This is the fourth in a five part series on the fundamentals of Metasploit that I wrote back in 2014. While some of the specifics have changed over time, the series still provides a good overview for the new user of Metasploit.
Links to all of the articles are listed below:
- Part 1: Metasploit Overview and Tools
- Part 2: The Metasploit Console
- Part 3: Pivoting with Metasploit
- Part 4: Metasploit Dynamic Shellcode Generation
- Part 5: Scripting Metasploit
If you’ve been following this series of articles, by this point you are familiar with the tools that the Metasploit Framework provides, know your way around the Metasploit Consolse, can select, use, and control an exploit, and turn compromised systems into private routers or forwarders at will.
Obviously that’s a good start, but what about those situations in which using a pre-built exploit just won’t work? Say for instance that we’ve found a website on a system that allows us to upload a file, and doesn’t filter that file at all?
Surely there’s a way to generate some shellcode dynamically to do what we want, in the format we want, right? For instance, if we find a web server that uses ASPX and which allows us to upload our personal profile picture, but doesn’t restrict that upload in any way (e.g. lets us upload an ASPX script)? It sure would be cool if the Metasploit Framework had a way for us to create a bind shell (for instance) in ASPX on a specified port for just this purpose, wouldn’t it?
Well, strap into your seat because we’re about to do just that.