Académique Documents
Professionnel Documents
Culture Documents
Framework
(PUT YOUR DEFENSES TO THE TEST)
16/12/2015
What is Metasploit?
Metasploit originally developed in Perl by H.D. Moore in 2003
and rewritten in Ruby and acquired by Rapid7 (2009).
What is Metasploit?...
The leading software used by penetration testers around the
world.
A collaboration between the open source community and
Rapid7.
Metasploit software helps security and IT professionals identify:
Security issues,
Verify vulnerability mitigations.
Metasploit Editions
Metasploit
editions
range
from
free edition
to
campaigns,
wizards,
MetaModules,
and
What is a vulnerability?
A vulnerability is a security hole in a piece of software,
hardware or operating system that provides a potential
angle to attack the system.
A vulnerability can be as simple as weak passwords or
as complex as buffer overflows or SQL injection
vulnerabilities.
What is an exploit?
To take advantage of a vulnerability, you often need
an exploit, a small and highly specialized computer
program whose only reason of being is to take
advantage of a specific vulnerability and to provide
access to a computer system.
Exploits often deliver a payload to the target system to
grant the attacker access to the system.
What is a payload?
A payload is the piece of software that lets you control a
computer system after its been exploited. The
payload is typically attached to and delivered by the
exploit.
Just imagine an exploit that carries the payload in its
backpack when it breaks into the system and then
leaves the backpack there.
Payload- Meterpreter
Metasploits most popular payload is called Meterpreter,
which enables you to do all sorts of funky stuff on the
target system.
For example, you can upload and download files from
the system, take screenshots, and collect password
hashes. You can even take over the screen, mouse, and
keyboard to fully control the computer.
Metasploit alternatives
Immunity Canvas (http://www.coresecurity.com/)
Core Impact Pro (http://www.coresecurity.com/)
ExploitPack (http://exploitpack.com/)