Metasploit 3.0 Automated Exploitation

18 09 2006

Metasploit 3.0 Automated Exploitation

Sweet article now all you need is RUBYGEMS.

A recurring theme in my presentations about Metasploit 3.0 is the need for exploit automation. As of tonight, we finally have enough code completed to give a quick demonstration 🙂 Metasploit 3 uses the ActiveRecord module (part of RoR) to provide an object-oriented interface to an arbitrary database service. Database support is enabled by installing RubyGems, ActiveRecord (“gem install activerecord”), and a database-specific driver (“gem install [ postgresql | sqlite3 | mysql | etc ]”). Once these components have been installed, you will need to load the appropriate plugin from the msfconsole interface for the database that you want to use. The completed plugins include db_postgres, db_sqlite3, and db_sqlite2. For this example, we will use the PostgreSQL database server on a Gentoo Linux system. While the SQLite database support is functional, performance problems will prevent it from being useful for performing large-scale exploit automation.

Read the Rest HERE



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: