Open In App

List of Auxiliary Module Reference in Metasploit

Last Updated : 01 Sep, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

The Metasploit Project is a computer security project that provides data about security vulnerabilities and assists in penetration testing. It is owned by Rapid7, a US-based cybersecurity firm. A notable subproject of Metasploit is the open-source Metasploit Framework—a tool used to develop and run exploit code on remote target systems.

What is Metasploit?

The Metasploit project includes anti-forensics and remediation tools, some of which are built into the Metasploit Framework. Metasploit comes pre-installed on the Kali Linux operating system. As we all know Metasploit is a huge framework and can be used to do a lot of tasks. This article will show us how to use Metasploit’s auxiliary modules. These modules are beneficial in many scenarios such as scanning, information gathering, and much more, in this tutorial, we will show you how to a few of them but you can follow the same steps to use most auxiliary modules.

What are Auxiliary Modules in Metasploit?

In Metasploit, any module that is not an exploit is an auxiliary module. Exploit modules always have a payload. Auxiliary modules are a fascinating feature of the framework allowing it to extend for a variety of purposes other than exploitation. You can create your own quick vulnerability scanners, and port scanners, make MSF work as an FTP, HTTP, or SMTP client, and do a whole lot of other cool stuff. You have a ready-to-use code library at your disposal enabling quick development of such tools.

Auxiliary modules are a fascinating feature of the framework allowing it to extend for a variety of purposes other than exploitation:

  1. admin: Modules that modify, operate, or manipulate something on the target machine.
  2. analyze: We initially created this folder for password-cracking modules that require analysis time.
  3. client: We initially created this folder for an SMTP module for social-engineering purposes.
  4. dos: Pretty self-explanatory: denial-of-service modules.
  5. fuzzers: If your module is a fuzzer, this is where it belongs. Make sure to place it in the correct sub-directory based on the protocol.
  6. gather: Modules that gather, collect or enumerate data from a single target.
  7. scanner: Modules that use the Msf::Auxiliary::Scanner mixin almost always go here. Make sure to place yours in the correct sub-directory based on the protocol.
  8. server: Modules that are servers.
  9. sniffer: Modules that are sniffers.

Usage of Auxiliary Modules

Step 1: First, start the Metasploit framework by just running the command msfconsole on the terminal.

msfconsole
MSF console

 

Step 2: Now to see all the auxiliary modules available in Metasploit just type the command:

show auxiliary
List of Auxiliary Modules

 

With almost 1,000 auxiliary modules, Metasploit is probably one of the most complete penetration frameworks out there.

Examples of Auxiliary Module

TCP port auxiliary module

Step 1: We will start with one of the most useful HTTP auxiliary modules, TCP port scan, so we are going to use the “use” command followed by the auxiliary that we want to use:

use auxiliary/scanner/portscan/tcp

Just like using anything in the Metasploit framework, if you’re stuck at any point just hit the double tab to see all the available modules as shown below.

All subauxiliary of the portscanner module

 

Step 2: We can also use the “info” command to get more information on a specific module (or auxiliary in this case) and see all the options that we can set:

all parameters of the TCP port scanner

 

Step 3: Now we need to change the options so the module runs on our target, we are going to run this module against another virtual machine in our network, this virtual machine is running metasploitable so it should have a number of open ports, so the main option that we need to set is the RHOST which is the IP of the machine that we want to run this module against, changing the options here is the same as changing it in any other Metasploit module, it follows the following format

set [option name] [option value]

So in our case [option name] is RHOST and [option value] is 10.0.2.9 which is the IP of the target machine, therefore the command is:

set RHOST 10.0.2.9

We’ll also change the number of threads by running

set THREAD 50
List of Open Ports on target IP

 

Finally, we can run “info” again just to make sure that all the options are set as we wish and then use the “run” command to run the module, give it some time and you’ll get the results in the same window.

Scanning MSSQL with Metasploit Auxiliary Module

Step 1: Let’s jump into the Metasploit-specific modules for testing the MSSQL server and see what kind of information we can find by using them. The very first auxiliary module we will use is mssql_ping. This module gathers additional service information.

use auxiliary/scanner/mssql/mssql_ping
Using the mssql_ping auxiliary module

 

Step 2: The next step in penetration testing a database is to check authentication precisely. Metasploit has a built-in module named mssql_login, which we can use as an authentication tester to brute force the username and password of an MSSQL server database.

Let’s load the module using the command and analyze the results:

use auxiliary/scanner/mssql/mssql_login
Successful login on the database through the MSSQL login

 

So this is just a simple example of using it soon as we run this module, it tests for the default credentials at the very first step, that is, with the sa username and the blank password, and finds that the login was successful. Therefore, we can conclude that the default credentials are still being used. Additionally, we can try testing for more credentials if the sa account is not immediately found. 

Step 3: To achieve this, we can set the USER_FILE and PASS_FILE parameters with the name of the files that contain dictionaries to brute force the username and password of the database management system:g an auxiliary in Metasploit, here we used a port scanner but you can use most modules the same way, so the main steps are:

show options
The mssql_login module options

 

Step 4: Let’s set the required parameters, which are the USER_FILE list, the PASS_FILE list, and RHOSTS, by issuing the set USER_FILE user.txt, and set PASS_FILE pass.txt, and set RHOSTS 192.168.65.1 commands, respectively, to run this module successfully, as follows:

set USER_FILE user.txt
set PASS_FILE pass.txt
set RHOSTS 192.168.65.1

Setting the username and password dictionary files

Step 5: When we will run this module against the target database server, we will get an output similar to the one in the following screenshot:

Brute forcing the MSSQL username and password

As we can see in the preceding output, we have two entries that correspond to the successful login of the user in the database. We found a default user, sa, with a blank password, and another user, nipun, whose password is 12345.

Conclusion:

These are modules that provide additional functionalities such as scanning, fuzzing, sniffing, and much more. Metasploit offers various exploits, post exploits, and auxiliary, scanner, evasion, and exploit development tools. 



Like Article
Suggest improvement
Next
java.lang.ref.SoftReference Class in Java
Share your thoughts in the comments

Similar Reads

Metasploit - Payload
Converting a CVE list to Patch Vulnerabilities
Packet List Pane Functions in Wireshark
PRES Users Context List in Wireshark
Complete Guide to Linked List Data Structure
author
skumardas267
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox