Penetration testing framework-introduction to Metasploit

Others 2021-01-25 14:52:04 views: null

Introduction to MSF Framework

Introduction to MSF

Abbreviation for The Metasploit Framework. MSF is highly modular, that is, the framework consists of multiple modules. It is the most popular tool in the world. It is an open source security vulnerability exploitation and testing tool that integrates common overflow vulnerabilities and popular shellcodes on various platforms, and is continuously updated. Metasploit covers the whole process of penetration testing. You can use existing ones under this framework Payload conducts a series of penetration tests.

kali-MSF framework directory path

       /usr/share/metasploit-framework/

Insert picture description here

MSF directory structure

data: Editable files containing binary files required by Metasploit to store certain vulnerabilities, word lists, images, etc.
documentation: Contains the available documentation for the framework.
lib: Metasploit library folder.
plugins: Plug-ins used to store metasploit.
scripts: used to store metasploit scripts, including meterpreter and other scripts.
tools: Store a variety of command line utilities.
modules: store metasploit module files

modules module

Auxiliary: auxiliary module, auxiliary penetration (port scanning, login password blasting, vulnerability verification, etc.)
exploits: vulnerability exploitation module, including mainstream exploit scripts, usually to exploit certain targets that may have vulnerabilities. Naming rules: operating system/various application protocol classification
payloads: attack payload, mainly the code executed on the target machine after the attack is successful, such as the code of the
reverse shell post: post-penetration stage module, after the exploit is successfully obtained the meterpreter, send to the target Some functional commands, such as: lifting weights, etc.
encoders: encoder module, comprising mainly various coding tools, to encrypt payload encoded, so as to bypass intrusion detection and filtration system (firewall)
Evasion: avoidance module to generate free Kill payload
nops: Because IDS/IPS will check irregular data in the data packet, in some cases, such as for overflow attacks, certain special sliding strings (NOPSx90x90...) will be intercepted and cause the attack to fail.
Insert picture description here

MSF architecture

Insert picture description here

MSF update

msfconsole -v  #查看MSF版本

apt-get update

apt-getinstall metasploit-framework #更新整个MSF

Note: You can also update part of the MSF plug-ins, but it is not as convenient as the overall update of MSF and is not recommended.
Insert picture description here

Guess you like

Origin blog.csdn.net/weixin_47731659/article/details/112723520
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com