Ads 468x60px

Sport News


පහත ඇති "Like" Button එක ක්ලික් කර ඔබත් අදම අපේ Facebook Fan කෙනෙකු වන්න

Powered By Tricks Lanka


Wednesday, December 7, 2011


The Metasploit Framework is a platform for developing, testing, and using exploit code. The Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research. The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

Metasploit was created in 2003 as a portable network game using the Perl scripting language. Later, the Metasploit Framework was then completely rewritten in the Ruby programming language. It is most notable for releasing some of the most technically sophisticated exploits to public security vulnerabilities. In addition, it is a powerful tool for third party security researchers to investigate potential vulnerabilities.

Like comparable commercial products such as Immunity's CANVAS or Core Security Technologies Core Impact, Metasploit can be used by administrators to test the vulnerability of computer systems in order to protect them, or by Black Hat hackers and script kiddies to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Metasploit Framework

The basic steps for exploiting a system using the Framework include -

1. Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 300 different exploits for Windows, Unix/Linux and Mac OS X systems are included);

2. Checking whether the intended target system is susceptible to the chosen exploit (optional);

3. Choosing and configuring a payload (code that will be executed on the target system upon successful entry, for instance a remote shell or a VNC server);

4. Choosing the encoding technique to encode the payload so that the Intrusion-prevention system will not catch the encoded payload;

5. Executing the exploit.
This modularity of allowing combining any exploit with any payload is the major advantage of the
Framework: it facilitates the tasks of attackers, exploit writers, and payload writers.


In my upcoming article i will post about hacking with metasploit.

0 ප්‍රතිචර:

Post a Comment


ඉතිං එහෙනම් කමෙන්ට එකක් දාලා යමු නෙද?