Metasploit is
written in Ruby!! Metasploit is case-insensitive!!
In Kali Linux, Metasploit is provided in the metasploit-framework package and is installed in the /usr/share/metasploit-framework directory.
In Kali Linux, Metasploit is provided in the metasploit-framework package and is installed in the /usr/share/metasploit-framework directory.
Data:
The data
directory contains editable files used by Metasploit to store
binaries required for certain exploits, wordlists, images, and more.
Documentation:
Documentation:
As its name
suggests, the documentation
directory contains the available documentation for the framework.
Lib:
Lib:
The lib
directory contains the ‘meat’ of the framework code base.
Modules:
Modules:
The modules
directory is where you will find the actual MSF modules for exploits,
auxiliary and post modules, payloads, encoders, and nop generators.
Plugins:
Plugins:
Metasploit includes many plugins,
which you will find in this directory.
Scripts:
Scripts:
The scripts
directory contains Meterpreter and other scripts.
Tools:
Tools:
The tools
directory has various useful command-line utilities.
Metasploit
Libraries:
There are a number of MSF libraries that allow us to run our exploits
without having to write additional code for rudimentary tasks, such
as HTTP requests or encoding of payloads. Some of the most important
libraries are outlined below.
Rex:
*
The basic library for most tasks
* Handles sockets,
protocols, text transformations, and others
* SSL, SMB, HTTP,
XOR, Base64, Unicode
Msf::Core:
* Provides the
‘basic’ API
* Defines the
Metasploit
Framework
Msf::Base:
* Provides the
‘friendly’ API
* Provides
simplified APIs for use in the Framework
Metasploit
Modules and Locations:
Almost all of your
interaction with Metasploit will be through its many modules,
which it looks for in two locations. The first is the primary module
store under /usr/share/metasploit-framework/modules/
and the second, which is where you will store custom modules, is
under your home directory at ~/.msf4/modules/.
All Metasploit modules are organized
into separate directories, according to their purpose. An basic
overview of the various types of Metasploit modules is shown below.
In the Metasploit Framework, exploit
modules are defined as modules that use payloads.
Auxiliary modules
include port scanners, fuzzers, sniffers, and more.
Payloads, Encoders, Nops:
Payloads consist of
code that runs remotely, while encoders ensure that
payloads make it to their destination intact. Nops
keep the payload sizes consistent across exploit attempts.
Loading Additional Module Trees:
Metasploit gives you the option to
load modules either at runtime or after msfconsole has already
been started. Pass the -m
option when running msfconsole to load additional modules at
runtime:
If you need to load additional modules
from with msfconsole, use the loadpath
command:A Quick Diversion into Ruby:
* Every Class only has one parent
* A class may include many Modules
* Modules can add new methods
* Modules can overload old methods
* Metasploit modules inherit Msf::Module and include mixins to add features.
Metasploit Mixins and Plugins:
Mixins are quite simply, the reason why Ruby rocks.
* Mixins include one class into another
* This is both different and similar to inheritanc
* Mixins can override a class’ methods
Mixins can add new features and allows modules to have different ‘flavors’.
* Protocol specific (HTTP, SMB)
* Behaviour-specific (brute force)
* connect() is implemented by the TCP mixin
* connect() is then overloaded by FTP, SMB and others
Mixins can change behavior.
* The scanner mixin overloads run()
* Scanner changes run() for run_host() and run_range
* It calls these in parallel based on the THREADS setting
* The BruteForce mixin is similar
Plugins work directly with the API.
* They manipulate the framework as a whole
* Plugins hook into the event subsystem
* They automate specific tasks that would be tedious to do manually
Plugins only work in the msfconsole.
* Plugins can add new console commands
* They extend the overall Framework functionality