• Revista PROGRAMAR: Já está disponível a edição #53 da revista programar. Faz já o download aqui!


Lab 12: Exploit Creation

1 post in this topic

vejam por voçes mesmos... aqui não há "ensinamentos".. apenas aprendizagem auto-didacta

aqui está um documento excelente para quem quer realmente saber e não apenas "parecer"  ;):P

neste documento vão aprender sobre o que mais MEXE no momento da segurança.... Desenvolver Exploitsoperar o Nessus e MetaSploit  :D :ipool: :smoke: :cheesygrin: :eek: :-[ :P:D;):)

o acesso REMOTO NÃO AUTORIZADO é uma realidade e para mim uma ARTE!!... de que lado querem estar?????  :fartnew2:

Every organization needs to actively evaluate its information security measures in order to identify the threats to the organizations infrastructure and assets. This process is termed as Penetration testing. By identifying and resolving these vulnerabilitiesthe IT security related costs the organization bears would be reduced and the information assets would be protected. A penetration test is performed in various stages that involve gathering requirementsscanning the system for vulnerabilitiesexploiting those vulnerabilities and patching the systems to prevent hacker activities. Various tools are used to ease the entire process of vulnerability assessment and exploit generation. Two such commonly known tools are Nessus and Metasploit.

Nessus is an open source vulnerability scanner available under the GNU GPL. The tool is designed with the purpose to automate the testing (NASL) makes it feasible to write vulnerability checks. Nessus software is a client-server model. The Nessus servernessusdlistens for incoming connections from Nessus clients that are used by the end-user to launch scans. Client has to authenticate to the server before scanning.

Metasploit framework comprises of an environment for writingtesting and using exploit code. It provides simple and easy-to-use tools for the exploit development process and hides the details like understanding of target’s architecture assembly language and operating system internals that would otherwise be necessary for exploit development. Metasploit is a open-source software released under the GNU GPL. The tool is written with Perl scripting language and is compatible with all UNIX like platforms and the Cygwin environment on windows.

The tool provides three interfaces.

1.) msfcli interfacewhich is used for scriptingwhere all exploit options are specified as a single command-line statement.

2.) msfweb interface that is accessible via a web browser

3.) msfconsole interface that provides an interactive command-shell interface and is the most popular medium for exploit development. We will use msfconsole for our experiments.



delivering EXTREME knowlodge

the insider

the persuader... knocking th invader


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now