- Research attack surface and vulnerabilities
- Develop attack vector
- Find or create an exploit
- Prepare or build a shellcode
An exploit takes advantage of a vulnerabilities.
This can take effect in the execution of arbitrary commands by inserting them in the execution path of the program. Escalation of privileges, bypass of authentication, or infringement of confidentiality can be the result.
Metasploit
editThe Metasploit framework was released in 2003. This framework provided for the first time:
- a single exploit database with easy updating,
- freely combining of an exploit with a payload,
- a consistent interface for setting options, and
- integrated encoding and evasion,
where:
- an exploit is a code module that uses a particular vulnerability,
- a payload is code that is sent along with the exploit to take some action, such as providing a command-line interface,
- options are used to select variants of exploits and payloads,
- encoding is modifying the payload to circumvent limitations, whether they are caused by the logic of the vulnerability or an inadequate IPS, and
- evasion is bypassing security devices by employing evasion techniques.
The basic procedure of using Metasploit is: choose an exploit, choose a payload, set the IP address and port of the target, start the exploit, evaluate, and stop or repeat the procedure.[1]
Metasploit is not suited for finding the vulnerabilities of a host; a vulnerability scanner is. Alternatively, when a port scanner has found an open port, all exploits for that port may be tried.[2]
Metasploit 3.0 provides the following payloads:
- VNC injection. This payload for targets that run Windows gives a graphical user interface to the target that is synchronized with the graphical user interface of the target.
- File execution. This payload for targets that run Windows uploads a file and executes it.
- Interactive shell. This payload gives a command-line interface to the target.
- Add user. This payload adds a user with specified name and password that has administrator access.
- Meterpreter. This payload gives a rich command-line interface to targets that run Windows.[3]
VNC connections need a relatively large bandwidth to be usable, and if someone is in front of the compromised computer then any interaction will be seen very quickly. The command-line interfaces of Linux and OS X are powerful, but that of Windows is not. The Meterpreter payload remedies these shortcomings. The reference gives a list of Meterpreter commands.[4]
Appendixes
editSee also:
Tools:
- https://docs.rapid7.com/metasploit/validating-a-vulnerability
- https://www.offensive-security.com/metasploit-unleashed/exploit-development/
- ↑ Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 193-194, 219.
- ↑ Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 200-201.
- ↑ Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 203-205, 325.
- ↑ Security Power Tools by Bryan Burns and others, O'Reilly Media, Inc., 2007, pages 215-218.