Metasploit Framework is a open source penetration tool used for developing and executing exploit code against a remote target machine it, Metasploit frame work has the world’s largest database of public, tested exploits.

1. METASPLOIT
METASPLOIT FRAMEWORK IS A OPEN SOURCE PENETRATION TOOL
USED FOR DEVELOPING AND EXECUTING EXPLOIT CODE AGAINST A
REMOTE TARGET MACHINE IT, METASPLOIT FRAME WORK HAS THE
WORLD’S LARGEST DATABASE OF PUBLIC, TESTED EXPLOITS.

2. METASPLOIT STRUCTURE

3. METASPLOIT ARCHITECTURE
- FILESYSTEM AND LIBRARIES

4. METASPLOIT ARCHITECTURE
- FILESYSTEM AND LIBRARIES
Metasploit Filesystem
The MSF filesystem is laid out in an intuitive manner and is organized by directory.
• data: editable files used by Metasploit
• documentation: provides documentation for the framework
• external: source code and third-party libraries
• lib: the ‘meat’ of the framework code base
• modules: the actual MSF modules
• plugins: plugins that can be loaded at run-time
• scripts: Meterpreter and other scripts
• tools: various useful command-line utilities
Metasploit Libraries
The MSF libraries help us to run our exploits without having to write additional code for
rudimentary tasks, such as HTTP requests or encoding of payloads.

5. METASPLOIT ARCHITECTURE
- MODULES AND LOCATIONS
Exploits
•Defined as modules that use payloads
•An exploit without a payload is an Auxiliary module
Payloads, Encoders, Nops
•Payloads consist of code that runs remotely
•Encoders ensure that payloads make it to their destination
•Nops keep the payload sizes consistent
Primary Module Tree
•Located under /usr/share/metasploit-framework/modules/
User-Specified Module Tree
•Located under ~/.msf4/modules/
•This location is ideal for private module sets

6. METASPLOIT ARCHITECTURE
- MODULES AND LOCATIONS
Loading Additional Module Trees
Metasploit gives you the freedom to load modules either at runtime or after msfconsole has already been
started. Pass the -m option when running msfconsole to load at runtime:

7. METASPLOIT ARCHITECTURE
- MODULES AND LOCATIONS
If you need to load additional modules after runtime, use the Metasploit loadpath
command from within msfconsole:

8. METASPLOIT ARCHITECTURE
Metasploit Object Model
In the Metasploit Framework, all modules are Ruby classes.
Modules inherit from the type-specific class
The type-specific class inherits from the Msf::Module class
There is a shared common API between modules
Payloads are slightly different.
Payloads are created at runtime from various components
Glue together stagers with stages

9. METASPLOIT FUNDAMENTALS
Msfconsole interface
The msfconsole is probably the most popular interface to the Metasploit Framework (MSF). It provides an “all-
in-one” centralized console and allows you efficient access to virtually all of the options available in the MSF.
Msfconsole may seem intimidating at first, but once you learn the syntax of the commands you will learn to
appreciate the power of utilizing this interface.
Launching msfconsole
The -q option removes the launch banner by starting
msfconsole in quiet mode.

10. METASPLOIT FUNDAMENTALS
Active Exploits
Active exploits will exploit a specific host, run until
completion, and then exit.
Brute-force modules will exit when a shell opens from
the victim.
Module execution stops if an error is encountered.
You can force an active module to the background by
passing ‘-j’ to the exploit comma
Passive Exploits
Passive exploits wait for incoming hosts and exploit them
as they connect.
Passive exploits almost always focus on clients such as
web browsers, FTP clients, etc.
They can also be used in conjunction with email exploits,
waiting for connections.
Passive exploits report shells as they happen can be
enumerated by passing ‘-l’ to the sessions command.
Passing ‘-i’ will interact with a shell.

11. IN SHORT
Vulnerability -A weakness which allows an attacker to break into or compromise a system’s security.
Like the main gate of house with a weak lock (can be easily opened) , a glass window of house(can be easily
broken) etc can be the vulnerabilities in the systems which make it easy for an attacker to break into.
Exploit – Code which allows an attacker to take advantage of a vulnerability system.
The set of different keys which he can try one by one to open the lock , the hammer with him which he can use to
break the glass window etc can be the exploits.
Payload- Actual code which runs on the system after exploitation
Now Finally after exploiting the vulnerability and breaking in , he can have different things to
do. He can Steal Money destroy the things or just can give a look and come back.. Deciding this
is what we mean by setting the Payload.

