Jump to content
Nytro

Metasploit - The Exploit Learning Tree

Recommended Posts

Posted

Metasploit - The Exploit Learning Tree

Author

Mohan Santokhi

This is a whitepaper called Metasploit - The Exploit Learning Tree. Instead of being just another document discussing how to use Metasploit, the purpose of this document is to show you how to look deeper into the code and try to decipher how the various classes and modules hang together to produce the various functions.

# Reference

1 /documentation/developers_guide.pdf

2 http://dev.metasploit.com/documents/meterpreter.pdf

3 external/source/meterpreter/source/extensions/stdapi/server/railgun/railgun_manual.pdf

4 www.nologin.org/Downloads/Papers/remote-library-injection.pdf

5 www.nologin.org/Downloads/Papers/win32-shellcode.pdf

6 Metasploit Unleashed

7 http://www.securitytube.net/groups?operation=view&groupId=10

2 Table of Contents
1 Document Control.................................................................................................................................. 2
1.1 Document Block ............................................................................................................................ 2
1.2 Change History ............................................................................................................................. 2
1.3 References .................................................................................................................................... 2
2 Table of Contents .................................................................................................................................. 3
3 Introduction............................................................................................................................................ 4
4 Setup ..................................................................................................................................................... 5
4.1 Getting started .................................................................................................................................... 5
4.2 Install Missing Gems ........................................................................................................................... 7
4.3 Test the environment .......................................................................................................................... 8
5 Exploit Metamodel ................................................................................................................................. 9
6 Vulnerable Service .............................................................................................................................. 11
7 msfconsole Initialisation Phase ............................................................................................................ 14
8 Use command ..................................................................................................................................... 16
9 Set command ...................................................................................................................................... 18
10 Exploit command ................................................................................................................................. 19
10.1 Create Payload Objects .................................................................................................................. 21
10.2 Generate Encoded Payload ............................................................................................................ 24
10.3 Start handler ................................................................................................................................... 24
10.4 Exploit The Target ........................................................................................................................... 25
10.5 Establish Session ............................................................................................................................ 26
10.6 Interact With Target ......................................................................................................................... 26
11 Meterpreter .......................................................................................................................................... 27
11.1 Meterpreter payloads ...................................................................................................................... 28
11.2 Client components .......................................................................................................................... 30
11.2.1 UI components ............................................................................................................................. 30
11.2.2 Command proxy components ....................................................................................................... 33
11.3 Meterpreter Protocol ....................................................................................................................... 35
11.3.1 Client side protocol API ................................................................................................................ 35
11.3.2 Server side protocol API ............................................................................................................... 37
11.4 Server components ......................................................................................................................... 38
11.5 Server extensions ........................................................................................................................... 41
12 Writing Meterpreter Extensions ............................................................................................................ 43
12.1 Design commands, requests and responses ................................................................................... 43
12.2 Implement skeleton extension ......................................................................................................... 45
12.3 Implement command dispatcher class ............................................................................................ 47
12.4 Implement command proxy class .................................................................................................... 47
13 Railgun ................................................................................................................................................ 48
13.1 Meterpreter scripts .......................................................................................................................... 52

Download:

http://packetstorm.igor.onlinedirect.bg/papers/attack/metasploit-the-learning-tree.pdf

Sursa: Metasploit - The Exploit Learning Tree ? Packet Storm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...