Exploitation framework -Metasploit
What is Metasploit?
Metasploit is an Exploitation framework, used for vulnerability research and exploit development. It is ruby based penetration testing platform enable to write, test, execute & exploit code. It is a set of tools used to gather information , scanning, exploitation, exploit development, and post-exploitation.Metasploit has available in two versions.
Metasploit pro — It is commercial version available in GUI for automation and management of tasks.
Metasploit framework — It’s an open-source version that works from the command line.
The main components of metasploit framework include msfconsole, modules, & tools.
MSFConsole — It’s a command line interface used to work with metasploit framework. Like scan targets, exploit vulnerabilities, and collect data.
Modules — It has 6 core modules to be a bulk tool. The modules are Auxillary, Exploit, payload, Encoder, & NOP (No operation).
Tools — It has Stand-alone tools that will aid for vulnerability research, vulnerability assessment, or penetration testing.
METASPLOIT ARCHITECTURE
Accessing MSFConsole
Metasploit is by default available on Kali linux. Just use command msfconsole on command prompt to start running of metasploit. If everything fine, then you’ll get information like below screenshot.
msfconsoleOne you run the command the metasploit starts running depends on the version (metasploit v6).
Use ls command to view list of files present in the folder.
Use help command to know more available options of metasploit.
You can also view history commands that the command you used earlier.
Modules
The interaction will always search information through modules based on their purposes.
Exploit : A piece of code that uses a vulnerability present on the target system.
Vulnerability: A system weakness which allows the attacker to targeting system.
Payload: A code takes an advantage of a vulnerability.
Auxiliary: We found modules like scanners, fuzzers,& sniffers.
Encoder: It encodes exploit and payload.
NOP — No operation.
Will come up with another metasploit post untill that stay tuned…
Thanks for Reading….