Hacking Techniques & Intrusion Detection

                     Metasploit Framework

                            Outline - 1

What is MSF? 

• Metasploit Framework

 – Architecture 

– Components

 – Libraries

 – Interfaces

 – Modules 

– Utilities

 – Plugins 

• MSF Core Commands

                                    Outline - 2

• MSF Database

    – Basic Usage 

• Auxiliary Modules

• Payloads

• Generating Shellcodes 

• Creating Executable Files

• Encoding Executables 

• Multi Handler Exploit 

• Meterpreter

    – How it works 

    – Design Goals

 • MSF Evasion 

• DEMO(s)

What is MSF?

• Not just an open-source tool!

 • It‟s an Exploitation Framework designed for security researchers and pentesters with a uniform model for rapid development of:

 – Recon,

 – Exploits,

 – Payloads,

 – Encoders,

 – Vulnerability Testing

 – Post-Exploitation

 – Pivoting

 – Others? (please add)

MSF Architecture

MSF Components

• The Metasploit Framework is a modular system based on a few core components: 

    – Libraries, 

    – interfaces,

    – modules,,

    – mixins, 

    – and plugins. 

MSF Libraries

• Rex (Ruby Extension Library): – Provides Sockets, protocols, text transformations 

• Msf::Core (Core library / msfcore): – enables exploits, sessions, and plugins to interact with the different interfaces. 

• Msf::Base (Base library / msfbase): – provides wrapper routines and utility classes that you can use to easily work with the Core library.

Metasploit Interfaces

• MSFconsole  interactive 

• MSFcli  scripting 

• MSFweb  as the name implies 

• MSFgui  java based GUI 

• and Armitage  interactive GUI 

MSF Modules 

• Core components of MSF 

• A piece of software that can perform a specific action. (ex: exploitation, fuzzing, and scanning).

 • Modules are found in the following directory:

 • /metasploit/msf3/modules. • Categorized by type and then by protocol. 

• MSF Modules include:

    – Exploit 

    – Auxiliary

    – Post-Exploitation 

    – Payload 

    – NOP generator 

    – Payload encoder

MSF Utilities 

• MSFpayload 

   – Generate shellcode and executables. 

• MSFencode 

   – Alter payloads so that the original payload does not contain any bad characters. 

• Msfvenom 

   – Combination of both MSFpayload and MSFencode, which provides standard CLI options and 

       increased speed

MSF Plugins 

• Plugins work directly with the API. 

• Manipulate the framework as a whole. 

• Plugins hook into the event subsystem. 

• Automate specific tasks which would be tedious to do manually. 

• Plugins only work in the msfconsole. 

• Plugins can add new console commands. 

• Extend the MSF functionality.