Introduction To Metasploit For Penetration Testing
Description
Info
Level: Beginner
Presenter: Eli the Computer Guy
Date Created: April 19, 2013
Length of Class: 24:05
Research Assistance: Nullset Computer Co (http://nullsetcomputerco.com/)
Tracks
Hacking
Prerequisites
None
Purpose of Class
This class gives students an overview as to why Metasploit is an important tool for Penetration Testing and Hacking.
Class Notes
Metasploit is a Framework vs. being a purpose built application. You can build your own tools using it much like you can build new toys with Legos.
Versions for Linux and Windows (And of course is included with Backtrack 5)
Disable AntiVirus and Firewall Software before using Metasploit
Metasploit Terms
Exploit - The way an attacker uses a systems vulnerability
Payload -- Code that is going to be run on attacked system
Shellcode -- payload code that provides an attacker with a Shell interface for compromised system
Module -- A "plugin" for Metasploit to perform specific tasks
Listener -- A component that listens for incoming connections
Interfaces
MSFconsole -- Console environment where you give commands to Metasploit interactively
MSFcli -- Allows you to run Metasploit directly from the command line. This is used to create scripts that call Metasploit to perform specific actions
Armitage -- Free graphical user interface
Metasploit Express and Pro -- Commercial Interfaces that make working with Metasploit more user friendly
You can store collected data into built in Database
PostgreSQL Database created during installation
Corrections
Lab Setup Used in Demonstration
N/A
Study Guides
Metasploit the Penetration Tester's Guide (ISBN: 978-1-59327-288-3)
Pages 7-11, 14, 20-21
Resources
http://www.metasploit.com/
http://www.elithecomputerguy.com/2013/02/08/introduction-to-metasploit-the-basics/