Metasploit is an open-source platform for developing, testing, and using software exploits. It contains over 1000 exploits for various platforms and applications as well as payloads to execute code on target machines. The document discusses Metasploit's interfaces like msfconsole, the formats for exploits and payloads, and provides an overview and demo of using Metasploit for penetration testing and security research.
3. 3
What is Metasploit
The Metasploit Framework is an advanced open-
source platform for developing, testing, and using
software exploit.
Written in Ruby
Supports Linux, Windows,
Modular, scriptable framework
Security Framework identifies vulnerabilities and
exploits them
Intended for penetration testing and research
Customizable (nexpose plugin)
http://www.ebryx.com
/
4. 4
Metasploit Installation
Download and run standalone installer for windows
Preinstalled in Backtrack
Also available for Linux
http://www.metasploit.com/download/
http://www.ebryx.com
/
6. 6
Metasploit - Exploits
1000+ exploits
Support windows/apple_ios/Linux/Multi/Unix/freebsd
Application specific exploits
Browsers, java, flash, ftp, mysql etc…
Exploits are passive (client bugs) or active (service
exploitation)
Organized as platform/application/exploit
exploit/windows/browser/ie_cbutton_uaf
http://www.ebryx.com
/
7. 7
Metasploit - Payloads
Contain shell code to be executed of target machine
Some example of payloads available in metasploit
vncinject
Reverse connection (e.g reverse_tcp)
Dllinject
Shell command execute
Download_exec
Custom
Meterpreter (Special Type of payload)
Semi automatic and establish commandline session
windows/meterpreter/reverse_tcp
http://www.ebryx.com
/
11. 11
Conclusion
Metasploit is one of powerful weapon of hackers and
Security researcher must know it.
“If I had eight hours to chop down a tree, I’d spend the
first six of them sharpening my axe.”
-Abraham Lincoln
http://www.ebryx.com
/