1

Introduction to Metasploit

Ali HussainEbryx-SMC

http://www.ebryx.com/

2

Agenda

Metasploit overview

Exploits format and configurations

Interfaces of metasploits

Exploit running and demo

http://www.ebryx.com/

3

What is Metasploit

The Metasploit Framework is an advanced open-source platform for developing, testing, and using software exploit.Written in Ruby

Supports Linux, Windows, Modular, scriptable frameworkSecurity Framework identifies vulnerabilities and exploits themIntended for penetration testing and researchCustomizable (nexpose plugin)

http://www.ebryx.com/

4

Metasploit Installation

Download and run standalone installer for windowsPreinstalled in Backtrack Also available for Linux

http://www.metasploit.com/download/

http://www.ebryx.com/

5

Metasploit Interfaces

Msfconsole:Console interface to Metasploit

http://www.ebryx.com/

6

Metasploit - Exploits

1000+ exploitsSupport windows/apple_ios/Linux/Multi/Unix/freebsdApplication specific exploits

Browsers, java, flash, ftp, mysql etc…Exploits are passive (client bugs) or active (service exploitation)Organized as platform/application/exploit

exploit/windows/browser/ie_cbutton_uaf

http://www.ebryx.com/

7

Metasploit - Payloads

Contain shell code to be executed of target machineSome example of payloads available in metasploit

vncinjectReverse connection (e.g reverse_tcp)DllinjectShell command executeDownload_exec Custom

Meterpreter (Special Type of payload)Semi automatic and establish commandline sessionwindows/meterpreter/reverse_tcp

http://www.ebryx.com/

8

Metasploit - Payloads example

http://www.ebryx.com/

9

GUI Interface of Metasploit

http://www.ebryx.com/

10

Demos

http://www.ebryx.com/

11

Conclusion

Metasploit is one of powerful weapon of hackers and Security researcher must know it.

“If I had eight hours to chop down a tree, I’d spend the first six of them sharpening my axe.”

-Abraham Lincoln

http://www.ebryx.com/