Scribd Logo
Importer

Bienvenue sur Scribd !

  • 3 Introduction To Metasploit Framework

    Transféré par

    18218
    96 vues14 pages
    Metasploit is a penetration testing framework originally developed in 2003 that is now maintained by Rapid7. It contains a large database of exploits and payloads that allow security professionals to identify vulnerabilities and verify mitigations. The framework can be accessed via command line while commercial editions include a user interface and additional features like task chains and reporting. Metasploit's most popular payload is Meterpreter which enables full control of compromised systems by allowing file transfer, password harvesting, and remote control capabilities.

    Description originale:

    pai fello la weyh n

    Titre original

    3 Introduction to Metasploit Framework

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PPTX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Metasploit is a penetration testing framework originally developed in 2003 that is now maintained by Rapid7. It contains a large database of exploits and payloads that allow security professionals to identify vulnerabilities and verify mitigations. The framework can be accessed via command line while commercial editions include a user interface and additional features like task chains and reporting. Metasploit's most popular payload is Meterpreter which enables full control of compromised systems by allowing file transfer, password harvesting, and remote control capabilities.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    96 vues14 pages

    3 Introduction To Metasploit Framework

    Transféré par

    18218
    Metasploit is a penetration testing framework originally developed in 2003 that is now maintained by Rapid7. It contains a large database of exploits and payloads that allow security professionals to identify vulnerabilities and verify mitigations. The framework can be accessed via command line while commercial editions include a user interface and additional features like task chains and reporting. Metasploit's most popular payload is Meterpreter which enables full control of compromised systems by allowing file transfer, password harvesting, and remote control capabilities.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PPTX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 14

    Introduction to Metasploit

    Framework
    (PUT YOUR DEFENSES TO THE TEST)

    16/12/2015

    What is Metasploit?
    Metasploit originally developed in Perl by H.D. Moore in 2003
    and rewritten in Ruby and acquired by Rapid7 (2009).

    What is Metasploit?...
    The leading software used by penetration testers around the
    world.
    A collaboration between the open source community and
    Rapid7.
    Metasploit software helps security and IT professionals identify:
    Security issues,
    Verify vulnerability mitigations.

    The Metasploit Project host the worlds largest public


    database of quality-assured exploits.

    Metasploit Editions
    Metasploit

    editions

    range

    from

    free edition

    to

    professional enterprise editions, all based on the


    Metasploit Framework.

    What are some of the differences between


    the framework and the commercial editions?
    The commercial editions include a user interface whereas
    the framework can only be accessed from the command
    line.

    The commercial editions include tons of features that are


    not available in the framework, such as task chains, social
    engineering
    reports.

    campaigns,

    wizards,

    MetaModules,

    and

    What is a vulnerability?
    A vulnerability is a security hole in a piece of software,
    hardware or operating system that provides a potential
    angle to attack the system.
    A vulnerability can be as simple as weak passwords or
    as complex as buffer overflows or SQL injection
    vulnerabilities.

    What is an exploit?
    To take advantage of a vulnerability, you often need
    an exploit, a small and highly specialized computer
    program whose only reason of being is to take
    advantage of a specific vulnerability and to provide
    access to a computer system.
    Exploits often deliver a payload to the target system to
    grant the attacker access to the system.

    What is a payload?
    A payload is the piece of software that lets you control a
    computer system after its been exploited. The
    payload is typically attached to and delivered by the
    exploit.
    Just imagine an exploit that carries the payload in its
    backpack when it breaks into the system and then
    leaves the backpack there.

    Payload- Meterpreter
    Metasploits most popular payload is called Meterpreter,
    which enables you to do all sorts of funky stuff on the
    target system.
    For example, you can upload and download files from
    the system, take screenshots, and collect password
    hashes. You can even take over the screen, mouse, and
    keyboard to fully control the computer.

    Metasploit alternatives
    Immunity Canvas (http://www.coresecurity.com/)
    Core Impact Pro (http://www.coresecurity.com/)
    ExploitPack (http://exploitpack.com/)

    Vous aimerez peut-être aussi