Metasploit Object Model, Mixins and Plugins | Metasploit Tutorials

About Metasploit Object Model: Understanding the Metasploit Object Model

Metasploit Framwork architecture

   In the Metasploit Framework, all modules are Ruby classes:
    * Modules inherit from the type-specific class
    * The type-specific class inherits from the Msf::Module class
    * There is a shared common API between modules

   Payloads are slightly different:
    * Payloads are created at runtime from various components
    * Glue together stagers with stages

Metasploit Mixins and Plugins
   A Quick Diversion into Ruby:
    * Every Class only has one parent
    * A class may include many Modules
    * Modules can add new methods
    * Modules can overload old methods
    * Metasploit modules inherit Msf::Module and include mixins to add features.

   Metasploit Mixins
      Mixins are quite simply, the reason why Ruby rocks:
    * Mixins include one class into another
    * This is both different and similar to inheritance
    * Mixins can override a class’ methods

      Mixins can add new features and allows modules to have different ‘flavors’:
    * Protocol-specific (HTTP, SMB)
    * Behaviour-specific (brute force)
    * connect() is implemented by the TCP mixin
    * connect() is then overloaded by FTP, SMB, and others

      Mixins can change behavior:
    * The Scanner mixin overloads run()
    * Scanner changes run() for run_host() and run_range()
    * It calls these in parallel based on the THREADS setting

    * The BruteForce mixin is similar

   Metasploit Plugins
      Plugins work directly with the API:
    * They manipulate the framework as a whole
    * Plugins hook into the event subsystem
    * They automate specific tasks that would be tedious to do manually

      Plugins only work in the msfconsole:
    * Plugins can add new console commands
    * They extend the overall Framework functionality

   Example

From Offensive Security

How to fix limit google drive

Google Drive is popular platform for saving and sharing file because you can make it as easy, and of course Google Drive give u maximum download speed. But, sometimes you got Limit Download in Goolge Drive, so you need waiting 24 hours to download it again. That's problem can be fixed using making copy at drive we have, after that we can download it. How to fix google drive limit:

1. Login to your Google Drive Account at link download has been limit. change url "uc" to "open" and delete "&export=download" after that, click enter and u can will be open that file.

2. See at upper right, u can see the Google Drive Logo, click "Logo Google Drive+" after that, close it.

3. After that logo has been change, click again, and click "My Drive"

4. Right-click the file that has been moved into your drive and then right-click the file and select "Make a Copy".

5. Then a new file will appear with the name prefix "Copy - file name"

6. Right click on the file, then click "Download". Wait for the download process and finish.

7. Enjoy your file

Metasploit Modules and Locations | Metasploit Tutorials

Almost all of your interaction with Metasploit will be through its many modules, which it looks for in two locations. The first is the primary module store under /usr/share/metasploit-framework/modules/ and the second, which is where you will store custom modules, is under your home directory at ~/.msf4/modules/.

All Metasploit modules are organized into separate directories, according to their purpose. A basic overview of the various types of Metasploit modules is shown below.

Exploits: In the Metasploit Framework, exploit modules are defined as modules that use payloads.

Auxiliary: Auxiliary modules include port scanners, fuzzers, sniffers, and more.

Payloads, Encoders and Nops: Payloads consist of code that runs remotely, while encoders ensure that payloads make it to their destination intact. Nops keep the payload sizes consistent across exploit attempts.

Loading Additional Module Trees
   Metasploit gives you the option to load modules either at runtime or after msfconsole has already been started. Pass the -m option when running msfconsole to load additional modules at runtime.
   If you need to load additional modules from with msfconsole, use the loadpath command:

From Offensive Security

Metasploit Filesystem and Libraries | Metasploit Tutorials

Understanding the Metasploit Framework Architecture
   One can more easily understand the Metasploit architecture by taking a look under its hood. In learning how to use Metasploit, take some time to make yourself familiar with its filesystem and libraries. In Kali Linux and other distros (like Parrot Security OS), Metasploit is provided in the metasploit-framework package and is installed in the /usr/share/metasploit-framework directory.

