Jump to content

Metasploit

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 74.74.204.18 (talk) at 00:49, 8 February 2008 (grammar). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Metasploit Framework
Developer(s)Metasploit LLC
Stable release
Preview release
3.2-dev / January 28, 2008
Repository
Operating systemCross-platform
TypeSecurity
LicenseMetasploit Framework License
Websitewww.metasploit.com

The Metasploit Project is an open source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.

Created using the Perl scripting language, the Metasploit Framework was then completely rewritten in the Ruby programming language. It is most notable for releasing some of the most technically sophisticated exploits to public security vulnerabilities. In addition it is a powerful tool for third party security researchers to investigate potential vulnerabilities.

Like comparable commercial products such as Immunity's CANVAS or Core Security Technologies' Core Impact, Metasploit can be used by administrators to test the vulnerability of computer systems in order to protect them, or by Black Hat hackers and script kiddies to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities.

Metasploit's emerging position as the defacto vulnerability development framework has led in recent times to the release of software vulnerability advisories often accompanied by a third party Metasploit exploit module that highlights the exploitability, risk, and remediation steps of that particular bug.[1][2] Metasploit 3.0 (Ruby language) is also beginning to include fuzzing tools, to discover software vulnerabilities in the first instance, rather than merely writing exploits for currently public bugs. This new avenue has been seen with the integration of the lorcon wireless (802.11) toolset into Metasploit 3.0 in November, 2006.

Metasploit Framework

The basic steps for exploiting a system using the Framework include -

  1. Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 200 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
  2. Checking whether the intended target system is susceptible to the chosen exploit (optional);
  3. Choosing and configuring a payload (code that will be executed on the target system upon successful entry, for instance a remote shell or a VNC server);
  4. Choosing the encoding technique to encode the payload so that the Intrusion-prevention system will not catch the encoded payload; and
  5. Executing the exploit.

This modularity of allowing to combine any exploit with any payload is the major advantage of the Framework: it facilitates the tasks of attackers, exploit writers, and payload writers.

The current stable version of the Metasploit Framework is v3.1 and is written in the Ruby programming language. The previous version 2.7, was implemented in Perl. It runs on all versions of Unix (including Linux and Mac OS X), and also on Windows using the Cygwin framework. It includes two command line interfaces and a web-based interface. The web interface is intended to be run from the attacker's computer; a demo version can be tried out at http://www.metasploit.com:55555. The Metasploit Framework can be extended to use external add-ons in multiple languages.

To choose exploit and payload, some information about the target system is needed such as operating system version and installed network services. This information can be gleaned with port scanning and OS fingerprinting tools such as nmap. Nessus can in addition detect the target system's vulnerabilities.

Opcode Database

The Opcode Database is an important resource for writers of new exploits. Buffer overflow exploits on Windows often require precise knowledge of the position of certain machine language opcodes in the attacked program or included DLLs. These positions differ in the various versions and patch-levels of a given operating system, and they are all documented and conveniently searchable in the Opcode Database. This allows to write buffer overflow exploits which work across different versions of the target operating system.

Shellcode Database

The Shellcode database contains the payloads (also known as shellcodes) used by the Metasploit Framework. These are written in assembly language and full source code is available.

Trivia

  • The Metasploit Project began as a portable network game.
  • The Metasploit website was started in the summer of 2003.

Notable Contributors

The Metasploit Framework is run as a loosely open source project (see further the Framework v3.1 License), with high quality and relevant code contributions accepted on an ad-hoc basis. For the majority, third party contributions are for specific exploits or exploitation techniques.

A list of contributors is below:

  • H. D. Moore (Primary author)
  • Matt Miller (Skape)
  • spoonm
  • y0
  • Kevin Finisterre
  • David Litchfield
  • Brian Caswell
  • Alexander Sotirov (Solar Eclipse)
  • Rhys Kidd
  • Pusscat
  • Nicolas Pouvesle
  • Lance M. Havok (LMH)
  • Jacopo Cervini (acaro)
  • TheSamurai
  • Ramon de Carvalho Valle (RISE Security)

References

  1. ^ "ACSSEC-2005-11-25-0x1 VMWare Workstation 5.5.0 <= build-18007 GSX Server Variants And Others". December 20, 2005. {{cite news}}: Check date values in: |date= (help)
  2. ^ "Month of Kernel Bugs - Broadcom Wireless Driver Probe Response SSID Overflow". November 11, 2006. {{cite news}}: Check date values in: |date= (help)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Metasploit&oldid=189854457"