Updated docs for 3.2
git-svn-id: file:///home/svn/framework3/trunk@5946 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
parent
35e754c379
commit
9fa258e7a6
Binary file not shown.
|
@ -23,7 +23,7 @@
|
|||
|
||||
\huge{Metasploit Framework User Guide}
|
||||
\ \\[10mm]
|
||||
\large{Version 3.1}
|
||||
\large{Version 3.2}
|
||||
\\[10mm]
|
||||
|
||||
\includegraphics{hacker04.jpg}
|
||||
|
@ -45,7 +45,7 @@
|
|||
\chapter{Introduction}
|
||||
|
||||
\par
|
||||
This is the official user guide for version 3.1 of the Metasploit Framework. This
|
||||
This is the official user guide for version 3.2 of the Metasploit Framework. This
|
||||
guide is designed to provide an overview of what the framework is, how it works,
|
||||
and what you can do with it. The latest version of this document can be found
|
||||
on the Metasploit Framework web site.
|
||||
|
@ -81,12 +81,22 @@ system path (/usr/local/bin). User-specific modules can be placed into
|
|||
mirror that of the global modules directory found in the framework
|
||||
distribution.
|
||||
|
||||
\par
|
||||
The latest stable release of the Ruby interpreter (1.8.7-p72) contains a bug which
|
||||
breaks many of the Metasploit Framework modules. The only way to work around this
|
||||
bug is by downgrading to an older version of 1.8.6 or by upgrading to the latest
|
||||
stable snapshot of 1.8.7. The latest stable snapshot can be downloaded from
|
||||
\url{ftp://ftp.ruby-lang.org/pub/ruby/stable-snapshot.tar.gz}. For more information
|
||||
about this issue, please see the Ubuntu ticket: \url{https://bugs.launchpad.net/bugs/282302}.
|
||||
|
||||
|
||||
|
||||
\section{Installation on Windows}
|
||||
\label{INSTALL-WIN32}
|
||||
|
||||
\par
|
||||
The Metasploit Framework is fully supported on the Windows platform. To install the Framework on Windows,
|
||||
download the latest version of the Windows installer from \url{http://framework.metasploit.com/}, perform
|
||||
download the latest version of the Windows installer from \url{http://metasploit.com/framework/download/}, perform
|
||||
an online update, and launch the \texttt{msfgui} interface from the Start Menu. To access a standard
|
||||
\texttt{msfconsole} interface, select the Console option from the Window menu. As an alternative, you can
|
||||
use the \texttt{msfweb} interface, which supports Mozilla Firefox and Internet Explorer.
|
||||
|
@ -99,25 +109,27 @@ use the \texttt{msfweb} interface, which supports Mozilla Firefox and Internet E
|
|||
When using the Framework on the Windows platform, keep in mind that \texttt{msfgui} and \texttt{msfweb} are the only
|
||||
supported user interfaces. While \texttt{msfcli} may appear to work on the command line, it will will run into
|
||||
trouble as soon as more than one active thread is present. This can prevent most exploits, auxiliary modules,
|
||||
and plugins from functioning. This problem does not occur within Cygwin environment.
|
||||
and plugins from functioning. This problem does not occur within Cygwin environment. The Windows platform does
|
||||
not support raw IP packet injection, packet injection, wireless driver exploitation, or SMB relaying attacks
|
||||
without specific configuration. In most cases, those features can be accessed by running Metasploit inside of a
|
||||
Linux-based virtual machine (such as BackTrack 3 in VMWare).