Metasploit Framework Filesystem
   The Metasploit Framework filesystem is laid out in an intuitive manner and is organized by directory. Some of the more important directories are briefly outlined below.

   data directory: The data directory contains editable files used by Metasploit to store binaries required for certain exploits, wordlists, images, and more.

data

   documentation directory: As its name suggests, the documentation directory contains the available documentation for the framework.

documentation

   lib directory: The lib directory contains the ‘meat’ of the framework code base.

lib

   modules directoty: The modules directory is where you will find the actual MSF modules for exploits, auxiliary and post modules, payloads, encoders, and nop generators.

modules

   plugins directory: As you will see later in this course, Metasploit includes many plugins, which you will find in this directory.

plugins

   scripts directory: The scripts directory contains Meterpreter and other scripts.

scripts

   tools directory: The tools directory has various useful command-line utilities.

tools

Metasploit Libraries:
   There are a number of MSF libraries that allow us to run our exploits without having to write additional code for rudimentary tasks, such as HTTP requests or encoding of payloads. Some of the most important libraries are outlined below.

   Rex
    * The basic library for most tasks.
    * Handles sockets, protocols, text transformations, and others.
    * SSL, SMB, HTTP, XOR, Base64, Unicode.

   Msf::Core
    * Provides the ‘basic’ API.
    * Defines the Metasploit Framework.

   Msf::Base
    * Provides the ‘friendly’ API.
    * Provides simplified APIs for use in the Framework.

From Offensive Security

Requirements to build Metasploit Lab Environment | Metasploit Tutorials

Prepare your Metasploit Lab Environment
   Before learning how to use the Metasploit Framework, we first need to make sure that our setup will meet or exceed the system requirements outlined in the following sections. Taking the time to properly prepare your Metasploit Lab Environment will help eliminate many problems before they arise later in the course. We highly recommend using a system that is capable of running multiple virtual machines to host your labs.

Hardware Requirements for Metasploit Lab
   All of the values listed below are estimated or recommended. You can get away with less in some cases but be aware that performance will suffer, making for a less than ideal learning experience.

   Hard Drive Space
      You will need to have, at minimum, 10 GB of available storage space on your host. Since we are using virtual machines with large file sizes, this means that we are unable to use a FAT32 partition since large files are not supported in that filesystem, so be sure to choose NTFS, ext3, or some other filesystem format. The recommended amount of space needed is 30 GB.
      If you decided to create clones or snapshots of your virtual machine(s) as you progress through the course, these will also take up valuable space on your system. Be vigilant and do not be afraid to reclaim space as needed.

   Available Memory
      Failing to provide enough memory to your host and guest operating systems will eventually lead to system failure and/or result in being unable to launch your virtual machine(s). You are going to require RAM for your host OS as well as the amount of RAM that you are dedicating for each virtual machine. Use the guide below to help in deciding the amount of RAM required for your situation.

      Linux “HOST” Minimal Memory Requirements: 1 GB of system memory (RAM). Realistically 2 GB or more
      Kali “GUEST” Minimal Memory Requirements: At least 1 GB of RAM. Realistically 2 GB or more with a SWAP file of equal value
      Metasploitable “GUEST” Minimal Memory Requirements: At least 256 MB of RAM (512 MB is recommended)
      Windows “GUEST” Minimal Memory Requirements: 1 GB is recommended. Realistically 1 GB or more

   Processor: To ensure the best experience, we recommend a 64-bit quad-core CPU or better. The bare-minimum requirement for VMware Player is a 400MHz or faster processor (500MHz recommended) but these speeds are inadequate for the purposes of this course. The more horsepower you can throw at your lab, the better.

