1 00:00:00,860 --> 00:00:01,310 ‫You're with me. 2 00:00:02,290 --> 00:00:02,620 ‫Good. 3 00:00:02,920 --> 00:00:06,340 ‫Everything is OK, so let's start getting our hands dirty. 4 00:00:07,670 --> 00:00:13,460 ‫And because Metasploit Framework is embedded in college, you can type MSF console in any location in 5 00:00:13,460 --> 00:00:16,580 ‫the terminal screen to start Metasploit Framework console interface. 6 00:00:18,010 --> 00:00:21,700 ‫You'll be facing the shell like MSF interface in just a few seconds. 7 00:00:25,570 --> 00:00:32,260 ‫And here we have a summary numbers of exploits, auxiliaries and post modules and numbers of payloads 8 00:00:32,260 --> 00:00:34,150 ‫and coders and knobs. 9 00:00:35,300 --> 00:00:39,140 ‫The first command that you should learn in MSV console is, of course, help. 10 00:00:40,150 --> 00:00:43,570 ‫The health command lists all the commands you can use at this point. 11 00:00:44,710 --> 00:00:51,190 ‫And you heard me correctly, I do say at this point, because any module you load may add some new commands 12 00:00:51,190 --> 00:00:57,220 ‫you can use and we'll see soon, and I'll let it go for now, as you can see the commands a group. 13 00:00:58,310 --> 00:01:01,310 ‫Here are the core command module commands. 14 00:01:03,980 --> 00:01:09,980 ‫Job Command's resource script commands and credential back end commands. 15 00:01:11,050 --> 00:01:16,210 ‫Now, the search for a module you want to use, for example, to see the available exploits developed 16 00:01:16,210 --> 00:01:18,650 ‫to exploit net API vulnerabilities. 17 00:01:19,120 --> 00:01:21,520 ‫You can simply use the search command with a keyword. 18 00:01:23,770 --> 00:01:28,210 ‫And here are the results exploits for several net API vulnerabilities. 19 00:01:29,180 --> 00:01:35,360 ‫The first one is to exploit the RMS zero three Dash zero four nine vulnerability, and we have four 20 00:01:35,360 --> 00:01:38,630 ‫exploits for four different net API vulnerabilities. 21 00:01:40,010 --> 00:01:45,800 ‫Now you can see the columns name of the module, disclose your date, rank and description of the module. 22 00:01:46,770 --> 00:01:51,870 ‫Since the names of the other columns explain themselves, let's talk about the ranks. 23 00:01:53,500 --> 00:01:59,350 ‫In Metasploit Framework, the exploits are ranked to help us select the appropriate export. 24 00:02:00,130 --> 00:02:02,090 ‫Here are all the ranks and their meanings. 25 00:02:03,540 --> 00:02:05,100 ‫Starting off with excellent. 26 00:02:06,060 --> 00:02:08,700 ‫The exploit will never crash the surface. 27 00:02:09,360 --> 00:02:15,870 ‫This is the case for a sequel, injection, CMT execution, RFI, La Vie, et cetera. 28 00:02:16,200 --> 00:02:22,590 ‫No typical memory corruption exploit should be given this ranking unless there are extraordinary circumstances. 29 00:02:23,920 --> 00:02:24,480 ‫Great. 30 00:02:25,150 --> 00:02:32,980 ‫The exploit has a default target and either auto detects the appropriate target or uses an application 31 00:02:32,980 --> 00:02:36,520 ‫specific return address after a version check. 32 00:02:37,840 --> 00:02:45,730 ‫So good is that the exploit has a default target, and it is the common case for this type of software. 33 00:02:46,240 --> 00:02:51,070 ‫English Windows seven for desktop app, 2012 for server, etc.. 34 00:02:52,220 --> 00:03:00,380 ‫So normal, this exploit is otherwise reliable, but depends on a specific version and can't or doesn't 35 00:03:00,650 --> 00:03:02,480 ‫reliably auto detect. 36 00:03:03,850 --> 00:03:09,270 ‫Average, the exploit is generally unreliable or difficult to exploit. 37 00:03:10,290 --> 00:03:18,660 ‫And low, the exploit is nearly impossible to exploit or under 50 percent success rate for common platforms, 38 00:03:19,560 --> 00:03:25,500 ‫and Manuwa exploit is unstable or difficult to exploit and is basically a D.O.C.. 39 00:03:27,030 --> 00:03:32,580 ‫This ranking is also used when the module has no use unless specifically configured by the user. 40 00:03:32,610 --> 00:03:37,920 ‫For example, exploited slash Unix slash web apps slash evil.