|
||||
|
||||
\section{Supported Operating Systems}
|
||||
\label{INSTALL-SUPPORT}
|
||||
|
||||
\par
|
||||
The Framework should run on almost any Unix-based operating system that includes
|
||||
a complete and modern version of the Ruby interpreter (1.8.4+). Every stable
|
||||
version of the Framework is tested with three primary platforms:
|
||||
The Framework should run on almost any Unix-based operating system that includes a complete and modern version
|
||||
of the Ruby interpreter (1.8.4+). Every stable version of the Framework is tested with three primary platforms:
|
||||
|
||||
\begin{itemize}
|
||||
\item Linux 2.6 (x86, ppc)
|
||||
\item Windows NT (2000, XP, 2003, Vista)
|
||||
\item MacOS X 10.4 (x86, ppc), 10.5 (x86)
|
||||
\item MacOS X 10.5 (x86, ppc), 10.5 (x86)
|
||||
\end{itemize}
|
||||
|
||||
\par
|
||||
For information about manually installing the framework, including all of the required dependencies needed
|
||||
to use the new \texttt{msfgui} interface, please see the framework web site: \url{http://framework.metasploit.com/msf/support}
|
||||
to use the new \texttt{msfgui} interface, please see the framework web site: \url{http://metasploit.com/framework/support}
|
||||
|
||||
\section{Updating the Framework}
|
||||
\label{INSTALL-UPDATE}
|
||||
|
@ -697,7 +709,11 @@ The Init function becomes the entry point for the new thread in the exploited
|
|||
process. When processing is complete, it should return and allow the loader
|
||||
stub to exit the process according to the \texttt{EXITFUNC} environment
|
||||
variable. If you would like to write your own DLL payloads, refer to the
|
||||
external/source/dllinject directory in the Framework.
|
||||
external/source/dllinject directory in the Framework. In additional to normal
|
||||
DLL Injection, version 3.2 and newer include support for Reflective DLL Injection
|
||||
payloads as well. For more information about Reflective DLL Injection, please see
|
||||
the Harmony Security paper, located at
|
||||
\url{http://www.harmonysecurity.com/files/HS-P005_ReflectiveDllInjection.pdf}
|
||||
|
||||
\section{VNC Server DLL Injection}
|
||||
\par
|
||||
|
@ -778,11 +794,9 @@ archive.
|
|||
|
||||
\section{Mailing List}
|
||||
\par
|
||||
You can subscribe to the Metasploit Framework mailing list by sending a blank
|
||||
email to framework-subscribe[at]metasploit.com. This is the preferred way to
|
||||
submit bugs, suggest new features, and discuss the Framework with other users.
|
||||
The mailing list archive can be found online at:
|
||||
\url{http://metasploit.com/archive/framework/threads.html}
|
||||
Metasploit hosts two mailing lists -- Framework and Framework-Hackers. You can find
|
||||
information about these mailing lists, along with their archives, at the following URL:
|
||||
\url{http://spool.metasploit.com/}
|
||||
|
||||
\section{Developers}
|
||||
\par
|
||||
|
@ -860,268 +874,37 @@ changed as well. For example, when exploiting a web application vulnerability th
|
|||
\chapter{Licenses}
|
||||
|
||||
\par
|
||||
The Metasploit Framework is distributed under the Metasploit Framework License
|
||||
v1.2 or later. This license is included below:
|
||||
The Metasploit Framework is distributed under the modified-BSD license defined below.
|
||||
|
||||
{\footnotesize
|
||||
\begin{verbatim}
|
||||
The Metasploit Framework License v1.2
|
||||
Copyright (c) 2008, Metasploit LLC
|
||||
All rights reserved.
|
||||
|
||||
Copyright (C) 2006 METASPLOIT.COM
|
||||
Redistribution and use in source and binary forms, with or without modification,
|
||||
are permitted provided that the following conditions are met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
this list of conditions and the following disclaimer.
|
||||
|
||||
This License governs your use of the Software and any accompanying
|
||||
materials distributed with this License. By clicking "ACCEPT" at the end
|
||||
of this License, you are indicating that you have read and understood,
|
||||
and assent to be bound by, the terms of this License. You must accept
|
||||
the terms of this License before using the Software. If you are an
|
||||
individual working for a company, you represent and warrant that you have
|
||||
all necessary authority to bind your company to the terms and conditions
|
||||
of this License.