   Internet Accessibility: Getting your lab set up will require downloading some large virtual machines so you will want to have a good high-speed connection to do so. If you choose to use “Bridged” networking for your virtual machines and there is no DHCP server on your network, you will have to assign static IP addresses to your guest VMs.

Software Requirements for Metasploit Lab
   Before jumping in to the Metasploit Framework, we will need to have both an attacking machine (Kali Linux) and a victim machine (metasploitable 2) as well as a hypervisor to run both in a safe and secluded network environment.
   You can install Metasploit Framework with command: sudo apt install metasploit-framework

Hypervisor for Metasploit Lab
   Our recommended hypervisor for the best out-of-the-box compatibility with Kali Linux and metasploitable is VMware Player. While VMware Player is “free”, you will have to register in order to download it, and the virtualization applications and appliances are well worth the registration if you do not already have an account. You may also use VMware Workstation or VMware Fusion but neither of these is free.
   There are also other options available when it comes to which hypervisor you would like to use. In addition to VMware, two other commonly used hypervisors are VirtualBox and KVM but they are not covered here. Instructions for installing Kali Linux can be found on the Kali Training site.

Latest Kali Linux
   Kali Linux is an advanced Penetration Testing and Security Auditing Linux distribution that will be used throughout this course. Kali Linux comes with Metasploit pre-installed along with numerous other security tools that you can try out against your victim machine. You can download the latest version of Kali Linux at Kali Linux Downloads.
   Once you have downloaded Kali Linux, you can update Metasploit to the latest version in the repos by running apt update && apt upgrade in Terminal.

Windows (Of course)
   Microsoft has made a number of virtual machines available that can be downloaded to test Microsoft Edge and different versions of Internet Explorer. We will be able to use these VMs when working with some of the exploits and tools available in Metasploit. You can download the VMs from here.
   Once you have met the above system requirements, you should have no trouble running any tutorials from the Metasploit Unleashed course.

Metasploitable
   One of the problems you encounter when learning how to use an exploitation framework is trying to find and configure targets to scan and attack. Luckily, the Metasploit team is aware of this and released a vulnerable VMware virtual machine called ‘Metasploitable’.
   Metasploitable is an intentionally vulnerable Linux virtual machine that can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox. You can download the image file of Metasploitable 2 from here.

Never expose Metasploitable to an untrusted network, use NAT or Host-only mode!

   Once you have downloaded the Metasploitable VM, extract the zip file, open up the .vmx file using your VMware product of choice, and power it on. After a brief time, the system will be booted and ready for action. The default login and password is msfadmin:msfadmin.

   For more information on the VM configuration, there is a Metasploitable 2 Exploitability Guide on the Rapid7 website  but beware…there are spoilers in it.
   To contact the developers of Metasploit, please send email to msfdev@metasploit.com

From Offensive Security

How to hack iPhone's Lock Screen on iOS 12 to Access Contacts and Photos?

Apple may pride itself on its commitment to user privacy and security, but it isn't invulnerable. EverythingApplePro now know there is a bug in the latest version of iOS 12 and iOS 12.1 beta that allows those in the know to bypass iPhone passcode and access contacts and photos. This applies to both Face ID and Touch ID-enabled iPhones. Not only Gadget Hack know about the bug itself, they know exactly how to exploit it.

On Sept. 26, the YouTube account Videosdebarraquito posted two videos (in Spanish) showing off how to bypass any iPhone locked by a passcode running iOS 12. This YouTuber is also the one responsible for discovering previous lock | screen exploits. Soon after the new videos, tech channel EverythingApplePro made his own video (in English), based on the information exposed by Videosdebarraquito.

