Filesystem And Libraries• lib: the meat of the framework code base• data: editable files used by Metasploit• tools: various useful command-line utilities• modules: the actual MSF modules• plugins: plugins that can be loaded at run-time• scripts: Meterpreter and other scripts• external: source code and third-party libraries Courtesy http://www.offensive-security.com/metasploit-unleashed
msfconsole• It is the only supported way to access most of the features within Metasploit.• Provides a console-based interface to the framework• Contains the most features and is the most stable MSF interface• Full readline support, tabbing, and command completion• Execution of external commands in msfconsole is possible: Courtesy http://www.offensive-security.com/metasploit-unleashed
Exploit ModulesConfused how to explain technically? Courtesy http://www.sunpacmortgage.com
SET(Social Engineering Toolkit)• Weakest link in the information security chain is the natural human willingness to accept someone at their word.• SET focuses on attacking the human element• Develop in python• Very easy to use• Utilize Metaspolit Framework on Backend
What next after getting a Shell?• One can run the command supported by command prompt/shell.• So what extra bit control needed to en-cash the opportunity?
Meterpreter• Meta Interpreter• Post exploitation payload(tool)• Uses in-memory DLL injection stagers• Can be extended over the run time• Encrypted communication
What can be done?• Command execution• File Upload/Download• Process migration• Log Deletion• Privilege escalation• Registry modification• Deleting logs and killing antivirus• Backdoors and Rootkits• Pivoting• …..etc.