HACKNG LIKE A PRO: INTRODUCTION TO METASPLOIT PART -1 - HACKING LIKE A PRO

Latest

Tuesday 13 January 2015

HACKNG LIKE A PRO: INTRODUCTION TO METASPLOIT PART -1


Metasploit is a tool used to exploit vulnerabilities in daemons running on an open port. It is extremely powerful tool that is not easy to control. Many speak of vulnerabilities without defining them first. So:

What is a vulnerability?


A vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system. Not all vulnerabilities are dangerous and not all of them are exploitable. They can be often found in outdated applications, services or operating systems. Now that we understand what being exploitable means, what is an exploit itself?

What are exploits?

 Exploits are highly specialized small programs, whose only purpose is to take advantage of a vulnerability and deliver a payload, which will grant attacker the control. Metasploit is a great tool that has a vast number of exploits. I will cover using some of them later on. So, if it's purpose is to deliver a payload, what is payload?

Buffer Overflow

 Buffer Overflow is a common method used to make exploits. How does it work?

Imagine a glass of wine. You're thirsty and you want to drink it. You keep pouring it into the glass, but at one point, the wine will have filled the glass and it will leak outside of it, on your carpet. This is exactly what buffer overflow is. It happens when a program or file writes data to a buffer and overflows it. It leaks into adjacent memory and overrides it. That way we get our malicious part to execute.

What is a payload?

Payload is delivered by exploit and is used to control the remote system.Think of it this way: Exploit is like terrorist that is carrying a bomb in his backpack. He enters the system and leaves his backpack there. Most popular and widely known payload is meterpreter, that has a lot of features. With it you can Browse remote files, downlaod them, upload your own, capture keystrokes, take screenshots, open DOS, and pivot to another machine as well. Through meterpreter, you can pivot and attack machines in networks that are not your own.

The first step to success is a small one. You can not learn without studying. That's why you have to get your hands dirty, and start the quest of searching. But before that, let's just talk a little about Metasploit.


Metasploit

Metasploit and all of it's exploits are written in Ruby. Metasploit has four interfaces.
  • MsfCli
  • MsfConsole
  • MsfGui
  • Armitage

I will be going in detail about MsfConsole and Armitage.

You can run metasploit in both Windows and Linux.

  • Windows -Download it here.
  • Use BackTrack. BackTrack is linux made entirely for Pentesting purposes. It has a vast number of amazing tools that you will be using. Metasploit is one of them.
THANKS FOR VISITING!!!

Read more

Subscribe via email

Author Image

About Rahul UK
Hello Friends, I am a computer programmer and i love hacking. I always want to explore new tech things in daily life and want to share knowledge with other people.

By at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)