You can watch how to bypass iPhone Lock Screen right now below, but it's a complicated procedure. To make it easier to understand, EverythingApplePro have listed the steps necessary to exploit the security vulnerability underneath the video, so jump down to see them and follow along with the video:
 
So, how to bypass iPhone's Lock Screen on iOS 12 to access Contacts and Photos?
1, If Face ID is disabled, you're ready. If it is enabled, cover the Face ID camera with tape. If it's a Touch ID device, you're already ready to go.
2, Long-press the Side button to activate Siri. If it's a Touch ID device, just long-press the Home button.
3, Tell Siri to "enabled VoiceOver."
4, Click the Side button to sleep the device.
5, Use another iPhone and phone call or FaceTime call the target iPhone.
6, Single-tap the "Message" icon on the incoming call screen, then double-tap anywhere on the screen.
7, Single-tap "Custom" on the list that appears, then double-tap anywhere on the screen.
8, Single-tap the plus (+) icon in the top right to highlight it.
9, On the other iPhone, send a text or iMessage to the target iPhone.
10, Right when the notification appears on the target iPhone, double-tap anywhere on the screen to select the highlighted plus (+) icon underneath it.
11, Wait until the screen goes white and the notification disappears.
12, Single-tap on the screen to highlight an invisible option.
13, Swipe left on the screen multiple times until you hear VoiceOver say "Cancel." An invisible button will be highlighted underneath the notch, barely noticeable. It's more obvious on a Touch ID device.
14, Double-tap anywhere on the screen to select the "Cancel" option.
15, Single-tap the numbers icon in the keyboard, then double-tap anywhere on the screen.
16, Single-tap any number in the top row of the keyboard, then double-tap anywhere on the screen. You should now see all of the contacts that begin with that number. You can 3D Touch on them to see more of their contact details.

   Continue on to View Photos in the Photos Library:
17, If you see an info (i) button next to any of the contacts, single-tap on it, then double-tap anywhere on the screen. (We could not find any of our contacts with an (i) next to them, but you may have better luck.)
18, Long-press the Side button to activate Siri. If it's a Touch ID device, just long-press the Home button.
19, Tell Siri to "disable VoiceOver."
20, Swipe up from the bottom of the screen to exit the Siri screen back to the contact page. If it's a Touch ID device, simply click the Home button once.
21, 3D Touch on the contact's icon up top on their info page. A menu will appear with options such as "Call," "Message," and "Add to Existing Contact."
22, Single-tap "Add to Existing Contact." You should now be able to see all of the contacts on the iPhone in order, unlike before when you could only see contacts based on the number you input.
23, Single-tap any contact.
24, Single-tap on the contact's photo icon where it says "add photo," then single-tap "Choose Photo" from the popup. You won't actually be able to see any photos at this point.
25, Long-press the Side button to activate Siri. If it's a Touch ID device, just long-press the Home button.
26, Tell Siri to "enabled VoiceOver."
27, Swipe up from the bottom of the screen slowly until you feel a vibration, to exit the Siri screen back to the photos page (which looks like the contact page). If it's a Touch ID device, simply click the Home button once.
28, Swipe right multiple times on the screen until you hear "Camera Roll."
29, Double-tap anywhere on the screen to select the "Camera Roll" option.
30, Single-tap on the screen where an image would normally appear.
31, Double-tap anywhere on the screen to select the photo highlighted.
32, Swipe left or right multiple times on the screen until you highlight the "Choose Photo" option.
33, Long-press the Side button to activate Siri. If it's a Touch ID device, just long-press the Home button.
34, Tell Siri to "disable VoiceOver."
35, Swipe up from the bottom of the screen to exit the Siri screen back to the contact page. If it's a Touch ID device, simply click the Home button once.
36, Single-tap "edit" on the contact's photo, then choose "Edit Photo" from the menu.
37, You can now view the photo in high resolution, albeit, with a translucent black around the main circle of the image selector.

As noted above in the instructions, to see the full contact list in order, as well as photos on the device, you'll need to see the "i" button appear next to a contact in Step 16. If "i" isn't present, you will only have access to the contact lists with that particular number in them.

