Understanding the Metasploit Framework

October 29, 2015 | Views: 7871

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Finally, you’re here. Before we step in, I’d like to clear up this misconception about Metasploit: Metasploit is not a tool or software; it’s a ‘Framework.’

 

Let’s start begin:

Architecture

m-architecture

 

Library

REX

Basic Library for most tasks

Handles sockets, protocols, text transformation and others

SSL, SMB, HTTP, XOR, Base64, Unicode

 

Msf: Core

Provides the ‘basic’ API

Defines the Metasploit Framework

 

Msf: Base

Provides the ‘Friendly’ API

Provides simplified APIs for use in the Framework

 

Modules

Exploits – as Modules that use payloads

Auxiliary – An exploit without a payload

Payloads – Consist of code that runs remotely, Create at run-time with various component

Encoders – Ensure that payloads make it to their destination

Nops – Keep the payload sizes consistent

 

Mixins and Plugins

Mixins – ‘Include’ one class into another; add new features and allows module to have different ‘flavors’

 i. Protocol-specific (HTTP, SMB)

ii. Behavior-specific (Brute Force)

iii. Connect ()

Plugins – Work directly with the API

 – Manipulate the framework as a whole

 – They automate the specific tasks which would be tedious to do manually

 

Payloads

Three different types of payload module types in Metasploit:

i. Single

ii. Stagers

iii. Stages

 

Single

Payloads that are self-contained and completely standalone i.e as simple as adding user to the target system or running calc.exe.


Stagers

Setup a network connection between the attacker and victim and are designed to be small and reliable.


Stages

Payload components that are downloaded by Stagers modules.

Provide advanced features with no size limits such as Meterpreter, VNC Injection and the iPhone ‘ipwn’ Shell.

Note: Payload stages automatically use “middle stagers”

 

Meterpreter

Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime.

 

Design Goals

Steathly –> Meterpreter resides entirely in memory and writes nothing to disk.

No new processes are created, as Meterpreter injects itself into the compromised process and can migrate to other running processes easily.

By default, Meterpreter uses encrypted communications.

All of these provide limited forensic evidence and impact on the victim machine.

Meterpreter utilizes a channelized communication system.

 


Stay Linked!

Thanks,

Tabish Ali

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
15 Comments
  1. Great one, but i thing it is not advance (this catchy word lead me here 😛 ) . I thing its pretty basic of understanding metasploit core , if someone doesnt know how tools (in general) works , then probably he will not be able to use the 100% of potential.
    But its really great to share knowledge like this for people who doesnt really know how tools are build and their potentials.

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

Is Linux Worth Learning in 2020?
Views: 333 / December 14, 2019
How do I Get MTA Certified?
Views: 925 / December 12, 2019
How much does your PAM software really cost?
Views: 1378 / December 10, 2019
How Do I Get into Android Development?
Views: 1756 / December 8, 2019

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel