Understanding the Metasploit Framework

October 29, 2015 | Views: 7998

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Finally, you’re here. Before we step in, I’d like to clear up this misconception about Metasploit: Metasploit is not a tool or software; it’s a ‘Framework.’


Let’s start begin:






Basic Library for most tasks

Handles sockets, protocols, text transformation and others

SSL, SMB, HTTP, XOR, Base64, Unicode


Msf: Core

Provides the ‘basic’ API

Defines the Metasploit Framework


Msf: Base

Provides the ‘Friendly’ API

Provides simplified APIs for use in the Framework



Exploits – as Modules that use payloads

Auxiliary – An exploit without a payload

Payloads – Consist of code that runs remotely, Create at run-time with various component

Encoders – Ensure that payloads make it to their destination

Nops – Keep the payload sizes consistent


Mixins and Plugins

Mixins – ‘Include’ one class into another; add new features and allows module to have different ‘flavors’

 i. Protocol-specific (HTTP, SMB)

ii. Behavior-specific (Brute Force)

iii. Connect ()

Plugins – Work directly with the API

 – Manipulate the framework as a whole

 – They automate the specific tasks which would be tedious to do manually



Three different types of payload module types in Metasploit:

i. Single

ii. Stagers

iii. Stages



Payloads that are self-contained and completely standalone i.e as simple as adding user to the target system or running calc.exe.


Setup a network connection between the attacker and victim and are designed to be small and reliable.


Payload components that are downloaded by Stagers modules.

Provide advanced features with no size limits such as Meterpreter, VNC Injection and the iPhone ‘ipwn’ Shell.

Note: Payload stages automatically use “middle stagers”



Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime.


Design Goals

Steathly –> Meterpreter resides entirely in memory and writes nothing to disk.

No new processes are created, as Meterpreter injects itself into the compromised process and can migrate to other running processes easily.

By default, Meterpreter uses encrypted communications.

All of these provide limited forensic evidence and impact on the victim machine.

Meterpreter utilizes a channelized communication system.


Stay Linked!


Tabish Ali

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Great one, but i thing it is not advance (this catchy word lead me here 😛 ) . I thing its pretty basic of understanding metasploit core , if someone doesnt know how tools (in general) works , then probably he will not be able to use the 100% of potential.
    But its really great to share knowledge like this for people who doesnt really know how tools are build and their potentials.

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?