Metasploit Framework (Metasploit Framework, MSF) is an open source tool designed to facilitate the penetration testing, he is the template framework written in the Ruby programming language, has good scalability, ease of penetration testing personnel to develop, use a custom template tool. Almost all popular operating systems support Metasploit Framework Metasploit framework and workflow on these operating systems are basically the same.
Here's the direct use of kali, kali operating system is in use should pay attention to timely update source. Update commands are:
APT- GET Update # source package only updates the index, the role of index information package synchronization source, to perform software updates. APT - GET installed on the system upgrade # upgrade all packages APT - GET . dist-upgrade # linux upgrade the entire system, such as kali1 0 .1 to 1. Upgrading 0.2 .
Metasplot jargon:
msf framework comprised of multiple modules, the following functions:
Auxiliaries (auxiliary module):
This module does not create direct access between the testers and the target host, they are only responsible for the implementation of scanning, sniffing, fingerprint identification and other related functions to aid penetration test.
Exploit (exploit module):
refers to the attacker using a system, application or service security vulnerabilities to attack.
Payload (attack load module):
attack the target system load is what we expect to complete the function of the code that actually attack after penetration attacks.
Post (post-osmosis module):
mainly used in obtaining the target remote control of the system, a series of penetration attacks after the action, such as access to sensitive information, the implementation of springboard attacks.
Encoders (encoding tool module):
mainly responsible for free to kill in order to prevent the killing soft, firewall, IDS and other security software killing.
Metasplot Attack steps:
1. Scan target system, looking for vulnerabilities available.
2. Select and exploit a configuration module
3. Select and configure a load attack module
4. Select a coding technique for bypassing the soft kill killing
5. attack begins.
Msf into the console: msfconsole
PS: Use metasplot first need to connect to the database, the official said, is the best use Postgresql database, of course, also be mysql. After connecting to the database and there is a benefit that the search time will be faster, if not even slower.
Connection configuration:
First start postgersql database:
/etc/init.d/postgresql start
Msf establish a database:
su - postgers createuser msf -P 输入两次密码 createdb --owner=msf msf3 logout
退出以后进入msf控制台:
db_connect msf:msf@127.0.0.1/msf3 # 连接数据库 账号:密码@数据库地址/数据库名 db_status # 查看当前连接的数据库