Protecting and securing our systems can be an exhaustive and long term duty when we are dealing with the complexity of network infraestructure today. Most of the time, attacks to our network follow a series of phases that, when properly identified, can prevent and stop damage or denial-of-service, data leakeage, amongst other activities that can hurt a company's reputation, assets, and most important, people.
Whenever an attacker sets his eye on a certain target, normally he spends monst of the time in the Information Gathering, this is, obtaining all the relevant (and sometimes, irrelevant) data on the company like physical location, IP blocks, mail addresses, people that work there, infraestructure and many more details that help you identify "holes" in the network.
After this process of collecting information, the attacker usually proceeds to exploiting and penetrating the network, this is the "mysterious" part of the hacking game. Well, in this article, I want to explain and discuss the basic features on one of the most powerful, easy to use and automated penetration testing tools, The Metasploit Framework.
MSF is a series of tools that can identify a vulnerable system on the network, look for an exploit and attack. With tools like these, it's simple to compromise a system following the next steps:
1. Select an exploit: According to the results you got on the information gathering and vulnerability identification phases, MSF updates it's exploits and source files and you select your victim, tipically considered the weakest link to attack.
2. Configure target address and port: Victim's name, address and target port or service to attack.
3. Configure source address and port: Define identity, ports and other data about the "attacker" machine.
4. Configure payload: Usually, the options here are to spawn a shell or a reverse-shell, but most of the time, involves a user terminal to push commands to the compromised system.
5. Exploit!
These days, attacking and hacking around unpatched systems, default configurations and sometimes obvious threats is becoming easier and easier so people without a full knowledge of networking and programming can sometimes cause great harm to your information technology assets.
Information Security Professionals should be aware and correctly manage network, systems, applications, policies and procedures. This kind of applications can help you with that task, but it is strongly recommended to try this in a separate, controlled environment, with proper managment authorization and document all your discoveries.
