Scribd
Upload
19 views12 pages

Metasploit Background

Metasploit is an open-source framework used by security professionals to exploit vulnerabilities in software and hardware. It involves a process of finding vulnerabilities, loading modules, setting options, selecting payloads, and executing exploits. The document outlines key terminology, basic usage, and provides contact information for further inquiries.

Uploaded by

ravi babu chilukuri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views12 pages

Metasploit Background

Metasploit is an open-source framework used by security professionals to exploit vulnerabilities in software and hardware. It involves a process of finding vulnerabilities, loading modules, setting options, selecting payloads, and executing exploits. The document outlines key terminology, basic usage, and provides contact information for further inquiries.

Uploaded by

ravi babu chilukuri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Metasploit Basics

Made possible through support from the National


Science Foundation (NSF) award number 1800929
Objectives

 Explain Metasploit’s Purpose.


 Define Metasploit Terminology.
 Discuss Basic Metasploit Usage.
 Demonstrate Basic Metasploit Usage.
Metasploit Overview

 Metasploit is a Ruby based, open-source framework designed to provide a


consistent and easily expandable way to use security tools and exploits
 Used by black and white hat security professionals
 This tool should NOT be used in a production environment!
Metasploit Terminology

 Vulnerability – A security flaw in


software or hardware that may
be susceptible to exploitation.

 Exploit – The act of taking


advantage of a vulnerability.

 Payload – The module that will


execute when the exploit is
successful.
Basic Metasploit Process

 Find Vulnerability
 Load Module
 Set Options
 Select Payload
 Set Options
 Exploit
Find Vulnerability

 Metasploit is primarily designed to exploit, not find, vulnerabilities


 Metasploit contains tools that can be used to discover systems and
vulnerabilities
 db_nmap
 Version of nmap that saves results to a database

 Connect
 Built in ncat program

 Metasploit is designed to interface with a database to allow you to save your


work
 Metasploit passes any commands it doesn’t recognize to the local operating
system
Load Module

 Modules are Ruby scripts that plug into then extend Metasploit's functionality
 Exploits are modules that use payloads
 Search is a useful command used to locate available modules
Exploit Options

 Options control what and how Metasploit module's function


 Common module options:
 RHOSTS – Remote host (the host being targeted)
 RPORT – Remote port (the port being targeted)
Payload Type

 There are many types of payloads


 bind – Establish a connection from the local system to the remote system
 reverse_bind – Establish a connection from the remote system to the local system
 Normally used when a firewall prevents direct access to the remote system

 meterpreter – Fileless shell replacement software for Windows (uses dll injection)
Payload Options

 Options control what and how Metasploit payload’s function


 Common module options:
 LHOST – Local host (the host performing the attack)
 LPORT – Local port (the port on the local system that will accept the connection
from the target)
Exploit the Target

 Once the module is loaded, the payload selected, and the options set type
exploit or run to activate the module
For More Information

 For further information go to https://www.nl.northweststate.edu/camo or


contact:
 Tony Hills – thills@northweststate.edu – 419-267-1354
 Mike Kwiatkowski – mkwiatkowski@northweststate.edu – 419-267-1231

Made possible through support from the National


Science Foundation (NSF) award number 1800929

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy