Metasploit Framework
Hey lockboxx fans!! As you know, I have been doing alot of research on Metasploit, so I thought I might give the low down on the framework functions and it's structure. At the very core of Metasploit is REX, MSF’s Ruby Extension Library giving it a scripting base to generate working code. Next is the framework core, which provides many utilities for intimate system operations. On top of that is Metasploits framework base, which provides the specific configurations, logging, and session control. This hierarchy of software control creates a dynamic framework that can be easily used, modified, and expanded with custom modules, plugins, and user interfaces. Starting at the core, Rex::Arch:: provides complex stack pointer adjustments and integer packing, as well as several other libraries with platform specific opcodes. This integral work allows newly developed exploits and payloads to interact with a multitude of systems. Rex::Proto:: provides classes to travel across a multitude of protocols, allowing exploits and payloads to focus on the workings of the service rather than the protocol. Rex::Sockets:: provides wrappers for socket functionality, making underlying connections automatic for exploitation developers. Rex::Services:: provides registered listeners to watch certain ports, and receive special communications from the target, back to the host. Rex::Exploitation:: provides a common base of exploitation steps, such as Exploitation::Egghunter:: which allows the attacker to locate saved code once a buffer overflow attack is complete. Exploitation::Opcode:: provides a large datastore of automatic code that is utilized by many of the Metasploit interfaces. Exploitation::SEH:: is a very popular library for windows exploits that involve optimized classes for overwriting structured exception handlers. It then provides dynamic generation of new SEH registration records, to give base support in IDS evasion. Rex::Encoding:: provides various libraries for obfuscation and encryption. This can you’re your both your exploits and payloads go undetected from IDS, as well as keeping communication between the victim and attacking machine confidential. Rex::JobContainer:: provides methods to create and execute automated task sequences. Rex::Logging:: provides a tiered logging interface to any class that chooses to implement it. It can log class debug and error information, information retrieved by the class, and raw logging of the actions of the class. Rex::Post:: provides unparalleled post-exploitation suites, such as Meterpreter. This functionality lets payload developers work within professionally designed shells, taking care of such necessities as encryption and process control. The framework modules are specially designed automatic functions that really make up the bulk of the framework. Modules use the previously established framework, to focus on specific exploitation. Users can even create their own modules, typically specific exploits, payloads, encoders, or NOP generators. Plugins utilize the framework to integrate a new tool, that stands outside the typical exploitation process. These plugins bring crucial functionality to the MSF, such as integrating nMap, as well as amazing database functionality. Finally, there are many flavors of user interface in Metasploit, such as the msfcli (Metasploit Framework command line interface), msfgui (Metasploit Framework graphic user interface), msweb (Metasploit web browser interface), and Armitage (specialized graphic interface / command line mesh). These unique interfaces provide a comfortable and dynamic way to interact with the Metasploit Framework. For example, the msfgui can help a user automatically configure a Metasploit database, and msweb is especially easy for individuals that don’t fully understand the exploitation process. For a more full understanding of the exploitation process, my research deals with the command line, msfcli.