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
|
||||
If you do not agree to the terms of this License, you are not granted any
|
||||
rights whatsoever in the Software or Documentation. If you are not
|
||||
willing to be bound by these terms and conditions, do not download the
|
||||
Software.
|
||||
* Neither the name of Metasploit LLC nor the names of its contributors
|
||||
may be used to endorse or promote products derived from this software
|
||||
without specific prior written permission.
|
||||
|
||||
|
||||
Definitions
|
||||
|
||||
a. "License" means this particular version of this document (or, where
|
||||
specifically indicated, a successor iteration of this License officially
|
||||
issued by the Developer).
|
||||
|
||||
b. "Software" means any software that is distributed under the terms of
|
||||
this License, in both object code and source code.
|
||||
|
||||
c. "Enhancement" means any bug fix, error correction, patch, or other
|
||||
addition to the Software that are independent of the Software and do not
|
||||
require modification of the Software of the Software itself.
|
||||
|
||||
d. "Extension" means any external software program or library that
|
||||
interfaces with the Software and does not [reproduce or require
|
||||
modification of the Software itself]. "Extension" includes any module or
|
||||
plug-in that is intended (by design and coding) to, or can, be
|
||||
dynamically loaded by the Software.
|
||||
|
||||
e. "Developer" means the then-current copyright holder(s) of the Software,
|
||||
including, but not limited to, the Metasploit personnel and any
|
||||
third-party contributors (or their successor(s) or transferee(s)).
|
||||
|
||||
f. "Documentation" means any and all end user, technical/programmer,
|
||||
network administrator, or other manuals, tutorials, or code samples
|
||||
provided or offered by Developer with the Software, excluding those items
|
||||
created by someone other than the Developer.
|
||||
|
||||
g. "Use" means to download, install, access, copy, execute, sell, or
|
||||
otherwise benefit from the Software (directly or indirectly, with or
|
||||
without notice or knowledge of the Software's incorporation or
|
||||
utilization in any larger application or product).
|
||||
|
||||
h. "You" means the individual or organization that is using the Software
|
||||
under the License.
|
||||
|
||||
i. "Interface" means to execute, parse, or otherwise benefit from the use
|
||||
of the Software.
|
||||
|
||||
|
||||
License Grant and Restrictions
|
||||
|
||||
1. Provided that You agree to, and do, comply with all terms and
|
||||
conditions in this License, You are granted the non-exclusive rights
|
||||
specified in this License. Your Use of any of the Software in any form
|
||||
and to any extent signifies acceptance of this License. If You do not
|
||||
agree to all of these terms and conditions, then do not use the Software
|
||||
and immediately remove all copies of the Software, the Documentation, and
|
||||
any other items provided under the License.
|
||||
|
||||
|
||||
2. Subject to the terms and conditions of this License, Developer hereby
|
||||
grants You a worldwide, royalty-free, non-exclusive license to reproduce,
|
||||
publicly display, and publicly perform the Software.
|
||||
|
||||
|
||||
3. The license granted in Section 2 is expressly made subject to and
|
||||
limited by the following restrictions:
|
||||
|
||||
a. You may only distribute, publicly display, and publicly perform
|
||||
unmodified Software. Without limiting the foregoing, You agree to
|
||||
maintain (and not supplement, remove, or modify) the same copyright,
|
||||
trademark notices and disclaimers in the exact wording as released by
|
||||
Developer.
|
||||
|
||||
b. You may only distribute the Software free from any charge beyond the
|
||||
reasonable costs of data transfer or storage media. You may -not- (i)
|
||||
sell, lease, rent, or otherwise charge for the Software, (ii) include any
|
||||
component or subset of the Software in any commercial application or
|
||||
product, or (iii) sell, lease, rent, or otherwise charge for any
|
||||
appliance (i.e., hardware, peripheral, personal digital device, or other
|
||||
electronic product) that includes any component or subset of the
|
||||
Software.
