Metasploit



I had hoped to do an article on metasploit in the not too distant future, but not as early as tonight…. However, I’ve made a couple of references to it in previous posts which, well, it would be nice if I’d already given a bit of information about metasploit in general. For starters, metasploit is considered a “framework” for exploit modules and payload modules. Much like real weapons, knives, guns…. there are good uses and there are bad uses. It can be used by a network/security auditor to check for vulnerable systems. It could also be used by a cracker to exploit systems remotely. There’s a fine line.


In recent days, there’s been some controversy (and this will always be…) over metasploit’s handling of a new variation on the wmf exploit. This new improved exploit was released for the metasploit framework before a patch was available and in many people’s view that is just irresponsible. However, one point of view is that the tool is available to anyone, defender or attacker and that has made it an open process. It’s certainly better that the exploit is open and known as opposed to it requiring reverse engineering to see how it works…

Metasploit, once downloaded, can be updated from the command line via msfupdate, or it can be run from the command line or in an interactive shell. I’ve found the web interface most useful. That can be started by running msfweb. Metasploit is then found by opening http://localhost:55555 in a browser window.

It’s important to know where the fine line is… vulnerability testing of any sort is something that should be done ONLY on machines that you control and own, and if it’s a network based scan it should be done with permission from someone in authority over that network, or only on your own network.

If you’re curious about these things and want something to test with, use a virtual machine like qemu, or set up a home network and learn on your own equipment!

I’ve been using the web interface of the metasploit framework as well as online samples of the WMF exploit to test a couple of virtual machines. (Primarily a Win98 SE VM). In the case of this testing, you can use it on a LAN to test for vulnerable machines. Select the current WMF exploit from the list on the main page, select the default target, (2000, XP, Vista), for payload you would probably want command execution (win32_exec) and choose a safe program like calc.exe (give the full path.) Then you can open up the web browser on the machines to be tested to the lan machine hosting metasploit (and make sure to add the port number that the exploit is being served on.) If calc.exe runs (assuming you’ve given correct naming and path information and you’ve done everything else right), you’re vulnerable.

It’s very easy to do, especially through the web interface. Some would say too easy. Know where the fine line is….

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft's quick response to network worms.... This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have......
  • List of Open Source software Packages The following is long, but likely not complete. This is a list of open-source software packages: Computer software licensed under an open-source license. Software that fits the Free software definition may be more appropriately called free software; the GNU project in particular objects to their works being referred to as......
  • Network Security - Hub or Switch? So, for those that have a little bit of knowledge about network hardware, you've probably heard this. "You can't sniff switched networks".... wrong.... let's see what this is about. Older networking hardware was dominated by what's called a hub. This was basically a "dumb" device that when it received data,......
Blog Traffic Exchange Related Websites
  • D-Link Announced 2 new 2-Bay Network Storage Devices Two new Network Storage Devices from D-Link D-Link today announced that its ShareCenter® 2-Bay Network Storage devices, the DNS-320 and DNS-325, are now available. Building off of the successful DNS-321 and DNS-323, the new DNS-320 and DNS-325 provide centralized storage, enabling consumers to easily share documents, files and digital media......
  • Technorati Tracks Blog Traffic Exchange Effect Technorati is a online website community that is focused specifically on weblogs, and it can be extremely beneficial to register your blog with Technorati. Knowing how you can benefit from everything that Technorati has to offer is an important first step in getting the most out of your web presence.......
  • No Cost Traffic Generator Data Increasing the free web traffic for your website enables you to make more cash through ads. But this is reason why webmasters are searching for your best tips and trick which help them into build the traffic on their websites. Can there be any such web traffic generator program which......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site