So an hour and a half in. I have not made much progress. The reasons are varied, mostly lack of discipline to concentrate. However I was installing Backtrack 5 R3, updating apt-get which took quite a while (at least it felt like it), and helped a friend with NPV for a Project management class I completed.
Now what I have learned so far is that I have S0o0o much to learn.
The different MSF's:
There are a few different ways to run Metasploit.
MSFconsole being the most common and as the tutorial says the most stable. So I spent a bit playing in the command line with it, seems easy enough to use, but obviously will need the detailed knowledge of all the payloads. The help command gives a list of commands that are helpful.
MSFconsole
On a side note: I am not finding blogger that intuitive.
Msfconsole can be used in defanged mode. I am not very technical so it was google to the rescue. Unfortunately there was not much information (for the time I took) other than how to defang a snake. As you can see very relevant
Msfcli is a command line interface to the framework. I am yet to understand the difference between this and Msfconsole. If you do have a simple explanation please fill me in.
Exploits Active & Passive
The 2 differences were very simply for me to understand, having completed Webgoat and a Master in IT and all.
Active:
My understanding is that an active exploit is one you say end out, you initiate it, you do it all.
Passive:
To me is one that you setup and wait for a user to come by and activate it. Such as an email with a malicious link, whereby a user clicks this link and is taken to a website or something and then the exploit activates. So the exploit LISTENS for when to execute? Is that a basic enough explanation? Anyone care to expand.
Payloads:
There are multiple payloads, and not being technical this for me was a stretch (such a noob!). Although once reading again and slowly it makes sense.
Single:
Described on the Metasploitable documentation it is a payload that is completly standalone. I am not sure how others differ. An example it gave was adding a user to the target system or calc.exe
Stagers:
This is more complicated. These setup a connection between an attacker and a victim, these are hard to maintain. As a result these payloads have an order in which they execute, preferred to less preferred. My idea is the stage process is that when one fails it has a fallback.
Stages:
Stagers make sense once you understand a stage. These payload stages as stated by the Metasploit documentation provide advanced features with no size limits. This inclused VNC injection.
So in an attempt at a nutshell, a Single is a standalone, complete and whole. A stager carries stages that hold much more functionality. A stager holds multiple of these so it can fall back on them if needed.
But Payload stages also use middlestages, so perhaps this is a category of Stages.
It all gets so complicated so quickly!
Any questions or advice let me know!
I am trying not to just repeat the documentation!
Cheers
Haydn
No comments:
Post a Comment