12. METASPLOIT FUNDAMENTALS
Payload Mean?
A payload in metapsloit refers to an exploit module.
There are three different types of payload modules in the Metasploit Framework: Singles, Stagers, and Stages.
Whether or not a payload is staged, is represented by ‘/’ in the payload name. For example,
“windows/shell_bind_tcp” is a single payload with no stage, whereas “windows/shell/bind_tcp” consists of a stager
(bind_tcp) and a stage (shell).
Singles
Singles are payloads that are self-contained and completely standalone. A Single payload can be
something as simple as adding a user to the target system or running calc.exe.

13. METASPLOIT FUNDAMENTALS
Stagers
Stagers setup a network connection between the attacker and victim and are designed to be small and reliable.
It is difficult to always do both of these well so the result is multiple similar stagers. Metasploit will use the best
one when it can and fall back to a less-preferred one when necessary.
Stages
Stages are payload components that are downloaded by Stagers modules. The various payload stages provide
advanced features with no size limits such as Meterpreter, VNC Injection, and the iPhone ‘ipwn’ Shell.

14. METASPLOIT FUNDAMENTALS
What is Meterpreter?
Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and
is extended over the network at runtime. It communicates over the stager socket and provides a
comprehensive client-side Ruby API. It features command history, tab completion, channels, and more.
Metepreter was originally written by skape for Metasploit 2.x, common extensions were merged for 3.x and is
currently undergoing an overhaul for Metasploit 3.3. The server portion is implemented in plain C and is now
compiled with MSVC, making it somewhat portable. The client can be written in any language but Metasploit
has a full-featured Ruby client API.

15. 1. SELECT A RIGHT EXPLOIT AND THEN SET THE TARGET.
2.VERIFY THE EXPLOIT OPTIONS TO DETERMINE WHETHER THE TARGET SYSTEM IS VULNERABLE TO THE EXPLOIT.
3.SELECT A PAYLOAD
4.EXECUTE THE EXPLOIT.
AFTER GATHERING INFORMATION ABOUT
TARGET SYSTEM

16. Exploiting linux

17. Metasploitable
METASPLOITABLE IS A PURPOSEFULLY VULNERABLE UBUNTU 8.04 IMAGE THAT IS
RUNNING SEVERAL UNPATCHED SERVICES. METASPLOITABLE IS A GREAT PLATFORM TO
PRACTICE AND DEVELOP YOUR PENETRATION TESTING SKILLS ON LINUX.

19. Exploiting samba service

20. Finding version of samba in linux machine using auxilary/scanner module

21. Exploiting linux

22. Reverse connection established!
-Session created.

23. Other exploits you can use:-
• USE EXPLOIT/UNIX/IRC/UNREAL_IRCD_3281_BACKDOOR
• USE EXPLOIT/UNIX/FTP/VSFTPD_234_BACKDOOR
• USE EXPLOIT/MULTI/SAMBA/USERMAP_SCRIPT
• USE EXPLOT/MULTI/HTTP/PHP_CGI_ARG_INJECTION
• USE EXPLOIT/LINUX/MISC/DRB_REMOTE_CODEEXEC

24. Exploits information
• USE EXPLOIT/UNIX/IRC/UNREAL_IRCD_3281_BACKDOOR :- THIS MODULE EXPLOITS MALICIOUS BACKDOOR
THAT WAS PRESENT IN BETWEEN 2009 & 2010 (IT WAS PATCHED AFTER THAT).
• USE EXPLOIT/MULTI/SAMBA/USERMAP_SCRIPT :- IT EXPLOITS VULNERABLITY OF SAMBA VERSION IN 3.0.20 RC3
& 3.0.25RC3
FOR EXPLOITING SAMBA (IN LINUX) USING METASPLOIT :-
1) USE AUXILARY/SCANNER/SMB/SMB_VERSION -- FOR FINDING VERSION OF SAMBA
2) USE AUXILARY/SCANNER/SMB/SMB_ENUMSHARES -- SHOWS SHARING OPTIONS
2) USE AUXILARY/MULTI/SAMBA/USERMAP_SCRIPT – RUNING EXPLOIT, SET RHOST & RPORT & RUN EXLOIT
COMMAND.

25. Thank you