Most of us who have used Metasploit find it an amazing tool for doing a variety of tasks which we
perform during the pen-test activities. However, there is another way to use the tool.
The purpose of this document is not to show how to use Metasploit tool there are enormous amount of
sources available to do that but to show you how to look deeper into the code and try to decipher how
the various classes and modules hang together to produce the various functions we love to use. In
doing so we will learn how the exploit framework could be structured, how the interaction between the
attacker and the exploited vulnerability could be achieved and how the user can extend the
functionality of Metasploit.
Seeing how the various components of Metasploit are connected together will enable us to develop our
own targeted exploits.
We will start with the Setup section which describes the tools required to follow the analysis of
Metasploits architecture. Before digging deeper into the code we will discuss the exploit metamodel
which provides the context for rest of the document. For the analysis part we start with investigation of
msfconsole initialisation then proceed to analyse the use, set and the exploit commands. The final
section is on Meterpreter component architecture and we close with discussion on Railgun.
Only prerequisite required is some programming skills and knowledge of object orientated design
would be a major benefit. Ruby skill aren’t essential, actually the document could be used to learn
some of the interesting aspects of Ruby.
Full document complete with references:
Metasploit - The Exploit Learning TreeMetasploit How to Refference Penetration Testing Learning Tree Hacking Guide
No replies to this topic
Also tagged with one or more of these keywords: Metasploit, How to, Refference, Penetration Testing, Learning Tree, Hacking Guide
BinRev is hosted by the great people at Lunarpages!