8. Understanding Metasploit Architecture
• Libraries
• Rex
• The basic library for most tasks
• Handles sockets, protocols, text transformations, and others
• SSL, SMB, HTTP, XOR, Base64, Unicode
• Msf:Core
• Provides the ‘basic’ API
• Define Metasploit Framework
• Msf:Base
• Provides Friendly API
• Provides simplified API for use in the framework
10. Understanding Metasploit Modules
The Metasploit Framework is composed of modules.
• Exploits
• Payloads, Encoders, Nops
• Primary Module Tree
• User-Specified Module Tree
11. Understanding Metasploit Modules
• Exploit
• Defined as modules that use payloads
• An exploit without a payload is an Auxiliary module
• Payloads, Encoders, Nops
• Payloads consist of code that runs remotely
• Encoders ensure that payloads make it to their destination
• Nops keep the payload sizes consistent
12. Understanding Metasploit Modules
• Primary Module Tree
• /usr/share/metaspoit-framework/modules
• ~/git/metasploit-framework/modules/
• User-Specified Module Tree
• External module import by users
• ~./msf4/modules/
19. Dig Into Current Module
Update Information
Paramater of wmapmodule.rb
20. Dig Into Current Module
run_host - which start the method
Send_request_raw() - /rex/http/client_request/rb
:response as res parametr which denote of data , when
http_fingerprint() is called
data: editable files used by Metasploit
documentation: provides documentation for the framework
external: source code and third-party libraries
lib: the ‘meat’ of the framework code base
modules: the actual MSF modules
plugins: plugins that can be loaded at run-time
scripts: Meterpreter and other scripts
tools: various useful command-line utilities
Stagers
Payload which download stages
Use normal condition
Stageless
Use when buffer size is no enough, network traffic is not enough
Run_host() => method start
Send_request_raw()
/rex/proto/http/client_request.rb
http_fingerprint() => :response as res parameter which denote that fingerprint from res
Rescue => catch error