Metasploit - The Exploit Learning Tree

1 post in this topic

Most of us who have used Metasploit find it an amazing tool for doing a variety of tasks which we

perform during the pen-test activities. However, there is another way to use the tool.

The purpose of this document is not to show how to use Metasploit tool there are enormous amount of

sources available to do that but to show you how to look deeper into the code and try to decipher how

the various classes and modules hang together to produce the various functions we love to use. In

doing so we will learn how the exploit framework could be structured, how the interaction between the

attacker and the exploited vulnerability could be achieved and how the user can extend the

functionality of Metasploit.

Seeing how the various components of Metasploit are connected together will enable us to develop our

own targeted exploits.

We will start with the Setup section which describes the tools required to follow the analysis of

Metasploits architecture. Before digging deeper into the code we will discuss the exploit metamodel

which provides the context for rest of the document. For the analysis part we start with investigation of

msfconsole initialisation then proceed to analyse the use, set and the exploit commands. The final

section is on Meterpreter component architecture and we close with discussion on Railgun.

Only prerequisite required is some programming skills and knowledge of object orientated design

would be a major benefit. Ruby skill aren’t essential, actually the document could be used to learn

some of the interesting aspects of Ruby.

Full document complete with references:



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now