Скачать или смотреть The Metasploit framework

The video is divided into several sections to highlight and demonstrate the main components of the Metasploit framework.

1. **Introduction and Installation**: The first part provides a brief overview of the exploitation framework and includes a concise tutorial on how to install the framework on the system.

2. **Theoretical Explanation**: This section discusses the main components of Metasploit, including different modules and their objectives. Key terms essential for understanding the framework are also explained.

3. **Demonstration of msfconsole**: The demonstration focuses on the main interface of the framework, the msfconsole. It covers:
Launching Metasploit
Basic commands within the framework
Selecting an exploit, using the EternalBlue exploit as an example
Utilities for gathering detailed information about the chosen exploit and finding additional modules
Searching for different modules within the framework and various search methods
Explanation of exploit rankings

4. **Tutorial on Exploitation**: This section provides a tutorial on using Metasploit to carry out an exploit. It includes:
Setting up the necessary resources, including a vulnerable machine to attack and the attacker's machine (Kali Linux VM and Windows 7 VM, respectively)
Description of the setup
Finding the vulnerability
Exploiting the vulnerability to gain a shell

5. **Network Configuration**: The tutorial assumes both the attacker and vulnerable machines are on the same network. It recommends using the NAT Network feature of VirtualBox for this purpose.

6. **Resource Links**: Links to resources such as VirtualBox, Kali Linux, and the vulnerable Windows 7 image are provided for further reference.

7. **Attack Scenario**: The tutorial adopts the perspective of an attacker and demonstrates scanning the LAN for potentially vulnerable hosts using Nmap. It identifies a target with an open SMB service and detects the "ms17-010" RCE vulnerability.

8. **Exploitation**: The demonstration proceeds with launching the msfconsole, searching for the "ms17-010" vulnerability within Metasploit, setting the required options, and running the exploit to gain a shell on the Windows VM.
References
[1] TryHackMe, “Metasploit introduction.” https://tryhackme.com/room/metasploit..., 2021. 12-2023.
[2] Github, “Exploit ranking.” https://github.com/rapid7/metasploit-...,
2022. 12-2023
Disclaimer: This video was created as part of an assignment for the Ethical Hacking course at RUG (University of Groningen). It is intended for educational purposes only.