Last updated at Wed, 10 Jan 2024 21:24:29 GMT
The Metasploit Framework is more than a pile of exploits; it is a collection of tools for gaining access where none is provided and a scaffolding for building new tools. In a few weeks I will be teaching two, one-day dojos at CanSecWest focusing on using and extending the framework. Some of the topics we will cover are: post-exploitation automation including meterpreter and cmd/sh shell sessions, no-exploit pwnage using stolen credentials of various types, and building your own scanners, bruteforce modules and plugins. If you use Metasploit regularly but never felt like you could dig into the code and make it do new and awesome things, this is the class for you. If you spend a lot of time writing one-off scripts to solve problems on a pentest, this class is for you. If you have played with Metasploit but never used it to its full potential, this class is for you.
People have told me they don't have the necessary programming experience to get their hands dirty with Metasploit's code or that they use another language and "don't know Ruby." Without getting into the scripting-language holy wars, Ruby is very easy to learn. Don't be intimidated, programming for the Metasploit Framework is easy. The amount of programming knowledge needed to write modules is well within the grasp of most pentesters and anyone with exploit-development skills or other programming experience will be able to hit the ground running. When you have an idea for an awesome tool, or for improving the way it works, don't wait for someone else to do it. Take this class to learn how to mold the Framework to suit your needs.