|
||||
|
||||
|
||||
4. You may develop Enhancements to the Software and distribute Your
|
||||
Enhancements, provided that You agree to each of the following
|
||||
restrictions on this distribution:
|
||||
|
||||
a. Enhancements may not modify, supplement, or obscure the user interface
|
||||
or output of the Software such that the title of the Software, the
|
||||
copyrights and trademark notices in the Software, or the licensing terms
|
||||
of the Software are removed, hidden, or made less likely to be discovered
|
||||
or read.
|
||||
|
||||
b. If you release any Enhancement to the Software, You agree to
|
||||
distribute the Enhancement under the terms of this License (or any other
|
||||
later-issued license(s) of Developer for the Software). Upon such
|
||||
release, You hereby grant and agree to grant a non-exclusive royalty-free
|
||||
right, to both (i) Developer and (ii) any of Developer's later licensees,
|
||||
owners, contributors, agents or business partners, to distribute Your
|
||||
Enhancement(s) with future versions of the Software provided that such
|
||||
versions remain available under the terms of this License (or any other
|
||||
later-adopted license(s) of Developer).
|
||||
|
||||
|
||||
5. You may develop Extensions to the Software and distribute these
|
||||
Extensions under any license You see fit, for commercial sale or license
|
||||
or for non-commercial use, so long as -each- of the following conditions
|
||||
are met:
|
||||
|
||||
a. The Extension, when installed with the Software, must -not- modify any
|
||||
of the behavior (e.g., change the display, modify the available commands,
|
||||
etc.) of the Software until the user explicitly requests (e.g., by
|
||||
invoking or exercising a command or feature are a screen display or other
|
||||
express notification of the new code's existence and function) that the
|
||||
Extension should be activated.
|
||||
|
||||
b. The Extension may programmatically execute (e.g., call a method) code
|
||||
provided by this Software, but may not include or create copies of the
|
||||
Software (modified or otherwise) in the Extension itself.
|
||||
|
||||
c. The Extension may not modify, supplement, or obscure the user interface
|
||||
or output of the Software such that the title of the Software, the
|
||||
copyrights and trademark notices in the Software, or the licensing terms
|
||||
of the Software are removed, hidden, or made less likely to be discovered
|
||||
or read.
|
||||
|
||||
|
||||
6. If you develop external software components that interface with the
|
||||
Software, you may only distribute these components if (a) the external
|
||||
software component clearly indicates to the user, via the user interface
|
||||
and/or program output, both (i) the role of the Software in the component
|
||||
and (ii) where the user may obtain a copy of the Software and (b) the
|
||||
external software components do not modify, supplement, or obscure the
|
||||
user interface or output of the Software such that the title of the
|
||||
Software, the copyrights and trademark notices in the Software, or the
|
||||
licensing terms of the Software are removed, hidden, or made less likely
|
||||
to be discovered or read.
|
||||
|
||||
|
||||
Online Updates
|
||||
|
||||
The Software includes the ability to download updates (i.e., additional
|
||||
code) from Developer's server(s). These updates may contain bug fixes,
|
||||
new functionality, updated Documentation, and/or Extensions. When
|
||||
retrieving these updates, the Software may transmit the Software version
|
||||
and operating system information from Your computer to the update server.
|
||||
The server may record (store) this information, in conjunction with the
|
||||
IP (global Internet Protocol) address of the user, in order to attempt to
|
||||
maintain accurate end user and version statistics. By using the online
|
||||
update feature, You hereby agree to allow this information to be
|
||||
transmitted, recorded, and stored in any nation by or for Developer.
|
||||
|
||||
|
||||
Proper Use
|
||||
|
||||
As an express condition of this License, You agree that You will use the
|
||||
Software -solely- in compliance with all then-applicable local, state,
|
||||
national, and international laws, rules and regulations as may be amended
|
||||
or supplemented from time to time, including any then-current laws and/or
|
||||
regulations regarding the transmission and/or encryption of technical
|
||||
data exported from or imported into Your country of residence. Violation
|
||||
of any of the foregoing will result in immediate, automatic termination
|
||||
of this License without notice, and may subject You to state, national
|
||||
and/or international penalties and other legal consequences.
