Ready to Start Your Career?
Create Free Account
By: S-Connect
November 3, 2015
Understanding What's Behind the Exploitation Scene in Metasploit
November 3, 2015
By: S-Connect
November 3, 2015
Welcome Back!Here, we'll analyze and understand the mechanism behind the exploitation scene, especially in Metasploit.Let's start with a scenario: an attacker executes the exploit + payload against the vulnerable service on the victim's machine. [caption id="" align="alignnone" width="393"]
Figure 1.0[/caption] Above, Fig 1.0, shows a single line diagram, just to give you an idea how exploit + payload can be used to compromise any victim you encountered during research or pentesting. BEHIND THE SCENE ---{ HOW PAYLOADS WORK }For a better understanding, let's have a look at how payload works:[caption id="" align="alignnone" width="304"]
High Level Diagram - How Payloads Work Figure 2.0[/caption] In my previous article i.e "Understanding the Metasploit Framework", we came across three different type of payloads in Metasploit.- Singles
- ii. Stagers
- iii. Stages
Metasploit is basically used as a jumble of staged and stage-less payloads, and that jumble gives anthology to penetration testers for selecting options when performing exploitation.
Staged Payload
* Compact as possible
* Perform single task
* Provide means for an attacker to upload something big. (Refer: Figure 3.0)
In Metasploit, the payload can be "reverse_tcp" and second stage (Stage 1) might be something more complex i.e Meterpreter Shell or VNC.
- Thanks -
Stay Linked !
Ali Tabish
