World Library  
Flag as Inappropriate
Email this Article

Metasploit

Article Id: WHEBN0004010130
Reproduction Date:

Title: Metasploit  
Author: World Heritage Encyclopedia
Language: English
Subject: Script kiddie, VxWorks, White hat (computer security), Grey hat, Penetration test, Shikata ga nai, Hacker (computer security), Dynamic-link library, William Genovese, Red team
Collection:
Publisher: World Heritage Encyclopedia
Publication
Date:
 

Metasploit

Metasploit
Developer(s) Rapid7 LLC
Stable release 4.5 / May 1, 2013 (2013-05-01)
Development status Active
Operating system Cross-platform
Type Security
License Framework: BSD,[1] Community/Express/Pro: Proprietary
Website

The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.

Its best-known sub-project is the open source[1] Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.

The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

History

Metasploit was created by HD Moore and HD Edna Elizabeth Low in 2003 as a portable network tool using the Perl programming language. Later, the Metasploit Framework was completely rewritten in the Ruby programming language.[2] On October 21, 2009, the Metasploit Project announced[3] that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.

Like comparable commercial products such as Immunity's Canvas or Core Security Technologies' Core Impact, Metasploit can be used to test the vulnerability of computer systems or to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Since the acquisition of the Metasploit Framework, Rapid7 has added two open core proprietary editions called Metasploit Express and Metasploit Pro.

Metasploit's emerging position as the de facto exploit development framework[4] led to the release of software vulnerability advisories often accompanied by a third party Metasploit exploit module that highlights the exploitability, risk and remediation of that particular bug.[5][6] Metasploit 3.0 began to include fuzzing tools, used to discover software vulnerabilities, rather than just exploits for known bugs. This avenue can be seen with the integration of the lorcon wireless (802.11) toolset into Metasploit 3.0 in November 2006. Metasploit 4.0 was released in August 2011.

Metasploit Framework

The basic steps for exploiting a system using the Framework include:

  1. Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
  2. Optionally checking whether the intended target system is susceptible to the chosen exploit;
  3. Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server);
  4. Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload;
  5. Executing the exploit.

This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers and payload writers.

Metasploit runs on Unix (including Linux and Mac OS X) and on Windows. It includes two command-line interfaces, a web-based interface and a native GUI. The web interface is intended to be run from the attacker's computer. The Metasploit Framework can be extended to use add-ons in multiple languages.

To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with port scanning and OS fingerprinting tools such as Nmap. Vulnerability scanners such as Nexpose or Nessus can detect target system vulnerabilities. Metasploit can import vulnerability scan data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation.[7]

Metasploit Editions

Rapid7 has four different versions of metasploit.[8]

Metasploit Framework Edition

The free version. It contains a command line interface, third-party import, manual exploitation and manual brute forcing.[8]

Metasploit Community Edition

In October 2011, Rapid7 released Metasploit Community Edition, a free, web-based user interface for Metasploit. Metasploit Community is based on the commercial functionality of the paid-for editions with a reduced set of features, including network discovery, module browsing and manual exploitation. Metasploit Community is included in the main installer.

Metasploit Express

In April 2010, Rapid7 released Metasploit Express, an open-core commercial edition for security teams who need to verify vulnerabilities. It offers a graphical user interface, integrates nmap for discovery, and adds smart bruteforcing as well as automated evidence collection.

Metasploit Pro

In October 2010, Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers. Metasploit Pro includes all features of Metasploit Express and adds web application scanning and exploitation, social engineering campaigns and VPN pivoting.

Payloads

Metasploit offers many types of payloads, including:

  • Command shell enables users to run collection scripts or run arbitrary commands against the host.
  • Meterpreter enables users to control the screen of a device using VNC and to browse, upload and download files.

Opcode Database

The Opcode Database is an important resource for writers of new exploits. Buffer overflow exploits on Windows often require precise knowledge of the position of certain machine language opcodes in the attacked program or included DLLs. These positions differ in the various versions and patch-levels of a given operating system, and they are all documented and conveniently searchable in the Opcode Database. This allows coders to write buffer overflow exploits that work across different versions of the target

Shellcode Database

The Shellcode database contains the payloads (also known as shellcode) used by the Metasploit Framework. These are written in assembly language. Full source code is available.

Notable Contributors

Metasploit Framework operates as vaguely open-source project (see license), high quality and where code contributions accepted piecemeal. For the majority of the contributions are for specific performances or operating techniques.

List of contributors:

  • H. D. Moore (Primary Author) 
  • Matt Miller (Skape)    
  • spoonm  
  • horizon    
  • samushack (SecTools)    
  • Kevin Finisterre
  • David Litchfield
  • Brian Caswell    
  • Alexander Sotirov (Solar Eclipse)    
  • Rhys Kidd    
  • y0   
  • Ramon de Carvalho Valle (RISE Security)    
  • Pusscat    
  • Nicolas Pouvesle    
  • Lance M. Havok (LMH)    
  • Jacopo Cervini (acaro)    
  • TheSamurai    
  • Youvirus dk     
  • !m0Nk3y_

See also

Computer Security portal
Computing portal
Free software portal

References

Further reading

  • Powerful payloads: The evolution of exploit frameworks, searchsecurity.com, 2005-10-20
  • Chapter 12: Writing Exploits III from Sockets, Shellcode, Porting & Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals by James C. Foster (ISBN 1-59749-005-9). Written by Vincent Liu, chapter 12 explains how to use Metasploit to develop a buffer overflow exploit from scratch.
  • HackMiami Pwn-Off Hack-A-Thon review of Metasploit Express

External links

  • Metasploit Community – The Official Metasploit online community
  • Metasploit Unleashed – Mastering The Framework
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.