dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated docs for 3.2 

git-svn-id: file:///home/svn/framework3/trunk@5946 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
HD Moore 2008-11-18 17:45:05 +00:00
parent 35e754c379
commit 9fa258e7a6
2 changed files with 52 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
documentation/users_guide.pdf
View File

Binary file not shown.

321
documentation/users_guide.tex
View File

@ -23,7 +23,7 @@
\huge{Metasploit Framework User Guide}
\ \\[10mm]
\large{Version 3.1}
\large{Version 3.2}
\\[10mm]
\includegraphics{hacker04.jpg}
@ -45,7 +45,7 @@
\chapter{Introduction}
\par
This is the official user guide for version 3.1 of the Metasploit Framework. This
This is the official user guide for version 3.2 of the Metasploit Framework. This
guide is designed to provide an overview of what the framework is, how it works,
and what you can do with it. The latest version of this document can be found
on the Metasploit Framework web site.
@ -81,12 +81,22 @@ system path (/usr/local/bin). User-specific modules can be placed into
mirror that of the global modules directory found in the framework
distribution.
\par
The latest stable release of the Ruby interpreter (1.8.7-p72) contains a bug which
breaks many of the Metasploit Framework modules. The only way to work around this
bug is by downgrading to an older version of 1.8.6 or by upgrading to the latest
stable snapshot of 1.8.7. The latest stable snapshot can be downloaded from
\url{ftp://ftp.ruby-lang.org/pub/ruby/stable-snapshot.tar.gz}. For more information
about this issue, please see the Ubuntu ticket: \url{https://bugs.launchpad.net/bugs/282302}.
\section{Installation on Windows}
\label{INSTALL-WIN32}
\par
The Metasploit Framework is fully supported on the Windows platform. To install the Framework on Windows,
download the latest version of the Windows installer from \url{http://framework.metasploit.com/}, perform
download the latest version of the Windows installer from \url{http://metasploit.com/framework/download/}, perform
an online update, and launch the \texttt{msfgui} interface from the Start Menu. To access a standard
\texttt{msfconsole} interface, select the Console option from the Window menu. As an alternative, you can
use the \texttt{msfweb} interface, which supports Mozilla Firefox and Internet Explorer.
@ -99,25 +109,27 @@ use the \texttt{msfweb} interface, which supports Mozilla Firefox and Internet E
When using the Framework on the Windows platform, keep in mind that \texttt{msfgui} and \texttt{msfweb} are the only
supported user interfaces. While \texttt{msfcli} may appear to work on the command line, it will will run into
trouble as soon as more than one active thread is present. This can prevent most exploits, auxiliary modules,
and plugins from functioning. This problem does not occur within Cygwin environment.
and plugins from functioning. This problem does not occur within Cygwin environment. The Windows platform does
not support raw IP packet injection, packet injection, wireless driver exploitation, or SMB relaying attacks
without specific configuration. In most cases, those features can be accessed by running Metasploit inside of a
Linux-based virtual machine (such as BackTrack 3 in VMWare).
\section{Supported Operating Systems}
\label{INSTALL-SUPPORT}
\par
The Framework should run on almost any Unix-based operating system that includes
a complete and modern version of the Ruby interpreter (1.8.4+). Every stable
version of the Framework is tested with three primary platforms:
The Framework should run on almost any Unix-based operating system that includes a complete and modern version
of the Ruby interpreter (1.8.4+). Every stable version of the Framework is tested with three primary platforms:
\begin{itemize}
\item Linux 2.6 (x86, ppc)
\item Windows NT (2000, XP, 2003, Vista)
\item MacOS X 10.4 (x86, ppc), 10.5 (x86)
\item MacOS X 10.5 (x86, ppc), 10.5 (x86)
\end{itemize}
\par
For information about manually installing the framework, including all of the required dependencies needed
to use the new \texttt{msfgui} interface, please see the framework web site: \url{http://framework.metasploit.com/msf/support}
to use the new \texttt{msfgui} interface, please see the framework web site: \url{http://metasploit.com/framework/support}
\section{Updating the Framework}
\label{INSTALL-UPDATE}
@ -697,7 +709,11 @@ The Init function becomes the entry point for the new thread in the exploited
process. When processing is complete, it should return and allow the loader
stub to exit the process according to the \texttt{EXITFUNC} environment
variable. If you would like to write your own DLL payloads, refer to the
external/source/dllinject directory in the Framework.
external/source/dllinject directory in the Framework. In additional to normal
DLL Injection, version 3.2 and newer include support for Reflective DLL Injection
payloads as well. For more information about Reflective DLL Injection, please see
the Harmony Security paper, located at
\url{http://www.harmonysecurity.com/files/HS-P005_ReflectiveDllInjection.pdf}
\section{VNC Server DLL Injection}
\par
@ -778,11 +794,9 @@ archive.
\section{Mailing List}
\par
You can subscribe to the Metasploit Framework mailing list by sending a blank
email to framework-subscribe[at]metasploit.com. This is the preferred way to
submit bugs, suggest new features, and discuss the Framework with other users.
