Common tools for penetration testing-Metasploit

Others 2020-04-15 17:38:18 views: null

Metasploit is a free, downloadable framework that allows you to easily obtain, develop, and
attack computer software vulnerabilities. It comes with hundreds of professional-level vulnerability attack tools for known software vulnerabilities. When HD Moore
released Metasploit in 2003, the computer security situation was permanently changed. As if overnight,
anyone can become a hacker, and everyone can use attack tools to attack vulnerabilities that have not been patched or have just been
patched. Software vendors can no longer postpone the release of patches for published vulnerabilities because the Metasploit
team has been working hard to develop various attack tools and contribute them to all Metasploit users.
Metasploit was originally designed to be an attack tool development platform. However, in the current situation, security experts
and amateur security enthusiasts use it more as a kind of mouse click to use the attack tool included in it.
Gong attack environment.

Common module application: Collection of common modules of Metasploit

Post-penetration module application: Metasploit post-penetration command

classification

[Exploits] Use classification, mainly store some overflow exploit modules
[auxiliary] This category is an auxiliary module, mainly stores scanning blasting, etc.
[payloads] This category is a backdoor module, which mainly carries the control of the victim machine after successful exploitation of the vulnerability
[encoders 】 This classification is an encoding module, encoding malicious code can bypass anti-software
feature code killing [nops] This classification is a null character module, in the era of remote control software such as gray pigeons, anti-software is relatively backward, mostly
Sign code to match whether it is malware, feature code positioning, and blank character filling became the mainstream anti-kill methods at the time.

Insert picture description here

The msf path
/ usr / share / metasploit-framework
mainly includes data, tools, plugins, and scripts. Generally, msfupdate is used to update the attack module.
Insert picture description here

Dictionary path
/ usr / share / metasploit-framework / data / wordlists
Insert picture description here
script path
/ usr / share / metasploit-framework / scripts /
Insert picture description here

Insert picture description here

msf various module paths
/ usr / share / metasploit-framework / modules

Insert picture description here
Insert picture description here
It ’s all source code, and I wo n’t.
Insert picture description here

Examples

Insert picture description here

Insert picture description here

_abcdef
Published 70 original articles · praised 17 · visits 6691
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_38626043/article/details/104379662
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com