Metasploit is an open-source project that provides, among other things, the Metasploit framework. It contains a collection of exploits that can be used to test the security of computer systems. Metasploit can also be misused as a tool for hackers.
What is Metasploit?
The framework provided by the Metasploit open-source project can be used to test computer systems for security vulnerabilities. A wide variety of security and penetration tests can be performed on distributed target systems using the many different exploits collected in the framework.
Even the development of own exploits is possible. Furthermore, Metasploit can be misused to illegally penetrate a system. The framework is implemented in the Ruby programming language.
Metasploit can be installed on a wide variety of operating systems. These include Linux and Unix versions, macOS and Windows. In addition to command-line oriented input, graphical user interfaces are available for easier operation. The framework can be extended in various languages via add-ons. Metasploit is also part of the Linux distribution Kali Linux, which specializes in security tests.
The Metasploit framework
The Metasploit framework is modular and distinguishes between the tasks of developers and attackers. There is a separation between the attack methods (exploits) and the code to be executed. Exploits must be specifically tailored to the different vulnerabilities of software and hardware.
Code is used when an attack method has been successful and the system can be infiltrated or compromised. Other names for the code to be executed are shellcode or payload. Examples of shellcodes are command shells deployed on a special network port, reverse shells that independently establish a connection to the attacker system, reloadable and executable plugins or remote desktop software for targeted remote control of a computer such as VNC.
Thanks to the modularity of the framework, different payloads can be combined with arbitrary exploits. A special shellcode database contains the different payloads including source code that can be used by the framework.
To launch an attack, the following procedure is usually followed. First, the exploits that are to test the target system for security vulnerabilities are selected and configured. For example, the operating systems or the software and network applications used on the target system must be taken into account. Metasploit has several hundred different exploits available.
In the event of a successful attack, a payload must be selected to be executed on the target computer. The next step is to check whether the target device is vulnerable to a particular exploit. If this is the case, the system attempts to execute the desired payload. Using the various payloads, it is then possible to start further actions on the compromised computer system.
Metasploitable – the virtual test environment for attacks
Attacks and attack methods should not always be tested on real computer systems. To create a test environment, a separate virtual distribution called Metasploitable exists. In a closed virtual environment, attacks and attack methods can be tested safely and without affecting real systems in any way.
Legal aspects
Anyone using Metasploit may only do so on systems that they either own themselves or for which they have explicit permission to test. Attempting to penetrate another’s system with an exploit is a legally punishable act. Misuse of the tool falls under the so-called hacker paragraph. Distribution or possession can be punishable as soon as the intention exists to use the framework for an illegal act.