The mailing list archive can be found online at:
\url{http://metasploit.com/archive/framework/threads.html}
Metasploit hosts two mailing lists -- Framework and Framework-Hackers. You can find
information about these mailing lists, along with their archives, at the following URL:
\url{http://spool.metasploit.com/}
\section{Developers}
\par
@ -860,268 +874,37 @@ changed as well. For example, when exploiting a web application vulnerability th
\chapter{Licenses}
\par
The Metasploit Framework is distributed under the Metasploit Framework License
v1.2 or later. This license is included below:
The Metasploit Framework is distributed under the modified-BSD license defined below.
{\footnotesize
\begin{verbatim}
The Metasploit Framework License v1.2
Copyright (c) 2008, Metasploit LLC
All rights reserved.
Copyright (C) 2006 METASPLOIT.COM
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
This License governs your use of the Software and any accompanying
materials distributed with this License. By clicking "ACCEPT" at the end
of this License, you are indicating that you have read and understood,
and assent to be bound by, the terms of this License. You must accept
the terms of this License before using the Software. If you are an
individual working for a company, you represent and warrant that you have
all necessary authority to bind your company to the terms and conditions
of this License.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
If you do not agree to the terms of this License, you are not granted any
rights whatsoever in the Software or Documentation. If you are not
willing to be bound by these terms and conditions, do not download the
Software.
* Neither the name of Metasploit LLC nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
Definitions
a. "License" means this particular version of this document (or, where
specifically indicated, a successor iteration of this License officially
issued by the Developer).
b. "Software" means any software that is distributed under the terms of
this License, in both object code and source code.
c. "Enhancement" means any bug fix, error correction, patch, or other
addition to the Software that are independent of the Software and do not
require modification of the Software of the Software itself.
d. "Extension" means any external software program or library that
interfaces with the Software and does not [reproduce or require
modification of the Software itself]. "Extension" includes any module or
plug-in that is intended (by design and coding) to, or can, be
dynamically loaded by the Software.
e. "Developer" means the then-current copyright holder(s) of the Software,
including, but not limited to, the Metasploit personnel and any
third-party contributors (or their successor(s) or transferee(s)).
f. "Documentation" means any and all end user, technical/programmer,
network administrator, or other manuals, tutorials, or code samples
provided or offered by Developer with the Software, excluding those items
created by someone other than the Developer.
g. "Use" means to download, install, access, copy, execute, sell, or
otherwise benefit from the Software (directly or indirectly, with or
without notice or knowledge of the Software's incorporation or
utilization in any larger application or product).
h. "You" means the individual or organization that is using the Software
under the License.
i. "Interface" means to execute, parse, or otherwise benefit from the use
of the Software.
License Grant and Restrictions
1. Provided that You agree to, and do, comply with all terms and
conditions in this License, You are granted the non-exclusive rights
specified in this License. Your Use of any of the Software in any form
and to any extent signifies acceptance of this License. If You do not
agree to all of these terms and conditions, then do not use the Software
and immediately remove all copies of the Software, the Documentation, and
any other items provided under the License.
2. Subject to the terms and conditions of this License, Developer hereby
grants You a worldwide, royalty-free, non-exclusive license to reproduce,
publicly display, and publicly perform the Software.
3. The license granted in Section 2 is expressly made subject to and
limited by the following restrictions:
a. You may only distribute, publicly display, and publicly perform
unmodified Software. Without limiting the foregoing, You agree to
maintain (and not supplement, remove, or modify) the same copyright,
trademark notices and disclaimers in the exact wording as released by
Developer.
b. You may only distribute the Software free from any charge beyond the
reasonable costs of data transfer or storage media. You may -not- (i)
sell, lease, rent, or otherwise charge for the Software, (ii) include any
component or subset of the Software in any commercial application or
product, or (iii) sell, lease, rent, or otherwise charge for any
appliance (i.e., hardware, peripheral, personal digital device, or other
electronic product) that includes any component or subset of the
Software.
4. You may develop Enhancements to the Software and distribute Your
Enhancements, provided that You agree to each of the following
restrictions on this distribution:
a. Enhancements may not modify, supplement, or obscure the user interface
or output of the Software such that the title of the Software, the
copyrights and trademark notices in the Software, or the licensing terms
of the Software are removed, hidden, or made less likely to be discovered
or read.
b. If you release any Enhancement to the Software, You agree to
distribute the Enhancement under the terms of this License (or any other
later-issued license(s) of Developer for the Software). Upon such
release, You hereby grant and agree to grant a non-exclusive royalty-free
right, to both (i) Developer and (ii) any of Developer's later licensees,
owners, contributors, agents or business partners, to distribute Your
Enhancement(s) with future versions of the Software provided that such
versions remain available under the terms of this License (or any other
later-adopted license(s) of Developer).
