Friday, April 25, 2014

Exploitation Through Metasploit

Exploitation is the main part of penetration testing many security professionals’ careers. The ability to gain full control over a targeted machine is a great feeling. Various system and network protections have made it increasingly more difficult to succeed with basic exploits. So we need to know advance exploitation.

In this article, we move into more difficult attack methods, beginning with command-line interfaces to the Metasploit Framework. Most of the attacks and customizations discussed in this article will occur in msfconsole, msfencode, and msfpayload.

Before you begin to exploit systems, we need to understand a few things about penetration testing and exploitation.

Vulnerability Scanning With Metasploit

Vulnerability scanning is part of penetration testing. A vulnerability scanner is an automated program designed to look for weaknesses in computer systems, networks, and applications. There are many vulnerability scanners available for penetration Testing. But here we use Metasploit framework for scanning vulnerability.
 Various operating systems respond differently because of the different networking implementations in use. These unique responses that vulnerability scanner uses to determine the operating system version and even its patch level. A vulnerability scanner can also use a given set of user credentials to log into the remote system and enumerate the software and services to determine whether they are patched.