Understanding What's Behind the Exploitation Scene in Metasploit

Welcome Back!Here, we'll analyze and understand the mechanism behind the exploitation scene, especially in Metasploit.Let's start with a scenario: an attacker executes the exploit + payload against the vulnerable service on the victim's machine. [caption id="" align="alignnone" width="393"] Figure 1.0[/caption] Above, Fig 1.0, shows a single line diagram, just to give you an idea how exploit + payload can be used to compromise any victim you encountered during research or pentesting. BEHIND THE SCENE ---{ HOW PAYLOADS WORK }For a better understanding, let's have a look at how payload works:[caption id="" align="alignnone" width="304"] High Level Diagram - How Payloads Work Figure 2.0[/caption] In my previous article i.e "Understanding the Metasploit Framework", we came across three different type of payloads in Metasploit.

1. Singles
2. ii. Stagers
3. iii. Stages

 Let's have a visual look at how stagers and stages payload work together:[caption id="" align="alignnone" width="643"] Figure 3.0[/caption]

Metasploit is basically used as a jumble of staged and stage-less payloads, and that jumble gives anthology to penetration testers for selecting options when performing exploitation.

Staged Payload

* Compact as possible

* Perform single task

* Provide means for an attacker to upload something big. (Refer: Figure 3.0)

In Metasploit, the payload can be "reverse_tcp" and second stage (Stage 1) might be something more complex i.e Meterpreter Shell or VNC.

 - Thanks -

Stay Linked !

Ali Tabish