5. You may develop Extensions to the Software and distribute these
Extensions under any license You see fit, for commercial sale or license
or for non-commercial use, so long as -each- of the following conditions
are met:
a. The Extension, when installed with the Software, must -not- modify any
of the behavior (e.g., change the display, modify the available commands,
etc.) of the Software until the user explicitly requests (e.g., by
invoking or exercising a command or feature are a screen display or other
express notification of the new code's existence and function) that the
Extension should be activated.
b. The Extension may programmatically execute (e.g., call a method) code
provided by this Software, but may not include or create copies of the
Software (modified or otherwise) in the Extension itself.
c. The Extension may not modify, supplement, or obscure the user interface
or output of the Software such that the title of the Software, the
copyrights and trademark notices in the Software, or the licensing terms
of the Software are removed, hidden, or made less likely to be discovered
or read.
6. If you develop external software components that interface with the
Software, you may only distribute these components if (a) the external
software component clearly indicates to the user, via the user interface
and/or program output, both (i) the role of the Software in the component
and (ii) where the user may obtain a copy of the Software and (b) the
external software components do not modify, supplement, or obscure the
user interface or output of the Software such that the title of the
Software, the copyrights and trademark notices in the Software, or the
licensing terms of the Software are removed, hidden, or made less likely
to be discovered or read.
Online Updates
The Software includes the ability to download updates (i.e., additional
code) from Developer's server(s). These updates may contain bug fixes,
new functionality, updated Documentation, and/or Extensions. When
retrieving these updates, the Software may transmit the Software version
and operating system information from Your computer to the update server.
The server may record (store) this information, in conjunction with the
IP (global Internet Protocol) address of the user, in order to attempt to
maintain accurate end user and version statistics. By using the online
update feature, You hereby agree to allow this information to be
transmitted, recorded, and stored in any nation by or for Developer.
Proper Use
As an express condition of this License, You agree that You will use the
Software -solely- in compliance with all then-applicable local, state,
national, and international laws, rules and regulations as may be amended
or supplemented from time to time, including any then-current laws and/or
regulations regarding the transmission and/or encryption of technical
data exported from or imported into Your country of residence. Violation
of any of the foregoing will result in immediate, automatic termination
of this License without notice, and may subject You to state, national
and/or international penalties and other legal consequences.
Intellectual Property Ownership
The Software is licensed, not sold. Developer retains exclusive ownership
of all worldwide copyrights, trade secrets, patents, and all other
intellectual property rights throughout the world and all applications
and registrations therefor, in and to the Software and any full or
partial copies thereof, including any additions thereto. You acknowledge
that, except for the limited license rights expressly provided in this
Agreement, no right, title, or interest to the intellectual property in
the Software or Documentation is provided to You, and that You do not
obtain any rights, express or implied, in the Software. All rights in and
to the Software not expressly granted to You in this Agreement are
expressly reserved by Developer. Product names, words or phrases
mentioned in this License or the Software may be trademark(s) or
servicemark(s) of Developer registered in certain nations and/or of third
parties. You may not alter or supplement the copyright or trademark
notices as contained in the Software.
License Termination
This License is effective until terminated. This License will terminate
immediately without notice from Developer if You breach or fail to comply
with any provision of this License. Upon such termination You must
destroy the Software, all accompanying written materials, and all copies
thereof.
Limitations of Liability
In no event will Developer, any owner, contributor, agent, business party,
or other third party affiliated with Developer, be liable to You or any
third party under any legal theory (including contract, tort, or
otherwise) for any consequential, incidental, indirect or special damages
whatsoever (including, without limitation, loss of expected savings, loss
of confidential information, presence of viruses, damages for loss of
profits, business interruption, loss of business information and the like
or otherwise) or any related expense whether foreseeable or not, arising
out of the use of or inability to use or any failure of the Software or
accompanying materials, regardless of the basis of the claim and even if
Developer or Developer's owner, contributor, agent, or business partner
has been advised of the possibility of such damage. By using the
Software, You hereby acknowledge that Developer would not offer the
Software without the inclusion and enforceability of this provision, and
that You (and not the Developer) are solely responsible for Your network,
data, and application security testing, planning, audits, updates, and
training, which require regular analysis, supplementing, and expertise.
No Warranty
The Software and this License document are provided AS IS with NO WARRANTY
OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING,
WITHOUT LIMITATION, THE WARRANTY OF DESIGN, MERCHANTABILITY, TITLE,
NON-INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE.
Indemnification
You agree to indemnify, hold harmless, and defend Developer and
Developer's owners, contributors, agents, and business partners from and
against any and all claims or actions including reasonable legal expenses
that arise or result from Your use of or inability to use the Software.
Developer agrees to notify You and reasonably cooperate with Your defense
of any third party claim triggering such indemnification.
Miscellaneous
If any part of this License is found void and unenforceable, it will not
affect the validity of the balance of this License, which shall remain
valid and enforceable to the maximum extent according to its terms.
Choice of Law; Venue
This License will be construed, interpreted and governed by the laws of
Texas, USA, without regard to its conflict of law rules. Any litigation
related to this
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\end{verbatim}}
\end{document}