System Penetration With Metasploit Framework…version 3.4.0….

July 5, 2010

“The Metasploit Framework is a platform for writing, testing, and using exploit code. The primary users of the Framework are professionals performing penetration testing, shellcode development, and vulnerability research.”

The MSF is not only an environment for exploit development but also a platform for launching exploits on real-world applications. It is packaged with real exploits that can provide real damage if not used professionally. The MSF is an open-source tool and the fact that it provides a simplified method for launching dangerous attacks, has attracted wannabe hackers and script kiddies. I will however, demonstrate the power of the Metasploit Framework in a controlled environment for the purpose of showing the capability of this product.

Operating System: Slackware Linux (BackTrack)

Software:  BackTrack Security Live  CD Version: 2.0 (released March 6, 2007)

Source: http://www.remote-exploit.org/


BackTrack 2 is a bootable Live CD that consists of over 300 security related tools packaged into one customized distribution based on Slackware. Because it is a Live CD, the OS environment is loaded into memory and therefore leaving the hard drive untouched.

Software:  Metasploit Framework Version: 3.0

Source:  Included within BackTrack Security Live

CD or via http://www.metasploit.com/

Software Exploitation attacks have become very common because the amount of damage they can cause. In our attack methodology, I am simply showing the effects of the attack by having the Victim to explicitly navigate to the malicious URL. However, sophisticated attacks require more work, such that we need to persuade the Victim to the malicious URL. We can use Man-in-the-middle attacks to re-direct traffic (if the attacker is local on the Network) or send an e-mail with a URL that looks innocent using HTML.

All in all, this information is for educational purposes. Using Metasploit to launch attacks without any knowledge of what is happening are for script kiddies can get someone in big trouble!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: