Metasploit Project

Metasploit Project
Metasploit
Metasploit-Community.png

Metasploit Community showing three hosts, two of which were compromised by an exploit
Developer(s) Rapid7 LLC
Stable release 4.1 / October 18, 2011; 25 days ago (2011-10-18)
Development status Active
Operating system Cross-platform
Type Security
License BSD
Website metasploit.com

The Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.

The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework.

Metasploit was created by HD Moore in 2003 as a portable network tool using the Perl scripting language. Later, the Metasploit Framework was then completely rewritten in the Ruby programming language.[1] In addition, it is a tool for third-party security researchers to investigate potential vulnerabilities. On October 21, 2009 the Metasploit Project announced[2] that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.

Like comparable commercial products such as Immunity's Canvas or Core Security Technologies' Core Impact, Metasploit can be used to test the vulnerability of computer systems to protect them, and it can be used to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Since the acquisition of the Metasploit Framework, Rapid7 has added two open core proprietary editions called Metasploit Express and Metasploit Pro.

Metasploit's emerging position as the de facto exploit development framework[3] has led in recent times to the release of software vulnerability advisories often accompanied by a third party Metasploit exploit module that highlights the exploitability, risk, and remediation of that particular bug.[4][5] Metasploit 3.0 (Ruby language) is also beginning to include fuzzing tools, to discover software vulnerabilities, rather than merely writing exploits for currently public bugs. This new avenue has been seen with the integration of the lorcon wireless (802.11) toolset into Metasploit 3.0 in November 2006. Metasploit 4.0 was released in August 2011.

Contents

Metasploit Framework

The basic steps for exploiting a system using the Framework include -

  1. Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 300 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
  2. Checking whether the intended target system is susceptible to the chosen exploit (optional);
  3. Choosing and configuring a payload (code that will be executed on the target system upon successful entry, for instance a remote shell or a VNC server);
  4. Choosing the encoding technique to encode the payload so that the intrusion-prevention system (IPS) will not catch the encoded payload;
  5. Executing the exploit.

This modularity of allowing to combine any exploit with any payload is the major advantage of the Framework: it facilitates the tasks of attackers, exploit writers, and payload writers.

Versions of the Metasploit Framework since v3.0 are written in the Ruby programming language. The previous version 2.7, was implemented in Perl. It runs on all versions of Unix (including Linux and Mac OS X), and also on Windows. It includes two command-line interfaces, a web-based interface and a native GUI. The web interface is intended to be run from the attacker's computer. The Metasploit Framework can be extended to use external add-ons in multiple languages.

To choose an exploit and payload, some information about the target system is needed such as operating system version and installed network services. This information can be gleaned with port scanning and OS fingerprinting tools such as nmap. Vulnerability scanners such as NeXpose or Nessus can detect the target system vulnerabilities. Metasploit can import vulnerability scan data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation.[6]

Metasploit Community Edition

In October 2011, Rapid7 released Metasploit Community Edition, a free, web-based user interface for Metasploit.[7] Metasploit Community is based on the commercial functionality of the paid-for editions with a reduced set of features, including network discovery, module browsing and manual exploitation. Metasploit Community is included in the main installer.

Metasploit Express

In April 2010, Rapid7 released Metasploit Express, an open-core commercial edition for security teams who need to verify vulnerabilities.[8] Built on the Metasploit Framework, it offers a graphical user interface, integrates nmap for discovery, and adds smart bruteforcing as well as automated evidence collection.[9]

Metasploit Pro

In October 2010, Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers.[10] Metasploit Pro includes all features of Metasploit Express and adds web application scanning and exploitation, social engineering campaigns, and VPN pivoting.[11] Metasploit Pro is available as a 7-day trial.[12]

Payloads

Metasploit offers many types of payloads, including:

  • Command shell enables users to run collection scripts or run arbitrary commands against the host.
  • Meterpreter enables users to control the screen of a device using VNC and to browse, upload and download files.

Opcode Database

The Opcode Database is an important resource for writers of new exploits. Buffer overflow exploits on Windows often require precise knowledge of the position of certain machine language opcodes in the attacked program or included DLLs. These positions differ in the various versions and patch-levels of a given operating system, and they are all documented and conveniently searchable in the Opcode Database. This allows one to write buffer overflow exploits which work across different versions of the target operating system.

Shellcode Database

The Shellcode database contains the payloads (also known as shellcode) used by the Metasploit Framework. These are written in assembly language and full source code is available.

See also

Portal-puzzle.svg Free software portal

References

  1. ^ Metasploit History
  2. ^ Rapid7 Acquires Metasploit
  3. ^ Sectools.org survey showing Metasploit as #1 exploit tool
  4. ^ "ACSSEC-2005-11-25-0x1 VMWare Workstation 5.5.0 <= build-18007 GSX Server Variants And Others". December 20, 2005. http://archives.neohapsis.com/archives/vulnwatch/2005-q4/0074.html. 
  5. ^ "Month of Kernel Bugs - Broadcom Wireless Driver Probe Response SSID Overflow". November 11, 2006. http://projects.info-pull.com/mokb/MOKB-11-11-2006.html. 
  6. ^ Metasploit installer download page
  7. ^ Press release "Rapid7 Launches New Metasploit Community Edition for Free and Simple Vulnerability Verification"
  8. ^ Press Release: Rapid7 Takes Penetration Testing Mainstream With Metasploit Express
  9. ^ Metasploit Express product page
  10. ^ Rapid7 Introduces Metasploit Pro - The World’s First Penetration Testing Solution that Achieves Unrestricted Remote Network Access Through Firewalls
  11. ^ Metasploit Pro product page
  12. ^ Metasploit Pro trial registration

Further reading

External links


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Metasploit — Framework Développeur …   Wikipédia en Français

  • Metasploit — Framework Тип компьютерная безопасность …   Википедия

  • Metasploit — Framework ? Información general Género Seguridad Sistema operativo multiplataforma …   Wikipedia Español

  • April Fools Day 2008 — April 1, 2008 was an April Fools Day falling on a Tuesday. In newspapers, magazines and news websites * About.com s Car Reviews posted a fake story that Toyota had announced a new 256 horsepower V6 Prius to accommodate the needs of car buyers… …   Wikipedia

  • H D Moore — (born 1981) is a security researcher who has been active on internet mailing lists since 1998cite web | url = http://marc.info/?l=bugtraq m=91454756930070 w=2 | title = Nlog v1.0 Released ] . H D Moore works as the Director of Security Research… …   Wikipedia

  • Buffer overflow — In computer security and programming, a buffer overflow, or buffer overrun, is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer. The result is that the extra data overwrites adjacent… …   Wikipedia

  • Shellcode — In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called shellcode because it typically starts a command shell from which the attacker can control the compromised …   Wikipedia

  • Windows Metafile vulnerability — The Windows Metafile vulnerability is a security vulnerability in Microsoft Windows NT based operating systems which has been used in a variety of exploits since late December 2005. The vulnerability was first discussed in the computer security… …   Wikipedia

  • SQL injection — A SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website in order to dump the database content to the attacker. SQL injection is a code injection technique that… …   Wikipedia

  • Zero-day attack — This article is about technical vulnerabilities. For other uses, see Zero day (disambiguation). A zero day (or zero hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”