|
||||
|
||||
|
||||
Intellectual Property Ownership
|
||||
|
||||
The Software is licensed, not sold. Developer retains exclusive ownership
|
||||
of all worldwide copyrights, trade secrets, patents, and all other
|
||||
intellectual property rights throughout the world and all applications
|
||||
and registrations therefor, in and to the Software and any full or
|
||||
partial copies thereof, including any additions thereto. You acknowledge
|
||||
that, except for the limited license rights expressly provided in this
|
||||
Agreement, no right, title, or interest to the intellectual property in
|
||||
the Software or Documentation is provided to You, and that You do not
|
||||
obtain any rights, express or implied, in the Software. All rights in and
|
||||
to the Software not expressly granted to You in this Agreement are
|
||||
expressly reserved by Developer. Product names, words or phrases
|
||||
mentioned in this License or the Software may be trademark(s) or
|
||||
servicemark(s) of Developer registered in certain nations and/or of third
|
||||
parties. You may not alter or supplement the copyright or trademark
|
||||
notices as contained in the Software.
|
||||
|
||||
|
||||
License Termination
|
||||
|
||||
This License is effective until terminated. This License will terminate
|
||||
immediately without notice from Developer if You breach or fail to comply
|
||||
with any provision of this License. Upon such termination You must
|
||||
destroy the Software, all accompanying written materials, and all copies
|
||||
thereof.
|
||||
|
||||
|
||||
Limitations of Liability
|
||||
|
||||
In no event will Developer, any owner, contributor, agent, business party,
|
||||
or other third party affiliated with Developer, be liable to You or any
|
||||
third party under any legal theory (including contract, tort, or
|
||||
otherwise) for any consequential, incidental, indirect or special damages
|
||||
whatsoever (including, without limitation, loss of expected savings, loss
|
||||
of confidential information, presence of viruses, damages for loss of
|
||||
profits, business interruption, loss of business information and the like
|
||||
or otherwise) or any related expense whether foreseeable or not, arising
|
||||
out of the use of or inability to use or any failure of the Software or
|
||||
accompanying materials, regardless of the basis of the claim and even if
|
||||
Developer or Developer's owner, contributor, agent, or business partner
|
||||
has been advised of the possibility of such damage. By using the
|
||||
Software, You hereby acknowledge that Developer would not offer the
|
||||
Software without the inclusion and enforceability of this provision, and
|
||||
that You (and not the Developer) are solely responsible for Your network,
|
||||
data, and application security testing, planning, audits, updates, and
|
||||
training, which require regular analysis, supplementing, and expertise.
|
||||
|
||||
|
||||
No Warranty
|
||||
|
||||
The Software and this License document are provided AS IS with NO WARRANTY
|
||||
OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING,
|
||||
WITHOUT LIMITATION, THE WARRANTY OF DESIGN, MERCHANTABILITY, TITLE,
|
||||
NON-INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
||||
|
||||
Indemnification
|
||||
|
||||
You agree to indemnify, hold harmless, and defend Developer and
|
||||
Developer's owners, contributors, agents, and business partners from and
|
||||
against any and all claims or actions including reasonable legal expenses
|
||||
that arise or result from Your use of or inability to use the Software.
|
||||
Developer agrees to notify You and reasonably cooperate with Your defense
|
||||
of any third party claim triggering such indemnification.
|
||||
|
||||
|
||||
Miscellaneous
|
||||
|
||||
If any part of this License is found void and unenforceable, it will not
|
||||
affect the validity of the balance of this License, which shall remain
|
||||
valid and enforceable to the maximum extent according to its terms.
|
||||
|
||||
|
||||
Choice of Law; Venue
|
||||
|
||||
This License will be construed, interpreted and governed by the laws of
|
||||
Texas, USA, without regard to its conflict of law rules. Any litigation
|
||||
related to this
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
||||
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
\end{verbatim}}
|
||||
|
||||
\end{document}
|
||||
|
|
Loading…
Reference in New Issue