What is Metasploit?
Metasploit is a framework for penetration testing developed by HD Moore in 2003. Metasploit was originally written in perl back then, and then it was completely written in Ruby. And then Rapid7 a Cyber Security Company purchased it in 2009.
It comes in 6 different interfaces Metasploit Framework Edition, Metasploit Community Edition, Metasploit Express, Metasploit Pro, Armitage, and Cobalt Strike. In this series, we will cover stuff from Metasploit Community Edition. Community Edition comes preinstalled in all pen-testing Linux distributions with many exploits payloads, auxiliaries, modules, etc. Today in this article we will talk about how to start Metasploit and especially for windows users I’ll tell how we can install and use it in windows.
Before the installation part let’s get our eyes on some basic terms used in Metasploit.
Exploit: An exploit is a piece of code that can be sent to a vulnerable service running on the target device to gain access to it.
Auxiliary: Auxiliary is a module of the Metasploit framework that allows you to conduct vulnerability scanning, fuzzing, port scanning, and other information-gathering stuff. Auxiliary can make Metasploit work as an FTP, HTTP, or SMTP client and more cool things. and the best part is you can create your own Metasploit auxiliary.
Encoders: Encoder is a program or software or in Metasploit, we say a module that helps you to encode the original code of a payload or backdoor which you gonna send to the victim so that anti-virus, firewall programs can’t detect your malicious payload and you can have an access to the victim’s system like a boss xD.
Payloads: Payload is referred to a piece of code that accomplishes the action such as harvesting information from the targeted service, or hijacking/hacking the targeted service/system.
Backdoor: A backdoor is a hidden entry to a device that bypasses security measures such as login protections, firewalls, and anti-viruses. most hackers use backdoors to maintain access to their hacked systems/servers. In the Metasploit framework, there are 3 different types of payload modules: Singles, Stagers, and Stages. These different types of modules can be found useful in different scenarios.
Post: It is a collection of post-exploitation modules in Metasploit which can be run on hacked target systems to gather evidence and much more.
Listener: In Metasploit, there is a listener too which is used to listen to the incoming requests and if it is from the system you have targeted and successfully exploited then it listens to the incoming requests from the targeted system and opens a reverse shell to it and makes a session.
Meterpreter: Meterpreter is an advanced payload that communicates over a stager socket and gives you a connection to the target system after exploitation.
Client-Side Attacks: In client-side attacks, an attacker needs user interaction to hack them or gain access to the machine. like doing some spear phishing attack on them, making them use your app/software, making them open any image, or document which is embedded with a malicious payload that will trigger when they open this kind of files sent by an attacker.
Server-Side Attacks: In server-side attacks, the attacker doesn’t need user interaction to gain access to the servers/systems. In Server Side Attacks attacker exploits vulnerable services on the server remotely and takes control of it.
Remote Exploitation: In remote exploitation, an attacker doesn’t need any interaction with the victim user or doesn’t need to access the target system physically to do something. The attacker can have access to the targeted system/server by exploiting vulnerabilities on the target.
NOP: NOP stands for No Operation. NOP is used to break the current execution cycle of assembly codes running on the target. basically, it gives instructions to the executed command/exploits/payload to break down or stop its execution on the machine.
Metasploit can be used in web application attacks too as it got many web application exploits pre-loaded and you can also load more from Exploit-DB.
Where to download Metasploit?
Metasploit can be downloaded from https://www.metasploit.com/download
Components of Metasploit:
| Metasploit Meterpreter | Run as a DLL injection payload on a target PC providing control over the target system. |
| Metasploit msfvenom | Help create standalone payloads as executable, Ruby script, or shellcode |
Meterpreter Commands list:
Please refer to another post for meterpreter cheat-sheet ah here.
[…] Getting started with MetaSploit […]