Exploits
All exploits in the Metasploit Framework will fall into two
categories: active and passive.
Active exploits will exploit a specific host, run until
completion, and then exit.
Passive exploits wait for incoming hosts and exploit them as
they connect.
Payloads
There are three different types of payload module types in
Metasploit: Singles, Stagers, and Stages.
Singles
Singles are payloads that are self-contained and completely standalone. A Single payload can be something as simple as adding a user to the target system or running calc.exe.Stagers
Stagers setup a network connection between the attacker and victim and are designed to be small and reliableStages
Stages are payload components that are downloaded by Stagers modules.Meterpreter
Meterpreter, the short form of Meta-Interpreter is an
advanced, multi-faceted payload that operates via dll injection.
PassiveX
PassiveX is a payload that can help in circumventing
restrictive outbound firewalls. It does this by using an ActiveX control to
create a hidden instance of Internet Explorer. Using the new ActiveX control,
it communicates with the attacker via HTTP requests and responses.
NoNX
The NX (No eXecute) bit is a feature built into some CPUs
to prevent code from executing in certain areas of memory. In Windows, NX is
implemented as Data Execution Prevention (DEP). The Metasploit NoNX payloads
are designed to circumvent DEP.
No comments:
Post a Comment