As with most security-related bugs, we expect Apple to issue a software update as soon as possible. Make sure to check "Software Update" in the "General" settings often if you want to protect your iPhone from this bug. If you have iOS 12's new "Automatic Updates" enabled, you'll be all set.

And have something to say about GitHackTools or "How to bypass iPhone's Lock Screen on iOS 12 to Access Contacts and Photo"? Comment below or share this post from GitHackTools Facebook, GitHackTools Twitter and GitHackTools Google Plus.

From Gadget Hacks

Install the Windows Subsystem for Linux on Windows 10

Enable the Windows Subsystem for Linux
   Before installing any Linux distros for WSL, you must ensure that the "Windows Subsystem for Linux" optional feature is enabled:
      Open PowerShell as Administrator and run:
      Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

   Restart your computer when prompted.

Install your Linux Distribution for Windows Subsystem
   To download and install your preferred distro(s), you have three choices:
    * Download and install from the Windows Store (see below)
    * Download and install from the Command-Line/Script (read the manual installation instructions)
    * Download and manually unpack and install (for Windows Server - instructions here)

Windows 10 Fall Creators Update and later: Install Linux distros from the Microsoft Store

This section is for Windows build 16215 or later. Follow these steps to check your build. For earlier versions of Windows 10, follow these instructions using lxrun.

1, Open the Microsoft Store and choose your favorite Linux distribution.

   The following links will open the Windows store page for each distribution:
    * Ubuntu
    * OpenSUSE
    * SLES
    * Kali Linux and Debian GNU/Linux

2, From the distro's page, select "Get"

Complete initialization of your distro on Windows Subsystem
   Now that your Linux distro is installed, you must initialize your new distro instance once, before it can be used.

Troubleshooting Windows Subsystem:
   Below are related errors and suggested fixes. Refer to the WSL troubleshooting page for other common errors and their solutions.

   Installation failed with error 0x80070003
    * The Windows Subsystem for Linux only runs on your system drive (usually this is your C: drive). Make sure that distros are stored on your system drive:
    * Open Settings -> Storage -> More Storage Settings: Change where new content is saved

And have something to say about GitHackTools or Windows Subsystem for Linux? Comment below or share this post from GitHackTools Facebook, GitHackTools Twitter and GitHackTools Google Plus.

From Microsoft Docs

Manually download Windows Subsystem for Linux Distro packages

There are several scenarios in which you may not be able (or want) to, install WSL Linux distros via the Windows Store. Specifically, you may be running a Windows Server or Long-Term Servicing (LTSB/LTSC) desktop OS SKU that doesn't support Windows Store, or your corporate network policies and/or admins to not permit Windows Store usage in your environment.

In these cases, while WSL itself is available, how do you download and install Linux distros in WSL if you can't access the store?

Note:

Command-Line shell environments including CMD, PowerShell, and Linux/WSL distros are not permitted to run on Windows 10 S Mode. This restriction exists in order to ensure the integrity and safety goals that S Mode delivers: Read this post for more information.

Downloading distros for Windows Subsystem
   If the Windows Store app is not available, you can download and manually install Linux distros by clicking these links:
    * Ubuntu 18.04 and Ubuntu 18.04 ARM
    * Ubuntu 16.04
    * Debian GNU/Linux
    * Kali Linux
    * OpenSUSE
    * SLES

   This will cause the <distro>.appx packages to download to a folder of your choosing. Follow the installation instructions to install your downloaded distro(s).

