Metasploit Series : Introduction Metasploit
Metasploit adalah aplikasi yang dipakai secara luas sebagai exploitation tools dalam bidang hacking dan IT Security, tools ini banyak digunakan baik oleh beginner ataupun professional.
Metasploit sendiri didefinisikan sebagai framework untuk melakukan cyber exploitation, sebagai suatu framework sangat memiliki dukungan untuk membuat suatu exploit vulnerability yang belum diketahui pada suatu jaringan.
Metasploit akan mendevelop suatu meterpreter ketika di load ke suatu target, membuat control akses dan control sasaran lebih mudah. Dengan demikian seorang hacker baik white hacker atau black hacker wajib memiliki dasar pengetahuan mengenai metasploit.
Metasploit di develop sejak tahun 2003 sebagai satu project open source oleh H.D Moorre, dimana aslinya dibangun dengan bahasa PERL, kemudian team menulis kembali source code nya dengan bahasa Ruby di tahun 2007, jadi perlu diingat kita harus punya Ruby didalam system kita supaya metasploit bisa berjalan dan membuat exploit kita sendiri.
Setelah sukses malang melintang sebagai andalan tools untuk hacker dan pen tes, maka di tahun 2009 metasploit dibeli oleh Rapid7. Kemudian metasploit di bedakan menjadi 3 versi, 1(satu) versi bersifat free , 2 (dua) lainnya yaitu Metasploit express dan Metasploit Proffesional. Kedua versi komersila ini sudah dilengkapi dengan fasilitas GUI, otomatisasi beberapa serangan. Untuk yang free dikenal dengan nama Metaspolit Community.
Namun bagi anda yang ingin menggunakan versi GUI dari Metasploit, anda bisa mencoba menggunakan tools dari Armitage, ini adalah vendor lain selain Rapid7 yang mengembangkan model GUI untuk metasploit namun tetap gratis.
Kini metasploit ada yang versi windows pula selain linux , namun saya recommend untuk menggunakan versi linux karena banyak fitur metasploit misaknya raw IP packet Injection, wireless driver exploitation, SMB relaying attacks tidak tersedia di versi Windows.
Dibawah ini saya sertakan perbandingan antara 3 versi metasploit dari Rapid7.
| Feature | Details | Metasploit Framework | Metasploit Community | Metasploit Express | Metasploit Pro |
| Pricing | |||||
| License | Use one of several editions. Commercial licenses are annual named-user licenses with unlimited installs per user. | Free | Free | $5,000 | Call |
| User Interface | |||||
| Web-based User Interface | User-friendly web-based user interface that increases productivity and reduces training needs. | Y | Y | Y | |
| Command-Line Interface | Basic command-line interface, most prominently used in Metasploit Framework. | Y | Y | ||
| Pro Console | Advanced command-line functionality of Metasploit Pro to get access to new, high-level commands, better manage your data and generate a single report for all activities, increasing your overall productivity. | Y | |||
| Penetration Testing | |||||
| Comprehensive Exploit Coverage | Metasploit includes the world’s largest public collection of quality-assured exploits. | Y | Y | Y | Y |
| Manual Exploitation | Select a single exploit to launch against a single host. | Y | Y | Y | Y |
| Basic Exploitation | Select a single exploit to launch against any number of hosts in your environment. | Y | Y | Y | |
| Smart Exploitation | Have Metasploit auto-select all exploits that match fingerprinted devices and services. Select a minimum reliability ranking for safe testing. Supports dry-run to see which exploits would be run before launching them. | Y | Y | ||
| Exploitation Chaining | Automatically combine several exploits and auxiliary modules, e.g. to compromise Cisco routers | Y | |||
| Evidence Collection | Collect evidence of compromise with one button, including screenshots, passwords and hashes, and system info | Y | Y | ||
| Post-exploitation Macros | Automatically launch a customized set of post-exploitation modules after successfully compromising a machine, e.g. to automatically collect evidence from hosts. | Y | |||
| Persistent Sessions | Re-establish a session after a connection gets interrupted, e.g. because of a phished user who closes his laptop. | Y | |||
| Bruteforcing Credentials | Try out the most common or previously captured passwords on more than a dozen service types with one command. Password hashes can be automatically cracked if based on weak passwords or used in pass-the-hash attacks. | Y | Y | ||
| Social Engineering | Send out phishing emails containing attachments or links to websites hosting exploits or fake login forms. Create USB flash drives with malicious files to compromise a machine. | Y | |||
| Web App Testing | Scan, audit and exploit web applications for vulnerabilities, including the OWASP Top 10 2013. | Y | |||
| IDS/IPS Evasion | Get to the target without being detected through IDS/IPS evasion | Y | |||
