Metasploit



I had hoped to do an article on metasploit in the not too distant future, but not as early as tonight…. However, I’ve made a couple of references to it in previous posts which, well, it would be nice if I’d already given a bit of information about metasploit in general. For starters, metasploit is considered a “framework” for exploit modules and payload modules. Much like real weapons, knives, guns…. there are good uses and there are bad uses. It can be used by a network/security auditor to check for vulnerable systems. It could also be used by a cracker to exploit systems remotely. There’s a fine line.


In recent days, there’s been some controversy (and this will always be…) over metasploit’s handling of a new variation on the wmf exploit. This new improved exploit was released for the metasploit framework before a patch was available and in many people’s view that is just irresponsible. However, one point of view is that the tool is available to anyone, defender or attacker and that has made it an open process. It’s certainly better that the exploit is open and known as opposed to it requiring reverse engineering to see how it works…

Metasploit, once downloaded, can be updated from the command line via msfupdate, or it can be run from the command line or in an interactive shell. I’ve found the web interface most useful. That can be started by running msfweb. Metasploit is then found by opening http://localhost:55555 in a browser window.

It’s important to know where the fine line is… vulnerability testing of any sort is something that should be done ONLY on machines that you control and own, and if it’s a network based scan it should be done with permission from someone in authority over that network, or only on your own network.

If you’re curious about these things and want something to test with, use a virtual machine like qemu, or set up a home network and learn on your own equipment!

I’ve been using the web interface of the metasploit framework as well as online samples of the WMF exploit to test a couple of virtual machines. (Primarily a Win98 SE VM). In the case of this testing, you can use it on a LAN to test for vulnerable machines. Select the current WMF exploit from the list on the main page, select the default target, (2000, XP, Vista), for payload you would probably want command execution (win32_exec) and choose a safe program like calc.exe (give the full path.) Then you can open up the web browser on the machines to be tested to the lan machine hosting metasploit (and make sure to add the port number that the exploit is being served on.) If calc.exe runs (assuming you’ve given correct naming and path information and you’ve done everything else right), you’re vulnerable.

It’s very easy to do, especially through the web interface. Some would say too easy. Know where the fine line is….

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft's quick response to network worms.... This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have......
  • Version 2 of the WMF exploit vs Windows 98 SE Ok, I wasn't quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that's now up to 4 or 5 days or so... Windows 98 is listed as being vulnerable, but there are no patches or workarounds currently available for......
  • Network Security - Hub or Switch? So, for those that have a little bit of knowledge about network hardware, you've probably heard this. "You can't sniff switched networks".... wrong.... let's see what this is about. Older networking hardware was dominated by what's called a hub. This was basically a "dumb" device that when it received data,......
Blog Traffic Exchange Related Websites
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site