Downloading distros via the Command-Line for Windows Subsystem
   If you prefer, you can also download your preferred distro(s) via the Command-Line:

   Download using PowerShell
      To download distros using PowerShell, use the Invoke-WebRequest cmdlet. Here's a sample instruction to download Ubuntu 16.04.
      Enter this following command:
      Invoke-WebRequest -Uri https://aka.ms/wsl-ubuntu-1604 -OutFile Ubuntu.appx -UseBasicParsing

      Tip:

If the download is taking a long time, turn off the progress bar by setting $ProgressPreference = 'SilentlyContinue'

   Download using curl
      Windows 10 Spring 2018 Update (or later) includes the popular curl command-line utility with which you can invoke web requests (i.e. HTTP GET, POST, PUT, etc. commands) from the command-line. You can use curl.exe to download the above distro's. Oen Command Prompt and enter this command:
      curl.exe -L -o ubuntu-1604.appx https://aka.ms/wsl-ubuntu-1604

      In the above example, curl.exe is executed (not just curl) to ensure that, in PowerShell, the real curl executable is invoked, not the PowerShell curl alias for Invoke-WebRequest.

      Note: Using curl might be preferable if you have to invoke/script download steps using Cmd shell and/or .bat / .cmd scripts.

Installing your distro for Windows Subsystem
   For instructions on how to install your downloaded distro(s), please refer to the Windows Desktop or Windows Server installation instructions.

And have something to say about GitHackTools or Windows Subsystem for Linux? Comment below or share this post from GitHackTools Facebook, GitHackTools Twitter and GitHackTools Google Plus.

From Microsoft Docs

Build Kali Linux with Live-Build on Debian-based Distros

Offensive Security use live-build to create their official Kali Linux releases and they encourage users to jump in and build customized versions of Kali Linux whenever users can. The documentation of the process is one of the most popular items on their documentations website, and the Kali Dojo also revolves around this topic. Offensive Security love it and our users love it.

One roadblock of live-build has always been the fact that you need a Kali Linux system to build a Kali Linux system. The reason for this is that small changes in both the original debootstrap and live-build packages are needed for building a Kali Linux ISO. In Kali Linux, these changes are already included, however in most Debian derivatives, some gentle massaging is needed to get ISOs to build.

Today, Offensive Security has updated their docs site to include instructions on how to build a custom Kali Linux ISO on other Debian-based distros like Debian 9 or Ubuntu 16.04 and 18.04. This will hopefully allow users running Debian derivatives to test the waters with Kali Linux and play with one of its cooler features.

Building a custom Kali Linux release with live-build is not as scary as it might sound so be sure to give it a chance!

Building Kali Linux on orther Debian-based Distros:
   You can easily run live-build on Debian based systems other than Kali Linux. The instructions below have been tested to work with both Debian and Ubuntu.

   First, we prep the system by ensuring it is fully updated, then proceed to download the Kali Linux archive keyring and live-build packages. The latest versions of these packages can always be found at https://http.kali.org/pool/main/k/kali-archive-keyring/ and https://archive.kali.org/kali/pool/main/l/live-build/ respectively.

   Open Terminal and enter the following commands:
   
   With that completed, we install some additional dependencies and the previously downloaded files:   With the environment all prepared, we start the live-build process by setting up the build script and checking out the build config.



   At this point, we have to edit the build.sh script to bypass a version check. We do this by commenting out the “exit 1” below.
   With that change made, the script should look as follows:

   We can now build our ISO as normal:
      sudo ./build.sh --variant light --verbose

No Commitment Testing
   After you get Kali Linux built, you might want to quickly test the ISO you created. There is a fast no commitment trial you can do with QEMU. On Ubuntu, you just have to prep the system by installing a few packages:
   With that out of the way, we will create a dynamic disk image to hold our Kali Linux installation and then boot off our newly created ISO. Don’t worry about the disk size, it will grow as needed so you won’t suddenly fill your drive just by creating the disk:

Kali Linux Live-build on Debian Distros

   At this point, you can run a live instance of Kali Linux, or install it to the virtual disk. If we go ahead and install it, we would then later launch the newly created VM with the command:
      kvm --name Kali -m 1024 -hda kali-disk.img -boot c

There are few things as satisfying as running your own Linux distros install that you created and tweaked for what you need. With a way to build Kali Linux on other Debian based distros and a quick way to test it, why wait?

From Kali Linux