Metasploit: Professional Terminology

Source: Internet
Author: User
Tags sql injection
2nd Chapter Metasploit Foundation

Metasploit itself is free open source software and has many contributors in the security community. When using Metasploit for the first time, it is important to focus not only on the latest infiltration modules, but also on how Metasploit is being attacked and what commands can be used to enable penetration to be implemented successfully . 2.1 Metasploit: Professional terminology

Most of the basic terminology below is defined in the context of the Metasploit framework, but often their meaning is common throughout the security industry. 2.1.1 Penetration attack (Exploit)

penetration attacks are attacks by attackers or penetration testers who exploit security vulnerabilities in a system, application, or service . popular infiltration attack techniques include buffer overflow, Web application vulnerability attacks (such as SQL injection), and configuration errors . 2.1.2 Attack Load (Payload)

attack loads are code that we expect the target system to execute after being infiltrated, and can be freely selected, transmitted, and implanted in the Metasploit framework . For example, a bounce shell is a way to create a network connection from a target host to an attack host and provide a command-line shell attack payload, while the bind Shell attack payload binds the command-line shell on the target host to an open listening port. Attackers can connect to these ports to get shell interaction. The attack payload may also be simple to execute some commands on the target operating system, such as adding user accounts. 2.1.3 Shellcode

Shellcode is a set of machine instructions that run as an attack load during a penetration attack . Shellcode are usually written in assembly language.     In most cases, a command line shell or Meterpretershell is provided after the target system executes the shellcode set of instructions,which is also the origin of the Shellcode name. 2.1.4 Modules (module)

A module refers to a software code component used in the Metasploit framework . At some point, a penetration attack module (exploit) may be used, which is the software component used to actually initiate a penetration attack. At other times, an auxiliary module (auxiliary module) may be used to perform some attack actions, such as scanning or system enumeration. 2.1.5 Monitor (Listener)

The

         Listener is the component used in Metasploit to wait for a network connection , for example, After the target host is penetrated, it may be connected to the attacking host over the internet, and the listener component waits on the attacking host to connect to the compromised system and is responsible for processing those network connections.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.