Metasploit Framework terminology

Now, let's go through the basic terminology of Metasploit Framework. We will be using these terms often in this book, so it's best to understand them thoroughly before we deep dive into Metasploit Framework (MSF) and its usage:

• Exploits: When Metasploit starts up, it shows the count of publicly available exploits that are already available in the framework. An exploit is a piece of code that takes advantage of a vulnerability and gives us the desired output.
• Payload: This is a piece of code that is delivered to the target system or an application via an exploit to perform an act of our choice. Payloads can actually be divided into three main types: singles, stagers, and stages:
  • Singles: These payloads are standalone and are usually used to perform simple tasks, such as opening notepad.exe files and adding users.
  • Stagers: This sets up a connection between the two systems. Then, stages are downloaded by them to the victim's machine.
  • Stages: These can be considered the components of a payload. They provide different features, such as access to the command shell, the ability to run executables, and upload and download files and don't need to have a size limit. One example of such a feature is a Meterpreter.

The other types of payloads are as follows:

• • Inline (non-staged): Exploit code containing full shellcode to perform a specific task.
  • Staged: This works along with stage payloads to perform a specific task. The stager establishes a communication channel between the attacker and the victim and sends a staged payload that will be executed on the remote host.
  • Meterpreter: This is short for Meta Interpreter and operates through DLL injection. It is loaded in-memory and leaves no trace on disk.
  • PassiveX: This uses ActiveX control to create a hidden instance of Internet Explorer. It communicates with the attacker via HTTP requests and responses.
  • NoNX: This is used to bypass DEP protection.
  • Ord: These are extremely small-sized payloads that work on all versions of Windows. However, they are unstable and rely on ws2_32.dll to be loaded in the exploitation process.
  • IPv6: This is built to work on IPv6 hosts.
  • Reflective DLL Injection: Created by Stephen Fewer, this is a technique where a staged payload is injected into a compromised host process running in memory, while never touching the host hard drive.

• Auxiliary: Metasploit Framework is equipped with hundreds of auxiliary modules that can be used to perform different tasks. These modules can be considered small tools that do not exploit anything. Instead, they aid us in the exploitation process.

• Encoders: An encoder converts information (in this case, assembly instructions) into another form that, upon being executed, will give us the same result. Encoders are used to avoid the detection of a payload when it is delivered to the target system/application. Since most IDSes/IPSes that are configured in the organization's network are signature-based, when encoding the payload, it will change the whole signature and bypass the security mechanism with ease. The most well-known encoder is x86/shikata_ga_nai. This is a polymorphic XOR additive feedback encoder, which means it generates a different output every time it's used. It was the hardest to detect when it first came out. It is still pretty handy when used with multiple iterations. However, iterations must be used carefully and always tested first; they may not work as expected, and with every iteration, the size of the payload increases.
• NOP generators: An NOP generator is used to generate a series of random bytes, which are equivalent to the traditional NOP sleds, except they don't have any predictable patterns. The NOP sled can also be used to bypass standard IDS and IPS NOP sled signatures (NOP Sled - \x90\x90\x90).
• Project: This is a container that's used to store data and credentials during a penetration testing activity. It is more commonly used in the Metasploit Pro version.
• Workspace: A workspace is the same as a project, but it's only used in Metasploit Framework.
• Task: This is any action we perform in Metasploit.
• Listener: A listener waits for an incoming connection from the exploited target and manages the connected target shell.
• Shell: A shell is a console, such as an interface, that gives us access to the remote target.
• Meterpreter: On the official website, Meterpreter is defined as follows:

"An advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API."

Now that we have gone through the basic terminology, let's look at how to install Metasploit and set it up.