I knew about the metasploit framework since a few good years ago, but I never re
ID: 661938 • Letter: I
Question
I knew about the metasploit framework since a few good years ago, but I never really got into it. I have some knowledge when it comes to networks, but I am not a PRO. I've tested some things with metasploit and I was curious about one thing.
(please correct me if I'm wrong)
Let's say that microsoft is releasing a new version of internet explorer. Somebody finds a vulnerability (buffer overflow), and with metasploit (not only metasploit, but yeah), I set the exploit, set the payload, set the parameters, type exploit, and I got a meterpreter.
Ok, internet explorer has a vulnerability, but how is the connection between the exploit and the payload made? From what I know a buffer overflow is just something that is crashing the application, but how does it go from crashing an application to a connection back to the hackers computer?
Explanation / Answer
The vulnerability is just the weakness in the software that allows an attacker to gain control. For example (since you mentioned buffer overflows), an unchecked buffer copy via strcpy, or using memcpy with an attacker-controlled length.
An exploit is the actual process of leveraging a vulnerability. For buffer overflows, this is the process of overwriting the saved EIP on the stack, or overwriting a function pointer, or any other process that actually gives you control of the application.
The payload is what you want to do with the exploit: it can run a command (such as a shell), open a network port and listen (a bindshell), connect back to you (a reverse shell), or generally anything else you might want to do. Often, if you're using Metasploit, you want to start Meterpreter, as Meterpreter is design to let you leverage it to do a variety of different tasks (screenshots, execute commands, exfiltrate data, etc.)