2. I. About me
II. Understanding Basic MSF & Terms
III. How does exploitation work?
IV. How does exploitation work?
V. Common Steps of a compromise
VI. Scan For ports and services
VII.Metasploit Framework Basics
VIII.Meterpreter Basics
Table Of Contents
6. Exploit + Payload
Upload/Download Data, malware, rootkit,..
Exploit run first, if succeed payload runs next
How does exploitation work?
7. - Scan ports and services running on that
target IP
- Identify a vulnerability service / known
exploit or private exploit
- Compromise, launch exploit, exploitation
plan
Common Steps Of a Compromise
8. - Scan a machine using tools like “nmap”
- Use port scanner to scan for ports and
services running on remote system
- Services scanning with version indentified
same time
Scan For Ports and Services
9. - Tool for development and testing of vulnerability
- Can be used for:
- Penetrating testing
- Exploit research
- Developing IDS signatures
- Started by H.D Moore, 2003 (Perl)
- Was rewritten in Ruby, 2007
- Acquired by Rapid7, 2009
- Open Source and free for use
- Over 770+ tested exploit
- Over 228 payloads
Metasploit Basics