Monday, 9 January 2012

A little on Metasploit

What is Metasploit firstly?

Well, it is a simple way to exploit vulnerable systems.

I have a few things to try and do this week. I have several Metasploit posts to complete as well as a couple on IPv6.

First… Metasploit has been around since H.D. Moore released it in 2003. It has grown immensely and an entire community has arisen to support and develop it further. It can run on:

  • Windows,
  • Linux,
  • BSD,
  • as well as on MacOS X

Where to start…

I would recommend starting with IronGeek’s tutorials. These are an excellent start to understanding Metasploit. They start on the web interface which I do not like as much (I am still an old fuddy and love CLIs).

Next, download a copy

I will run through this in Windows for now… Linux later. Just:

  1. Goto the site:

 image

  1. Click download for the platform you are using. Save the file in Windows.

image 

  1. Install it in the normal way.

Windows is rather simple – just a standard installer and you are done.

I will be stepping through setting up and using Metasploit a little at a time this week. I am doing Windows this week and Linux next.

In addition, you should really go to Tenable Security and download Nessus. NMap is also a must have. The windows installer is available here.

Some of the other tools that work well with Metasploit include the following:

  • BiDiBLAH is an Automated Assessment Tool by SensePost. Now end of life and depreciated, but a good toy to play with and learn.
  • Yeti. Early days still, but well worth watching.
  • Nessus of course. Well we need a way to find what is actually vulnerable. Just network vulnerabilities really, but a start.

Tomorrow I will do a step by step install and configuration.

4 comments:

HankiePankie said...

hey craig wat r hardware requirements whch r to be met for application? thanks in advance

HankiePankie said...

thanks craig

Cyber-Geek said...

nice

Dr Craig S Wright GSE said...

@HP, I will cover the specifications later today when I follow up with this post.