Shulou(Shulou.com)06/02 Report--

This article mainly introduces "the function and common commands of Metasploit". In daily operation, I believe many people have doubts about the role of Metasploit and common commands. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "the role of Metasploit and common commands". Next, please follow the editor to study!

I. the function of Metasploit

Metasploit is an open source penetration testing framework platform. So far, msf has built in thousands of disclosed vulnerability-related modules and penetration testing tools. The modules are written in Ruby language, which enables users to make appropriate modifications to the modules as needed, or even call the test modules written by themselves. After selecting the attack module to be used, you only need to use simple commands to configure some parameters to complete the testing and exploitation of a vulnerability, automating and simplifying the penetration process.

Main functions: vulnerability verification, vulnerability exploitation, intranet penetration, etc.

II. Related terms

Exploit: the attack uses scripts in msf to perform a precise attack or vulnerability verification on the target system.

Payload: attack payload attack payload is a piece of implanted code that causes the target system to run after a successful penetration attack

Listener: after the listener generates a Trojan, it is sent to the victim host, and the rebound Trojan is connected to the local machine.

3. Detailed explanation of Metasploit catalogue

1. Metasploit root directory:

Cd usr/share/metasploit-framework

2. Data directory: some files used in msf attacks, such as dictionary files:

Cd / usr/share/metasploit-framework/data

Wordlists directory: various dictionaries

Expoits directory: dll and executable

3. Scripts directory, which mainly contains some scripts needed for attacks.

Materpreter directory: ruby script

Ps directory: powershell script

Resource directory: rc fil

Shell directory: ruby script

4. Tools directory: a large number of practical tools are stored

Expliot directory: ruby script

Memdump directory: executable file

5. Plugins directory: integrates third-party plug-ins, such as sqlmap, nessus, etc.

6. Modules directory:

Auxiliary vulnerability assist module, mostly used for scanning

Encoders encoder module to encode payloads

Evasion creates Trojan Horse for Anti-virus Software

Exploits attack module to implement precision strike

Payloads vulnerability payload module, usually used to open the control session on the target system for penetration testers to connect nops null command module, the most typical null instruction is null operation and so on.

4. Metasploit common commands

1. Command line startup: msfconsole

2. Show exploits: show all attack modules

3. Show auxiliary: display all auxiliary modules

4. Show payloads: displays the attack payload available to the current module

5. Show options: displays the attack parameters that the module needs to set

6. The search command can be used to retrieve some information about the required modules.

Modules needed for search retrieval

Attack modules needed for search type:exploit retrieval

Auxiliary modules needed for search type:auxiliary retrieval

7. Use uses this module (attack module or auxiliary module)

8. Options: displays the information that needs to be configured

9. Set and unsetset payload use the attack payload

Set sets the parameters required by the module

Unset cancels the value of this parameter

The value of unset-g batch cancel parameter

10. Save uses the save command to save the set parameters, which can be used directly after the next startup

11. Run and exploit attack

At this point, the study of "the role of Metasploit and common commands" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.