| Anti-virus Evasion | Use Dynamic Payloads to get past anti-virus solutions, wasting no time on writing your custom payloads, encoding existing Metasploit Framework payloads, and testing if they get past particular AV solutions. | Y | |||
| Payload Generator | Generate stand-alone Classic Payloads through an easy-to-use interface | Y | |||
| Proxy Pivoting | Use a compromised machine to launch an exploit against another target. | Y | Y | Y | Y |
| VPN Pivoting | Get full layer-2 network access through a compromised host, enabling you to use any network-based tool through a compromised host, e.g. a vulnerability scanner, to get more visibility and use advanced techniques. | Y | |||
| Reporting | |||||
| Basic Reporting | Create basic penetration testing reports without cutting and pasting information, including audit reports and compromised hosts reports. | Y | Y | ||
| Advanced Reporting | Create reports for web application testing and social engineering campaigns as well as compliance reports that map findings to PCI DSS or FISMA requirements. | Y | |||
| Productivity Enhancements | |||||
| Quick Start Wizards | Conduct baseline penetration tests to find low-hanging fruit, web app tests, or phishing campaigns. Shortcut the first steps of an engagements and go deeper after the Wizard completes. | Y | |||
| MetaModules | MetaModules simplify and operationalize security testing for IT security professionals. Many security testing techniques are either based on cumbersome tools or require custom development, making them expensive to use. To expedite this testing, MetaModules automate common yet complicated security tests that provide under-resourced security departments a more efficient way to get the job done. MetaModules include operations for network segmentation and firewall testing, passive network discovery, and credentials testing and intrusion. | Y | |||
| Discovery Scans | Leverage the integrated nmap scanner in combination with advanced fingerprinting techniques to map out the network and identify devices | Y | Y | Y | |
| Replay Scripts | Generate scripts that replay an attack so that your customers can test if remediation worked. | Y | Y | ||
| Data Management | Track all discovered and found data in a searchable database. Find outliers through the Grouped View. | Y | Y | Y | |
| Tagging | Tag hosts to assign hosts to mark an import source, a person, mark the scope of a project, or flag high-value targets. Use tags to refer back to hosts in later actions. | Y | |||
| Task Chains | Create custom workflows to start manually, schedule once or on an ongoing basis. | Y | |||
| Pro API | Use an advanced, fully documented API to integrate Metasploit Pro into SIEM and GRC solutions or create custom automations and integrations. | Y | |||
| Integrations | Integrate out-of-the-box with GRC and SIEM solutions | Y | |||
| Team Collaboration | Work on the same project with several team members, splitting the workload and leveraging different levels of expertise and specialization. Share all information and create a unified report. | Y | |||
| Security Programs | |||||
| Closed-loop Risk Validation | Verify vulnerabilities and misconfigurations to prioritize risks and return the results into Nexpose | Y | |||
| Managing Phishing Exposure | Send out simulated phishing emails to measure user awareness, including how many people clicked on a link in an email or entered credentials on a fake login page, and deliver training to users who’ve shown risky behavior. | Y | |||
| Vulnerability Verification | |||||
| Vulnerability import | Import output files from Nexpose and third-party vulnerability scanners | Y | Y | Y | Y |
| Web vulnerability import | Import output files from various third-party web application scanners | Y | Y | ||
| Nexpose scans | Start a Nexpose scan from within the interface. Results are automatically imported to Metasploit. | Y | Y | Y | |
| Direct Import | Directly import existing Nexpose scans by site. | Y | |||
| Vulnerability exceptions | Push vulnerability exceptions back into Nexpose after verification, including comments and expiration date of how long vulnerability should be suppressed from Nexpose reports. | Y | Y | ||
| Closed-loop Integration | Tag and push exploitable vulnerabilities back to Nexpose for follow-up. | Y | |||
| Re-run Session | Re-run an exploit to validate that a remediation effort, e.g. patch or compensating control, is successful. | Y | Y | ||
| Support | |||||
| Community Support | Get peer support through Rapid7 Security Street | Y | Y | Y | Y |
| Rapid7 Support | Get Rapid7 24/7 email and phone support | Y | Y |
Okey, silahkan downloand dari rapid7, dan install metasploitnya, bila memungkinkan anda bisa download distro Kali Linux atau Backtrack karena disana sudah terintegrasi metasploit beserta tools lain yang digunakan untuk melakukan penetration test.
Dikutip dari berbagai sumber
