Having recently blogged about the world’s most scary pentest tools we thought we should write something about the importance of learning the Metasploit Framework for penetration testers.
Metasploit is an incredibly good framework and if your new to the world of penetration testing then we’d certainly recommend this tool. The reason for this is because Metasploit is a framework and not a specific application. That basically means that as a framework the user can build their own specific tools that can be used for specific tasks. For example, if you wanted to test for vulnerabilities in particular operating systems, then that would work just fine using Metasploit Framework.
There are several versions of Metasploit – both free and paid (which I guess is the freemium and premium model). The free version works just great – which you can get here (although the framework is also available in Windows we’d recommend that you learn the program within a Linux environment, or better still, a Linux penetration testing distro). The reason that Metasploit is free is presumably to give users a taste for what is obtainable in the feature-packed Metasploit Express which costs a whopping $5,000. Metasploit Express is obviously aimed at the professional pentester (by the way that $5,000 fee is price per user per year).
Windows and Metasploit
If you are using Windows, don’t forget to turn off your anti-virus and firewall software because Metasploit will resemble a virus to your firewall. Also, if you are using Metasploit within a virtual machine environment make sure that the network connection is bridged to the outside network. Metasploit grabs and scans everything you ask it to on your, and others network, so it needs to be allowed to access the correct network.
Here are some terms that you need to understand if you are using Metasploit:
Term 1 – System exploitation – the root term behind meta ‘sploit’ – i.e. exploitation
This term means that you are trying to exploit a vulnerability in a system, machine or network. This means that basically you are trying to look in a network and find a computer that has a hole (backdoor) which could be compromised.
Term 2 – Payload – think of this like a fighter jet unleashing a weapon with a payload!
A big thing about Metasploit is that it not only scans but it also collects information regarding systems that can be exploited – and then – executes code within a compromised system. In summary, this term implies injecting code that is bundled within a payload. Once a payload has been unleashed then the hacker or penetration tester can run commands and actions. The objective should be to plant a big enough payload that can facilitate the creation of a a shell code. A shell is a command interface which essentially gives the user complete control over a compromised machine.
Since Metasploit is a framework the user can create their own code and scripts but – don’t worry if you don’t know how to code since many modules have already been created. All Metasploit modules are very specific to perform specific tasks , so to run network scanning, ARP poisoning, packet sniffing etc, a module has very likely already been created.
Term 3 – Listening – get in touch with your female side and be a good listener!
Metasploit is patient and a great listener. Metasploit, like Wireshark in fact, is very good at listening to incoming connections. Worth noting that in the hacking world, things don’t move very fast, a dedicated hacker can spend months working out their best strategy and attack vectors. Research is obviously vital to any attack. PunkSPIDER and SHODAN would be two examples of services that a penetration tester could use prior to opening up Metasploit. Both PunkSPIDER and SHODAN act almost like search engines with the difference in that these engines look for server information and vulnerabilities. Metasploit could be deployed to open any half closed doors.
There are a couple of interfaces that can be used. The first option is the the MSFconsole which is the hackers preferred method or most puritanical way of using Metasploit. The other more friendly approach to using Metasploit is to use Armitage.
Metasploit Database – specific to the user’s requirements
One of the things that makes Metasploit unique, and a must for anyone interested in learning the skills of pentesting or hacking, is that the program/ framework can record data in its’ own internal database, i.e. on your system. Why is this good? Simply said it just organizes your work flow. You can set up the system so that tasks are spread as thin as possible to minimize the chances of being detected.
Let us know what you think. Do you agree with us on the above main points about using Metasploit? We have blogged about nmap and
offer an nmap training course if you are interested.