Saturday, 30 March 2013

Metasploit with backtrack -2



BackTrack is the most popular operating system for security professionals for two reasons. Firstly, it has all the popular penetration testing tools pre-installed in it so it reduces the cost of a separate installation. Secondly, it is a Linux-based operating system which makes it less prone to virus attacks and provides more stability during penetration testing. It saves your time from installing relevant components and tools and who knows when you may encounter an unknown error during the installation process

1. On booting the BackTrack OS, you will be asked to enter the username and password. The default username for the root user is root and the password is toor.

2. On successful login, you can either work over the command line or enter startx to enter in the GUI mode.

3. You can either start the Metasploit framework from the Applications menu or
from the command line. To launch Metasploit from the Applications menu go to
Applications | BackTrack | Exploitation Tools | Network Exploitation Tools |
Metasploit Framework

4. Metasploit follows a simple directory structure hierarchy where the root folder is pentest. The directory further branches to /exploits/framework3. To launch
Metasploit from the command line, launch the terminal and enter the following
command to move to the Metasploit directory:

root@bt:~# cd /pentest/exploits/framework3

root@bt:/pentest/exploits/framework3 ~# ./msfconsole



on No comments:

introduction to metasploit framework -1

Let us start with a quick introduction to the framework and the various terminologies related to Metasploit framework:

Metasploit framework: It is a free, open source penetration testing framework
started by H. D. Moore in 2003 which was later acquired by Rapid7. The current
stable versions of the framework are written using the Ruby language. It has
the world's largest database of tested exploits and receives more than a million
downloads every year. It is also one of the most complex projects built in Ruby
to date.

Vulnerability: It is a weakness which allows an attacker/pen-tester to break
into/compromise a system's security. This weakness can either exist in the
operating system, application software, or even in the network protocols.

Exploit: Exploit is a code which allows an attacker/tester to take advantage of
the vulnerable system and compromise its security. Every vulnerability has its
own corresponding exploit. Metasploit v4 has more than 700 exploits.

Payload: It is the actual code which does the work. It runs on the system after
exploitation. They are mostly used to set up a connection between the attacking
and the victim machine. Metasploit v4 has more than 250 payloads.

Module: Modules are the small building blocks of a complete system. Every module performs a specific task and a complete system is built up by combining several modules to function as a single unit. The biggest advantage of such an architecture is that it becomes easy for developers to integrate a new exploit code and tools into the framework.
on No comments:
Subscribe to: Posts (Atom)