Introduction

In 2003, a new security tool called the Metasploit Framework (MSF) was released to the public. This tool was the first open-source and freely available exploit development framework, and in the year following its release, MSF rapidly grew to be one of the security community s most popular tools. The solid reputation of the framework is due to the efforts of the core development team along with external contributors, and their hard work has resulted in over 45 dependable exploits against many of the most popular operating systems and applications. Released under the GNU GPL and artistic license, the Metasploit Framework continues to add new exploits and cutting-edge security features with every release.

We will begin this chapter by discussing how to use the Metasploit Framework as an exploitation platform. The focus of this section will be the use of msfconsole, the most powerful and flexible of the three available interfaces. Next, the chapter will cover one of the most powerful aspects of Metasploit that tends to be overlooked by most users: its ability to significantly reduce the amount of time and background knowledge necessary to develop functional exploits. By working through a real-world vulnerability against a popular closed-source Web server, the reader will learn how to use the tools and features of MSF to quickly build a reliable buffer overflow attack as a stand-alone exploit. The chapter will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit...