hold of old machines and looking what is on them is really not a good idea, if you want to build a lab you need to build it with stuff on that has known issues which are at your level.

There are a whole load of online CTFs that you can do for free and most have full write ups so you can understand what is going on.

https://www.vulnhub.com/ has some good stuff.

If you want to stay on your own box, have a look at Metasploitable, that is a deliberately set of VMs with tutorials for you to work through.

https://information.rapid7.com/download-metasploitable-2017.html

 

[subterra]

I am working on https://www.vulnhub.com/  now but it has as of yet to cover these things. Beside I learn best the way I am doing it. So I prefer to stay the course while I also do the other course.

The ILITIES is not a typo as I could provide many example where this is listed as it is above. Such as

                   https://vulners.com/metasploit/MSF:ILITIES/UBUNTU-CVE-2016-0777/  *EXPLOIT*

                   https://vulners.com/metasploit/MSF:ILITIES/IBM-AIX-CVE-2016-0777/

                  https://vulners.com/metasploit/MSF:ILITIES/DEBIAN-CVE-2016-0777/

This system came from a company that has closed down. They had the user and pass taped to the underside of the server. And they never formatted the hard drive. Due to it's past environment I thought I could learn best from it. Let me ask you something. With those three links I listed. Could you start from there and find what you need by researching it and be able to compromise this system if it were still in the wild using Metasploit?

One more thing, when I say the relationship with nmap and Metasploit I only mean the info that nmap gathers and provides as a basis for attacking these systems using metasploit. I know they are no related software but nmap does provide an inside look at these systems and provides info based on Metasploit for the purpose of compromising systems. As another example nmap does provide this --> MSF:EXPLOIT/UNIX/WEBAPP/JOOMLA_MEDIA_UPLOAD_EXEC/    0.0   https://vulners.com/metasploit/MSF:EXPLOIT/UNIX/WEBAPP/JOOMLA_MEDIA_UPLOAD_EXEC/  *EXPLOIT*  and this actually worked as it was supposed to once I input this info into Metasploit. That is an example of my saying " nmaps relationship with Metasploit". I have researched the  links above and found no information that will allow me to open Metasploit and find an exploit mod that will work on any of those links. So I need someone that can explain to me how to take that info and use it to some how locate information that connects it to the correct mod for the exploit because I so far have found no connection.

I understand this is a long thread but this is how I learn best. Thanks!!!

[digininja]

Based on what you say in your first sentence I'll go back to what I said earlier, take a step back and learn the basics first. You are trying to jump in and "just do things" without understanding what it is you are doing or why. If you don't understand the fundamentals then you'll not get anywhere. This is not gatekeeping or trying to not share knowledge, it is just good advice.

The three links you've got, one is for AIX, one Ubuntu, and one for Debian. Do you understand what these systems are? If you only have one box, it won't be running all three of these. Those advisories don't give any information. Have you worked out what the box is running or just seen that port 22 is open, decided it is ssh, and so must be vulnerable to something related to ssh? If so, that isn't how it all works.

My best advice, turn that box off, do some proper learning in environments which have actual exploitable issues and that you have lesson notes for, and then when you have an idea of what you are doing, turn that box back on again and see what you can find.

 

[subterra]

6 minutes ago, digininja said:

The three links you've got, one is for AIX, one Ubuntu, and one for Debian. Do you understand what these systems are?

I fully understand what these systems are. I know the system has Debian on it. My learning of the basics as you said I have a full understanding of, of course I am sure like anyone I could learn more but only as I move forward. I am versed in many of the Linux distros. And I also use Kali, Parrot, Mint and Ubuntu. I code in C and C++ and learning awk,sed,Bash and more. I do ok in Ruby on Rails, JavaScript and starting to read up on Rust and Dart.

I have two systems in house I built but one (my main system) is built with Vbox and I have  MX Linux, Linux Mint, Ubuntu, Zorin OS, Kali, Fedora, Arch Linux and I can put more as I need. I can run up to three at a time if need be which I don't often.

Where I am sorely lacking in skills is the hacking side. I need this skill to tie everything together and as I said the better I understand it the better I can apply it in everyday life for safety wise. So I am here to start this journey and add it to my knowledge base. I have my own way of learning where I know I learn at my best which is what led me to ask this question.

Those three links did show up under that one system. This one machine has a ton of CVE's listed for everything installed.

So I gather as you are saying that those

 links provide no information that is helpful in Metasploit to compromise that machine. My thinking is since nmap vulners listed it as exploitable there has to be something there some how or is my thinking off base?

 

[digininja]

If you understand what the systems are, then why are you looking at issues related to Ubuntu and AIX?

Being versed in distros doesn't help here, what you are missing is the fundamentals of testing. The order to do things in, what you need to look for, why you need to look for those things, what they tell you about the system. You can't learn that by just running tools and clicking links and hoping for everything to come together, you need a progressive system that teaches you the process step by step, from enumeration, through working out what is vulnerable, and then to exploitation.

My last bit of advice, turn off that box and go on to something that you know has vulnerabilities and there is documentation on how to exploit them. Learn the basics, then come back to this with some knowledge and go at it. Just because something is running an app with a CVE doesn't make it vulnerable for loads of reasons, you need to understand that.

[subterra]

49 minutes ago, digininja said:

As I take it you are putting an end to this post which I will honor. I understand what you are saying. But, I learn how I learn and I cannot change that. I was hoping to get further here but either I have failed to provide the right information to you or you have failed to understand where I was wanting to go. Either way it is fine and I am very thankful for your input. I will continue to stick around this forum to read other posts and learn from others. Again, I thank you.

 

 

[digininja]

Stop replying in a quote.

I'm happy to help, but I can't help in this specific situation as I don't know enough about the box you are looking at to advise you and don't have time to explain enough to get you to get the info that I'd need.

Just be warned, if this box is the only thing you are prepared to look at, you could spend the next six months banging your head against something that no one could get into, having vulnerabilities is not the same as being exploitable.