Metasploit msfd Remote Code Execution | Lucideus

Introduction
Msfd-service makes it possible to get a msfconsole-like interface using the ruby interpreter over a TCP socket. If the socket is accessible on a remote interface, an attacker can achieve a shell and execute commands on the victim’s machine and at this time, all version of Metasploit is affected by the vulnerability.

About msfd
Msfd is a tool that opens a network interface to a msfconsole. It can be executed by giving the IP address and the port (by default it runs on 55554) on which it should listen for incoming connections. This allows a single user or multiple users to connect from a remote system to the framework.

Lab Environment
Framework :- metasploit framework(MSF)
Victim’s Operating system:-linux kali 4.6.0-kali-amd64(2016.2)
Attacker's Operating system:-linux kali 4.15.0-kali-amd64(2018.2)

Step 1: Msfd service is running on the victim’s machine.

Step 2: Then attacker opens the msfconsole.

Step 3: Then attackers search for msfd and get two result ,use exploit/multi/misc/msfd_rce_remote

Step 4: Then attackers see the requirement of the exploit by typing “options” and see this exploit want only RHOST(victim’s IP) so they give the IP.

Step 5: Then they type “exploit” for gaining access to the victim machine and attacker get the raw shell of the victim's machine.

Step 6: Now attacker’s have the raw shell now attackers can do anything they want from victim's machine.