Metasploit Framework is a collection of exploits, shellcodes, fuzzing tools, payloads, encoders etc. Moreover, we can regard it as a collection of exploitation tools bundled into a single framework.
It is available in all major Linux, Windows, OSX platforms. Its main objective is to test your/company’s/organization’s defenses by attacking them. Something like “Offense for Defense”.
This is actually where a penetration tester/Security Analyst begins attacking the victim after a huge recon. Metasploit has a wide range of tools & utilities to perform attacks against all operating systems including Android & iOS.
Metasploit Framework History
Metasploit was first written in Perl by H.D.Moore. Initially, it was intended to be a maintainable framework which automates the process of exploiting rather than manually verifying it. The first version was released in 2003 which consisted of 8-11(exact number not sure) no of exploits.
Then more contributors collaborated & contributed to it a major release was 2.7 in 2006 which consisted of 150+ exploits. Then a major change was in version 3. It was reprogrammed in Ruby & was made cross-platform.
Also, the coolest thing is that new exploits & modules can be downloaded and added with ease by the release of this version. In 2009 Rapid7 acquired the project and still owns & maintains it. Still, now the basic architecture of Metasploit is not changed & basic versions are free.
Modules & Interfaces
Metasploit Framework comes in a variety of interfaces
- msfconsole – An interactive curses like a shell to do all tasks.
- msfcli – Calls msf functions from the terminal/cmd itself. Doesn’t change the terminal.
- msfgui – the Metasploit Framework Graphical User Interface.
- Armitag – Another graphical tool written in Java to manage pentest performed with MSF.
- Metasploit Community(or above) Web Interface – The web-based interface provided by rapid7 for easy pentesting.
- CobaltStrike – Yet another GUI with some added features for post-exploitation, reporting etc.
An exploit is a method by which the attacker takes advantage of a flaw within a system, service, application etc. The attacker generally uses this to do something with the particular system/service/application which he/she is attacking which the developer/implementer never intended to do. Kind of like misusing. This is the thing which an attacker uses to gain access to a system.
Exploits are always accompanied by payloads.
A payload is the piece of code which is run in the successfully exploited system. After an exploit works successfully, the framework injects the payload through the exploited vulnerability(flaw) and makes it run it within the target system. Thus an attacker gets inside the system or can get data from the compromised system using the payload.
Provides additional functionality like fuzzing, scanning, recon, dos attack etc. Auxiliary scans for banners or OSes fuzzes or does a DOS attack on the target. It doesn’t inject a payload like exploits. Means you won’t be able to gain access to a system using an auxiliary
Encoders are used to obfuscate modules to avoid detection by a protection mechanism such as an antivirus or a firewall. This is widely used when we create a backdoor. The backdoor is encoded (even multiple times) and sent to the victim.
Shellcode is a set of instructions used as a payload when exploitation occurs. Shellcode is typically written in assembly language. In most cases, a command shell or a Meterpreter shell will be provided after the series of instructions have been performed by the target machine, hence the name.
A listener listens for connections from a payload injected into a compromised system.
As the name suggests, these modules are used for post-exploitation. After a system is been compromised, we can dig deeper into the system or set it as a pivot to attack other systems using these modules
Nop is No Operation popularly known for x86 processors. This is related to shellcode & machine language instructions. Briefly, it prevents a program(here the payload) from crashing while using jump statements in its shellcode.
Nops kind of loops the machine language instructions from the beginning if it lands into an invalid memory location after issuing a jump statement. Thus prevents the payload from crashing. This is somewhat of an advanced concept and you must understand shell coding in order to understand & use nops.