Exploitation is nothing but gaining the access of the system by attacking the vulnerability. Exploitation provides the ability to control the target system.

Metasploit:

Metasploit is an advance open source framework used for exploitation. Basically it is an all in one platform that provides the environment for development, test and use of the exploit code. At first, it was started as a network game and now it is taken over by Rapid7. It can perform all the things in the penetration testing, starting from port scanning to the actual gaining the access of the target system. It has a standardized interface for the development of exploits, payloads and encoders.

Fig. Metasploit's msfconsole is one of the interfaces for interaction.

Terminologies in Metasploit:

• Exploit: It is a software program or a code that takes the advantage of the vulnerability to attack the target system.

• Payload: It is the data part of the exploit that is executed after exploit is successful.

• Auxiliaries: Auxiliaries are automated scripts that perform a certain task.

Metasploit Payloads:

• Inline payload: It contains full information and instructions for connection and exploitation. More memory is used.

• Staged payload: It doesn't contain all information but only enough information for connection. thus less memory used.

• For example,

Inline payload --> windows/shell_reverse_tcp

and

Staged payload --> windows/shell/reverse_tcp