Kwiminyaka esibhozo kamva yokusekwa kwesebe lokugqibela elibalulekileyo, ukumiliselwa kwe Iqonga lokuhlalutya umngcipheko, Isakhelo seMetasploit kuhlobo lwayo lwamva nje lwe-5.0.
Okwangoku, Iphakheji yesakhelo seMetasploit ibandakanya iimodyuli ezingama-3795 ngokuphunyezwa kwezinto ezahlukeneyo kunye neendlela zokuhlasela.
Le projekthi ikwagcina isiseko solwazi esiqukethe malunga nokuba semngciphekweni kwe-136710. Ikhowudi ye-Metasploit ibhaliwe kwiRuby kwaye isasazwa phantsi kwelayisensi ye-BSD. Iimodyuli zinokuphuhliswa kwiRuby, iPython, kunye neGo.
I-Metasploit yiprojekthi yomthombo ovulekileyo wokhuselo lwekhompyuter, ebonelela ngolwazi malunga nokuba semngciphekweni kwezokhuseleko kwaye inceda kuvavanyo lokungena "Pentesting" kunye nophuhliso lwesiginitsha yeenkqubo zokufumanisa ukungena.
Eyona projekthi yayo yaziwayo yiyona Isakhelo seMetasploit, isixhobo sokuphuhlisa kunye nokuqhuba ngokuxhaphaza ngokuchasene nomatshini okude. Ezinye iiprojekti ezibalulekileyo zii-opcode (opcode) zolwazi, ifayile yeqokobhe kunye nophando ngokhuseleko.
Isakhelo seMetasploit ibonelela ngeengcali zokhuselo lwe-IT ngeseti yezixhobo zophuhliso olukhawulezileyo kunye nokulungisa ukungasebenzi kakuhle, kunye nokuqinisekisa ukuba semngciphekweni kunye neenkqubo ezenziwa ziinkqubo xa uhlaselo luphumelele.
Umgaqo osisiseko wokuyalela umgca kucetyiswa ukuskena uthungelwano kunye neenkqubo zokuvavanya ukuba sesichengeni, kubandakanya ukuvavanya ukusetyenziswa kwezona zinto zixhaphakileyo. Njengenxalenye yohlelo loLuntu kunye nePro, ujongano lwewebhu olunomdla lubonelelwa.
I-Metasploit 5.0 yokuphucula
Ngale nkululeko intsha Imodyuli "yokubaleka" yongezwa, evumela umsebenzisi ukuba enze iifayile zokulayisha ezisebenzayo, ngokudlula kusebenze kwe-antivirus.
Imodyuli yenza ukuba kube nakho ukuvelisa iimeko ezizizo xa ujonga inkqubo, Ukunika ingxelo ngeendlela eziqhelekileyo ze-malware.
Ngokomzekelo, Ubuchwephesha obufana nokubhalwa kweekhowudi zeqokobhe, ikhowudi yokungenisa, kunye nokusetyenziswa okungafunekiyo kwe-emulator zisetyenziselwa ukuphepha i-antivirus.
Ukongeza kulwimi lweRuby, IPython noGo ngoku zinokusetyenziselwa ukwenza iimodyuli zangaphandle zeSakhelo.
Kwakhona Isakhelo esisiseko seenkonzo zewebhu kongezwe ukuba sisebenzise i-REST API ukwenza i-automate imisebenzi kunye nokusebenza kunye noovimba beenkcukacha, ukuxhasa izikimu zokuqinisekisa ezininzi kunye nokubonelela ngamathuba okwenza imisebenzi efanayo;
IMetasploit 5.0 ine-API ephunyeziweyo esekwe kwiJSON-RPC, oko kwenza lula ukudityaniswa ngeMetasploit ngezixhobo ezahlukeneyo kunye neelwimi zenkqubo.
Abasebenzisi ngoku banokuqhuba eyabo inkonzo yePostgreSQL eQINISEKILEYO ukudibanisa uninzi lweMetasploit kunye nezixhobo zangaphandle.
Ngakolunye uhlangothi, ukubakho kokuqhubekeka ngokuhambelana kwemisebenzi kunye nesiseko sedatha kunye nekhonsoli (msfconsole) ibonelelwe, eyenza ukuba kwenzeke ukwenza ukwenziwa kwemisebenzi ethile kumagxa enkonzo esebenza kwiziko ledatha.
Kumthwalo ohlawulelwayo, ingqiqo ye-meta-shell kunye nomyalelo wemeta "ongasemva" uyenziwa, ekuvumela ukuba usebenze iiseshoni zangasemva ngasemva kunye nokukhuphela emva kokusebenza kwicala elikude, kwaye uzilawule ngaphandle kokusebenzisa iseshoni esekwe kuMeterpreter .
Gqibela Inqaku lokugqibela elinokuqaqanjiswa kukuba ukubanakho ukungqinisisa iinginginya ezininzi kunye nemodyuli enye kwangoko kuye kongezwa ngokumisela uluhlu lweedilesi ze-IP kukhetho lwe-RHOSTS okanye ngokuchaza ikhonkco kwifayile enedilesi kwi / njl / ifomathi yemikhosi nge-URL "fayile: //";
Injini yokukhangela yenziwe ngokutsha, eyanciphisa ixesha lokuqalisa kwaye yasusa isiseko sedatha kwizixhomekeke.
Uyifumana njani iMetasploit 5.0?
Kulabo abanomdla wokukwazi ukufaka le nguqulo intsha yeMetasploit 5.0, ungaya kwiwebhusayithi esemthethweni yeprojekthi apho unokukhuphela khona ingxelo ekufuneka uyisebenzisile.
Kuba iMetasploit ineenguqulelo ezimbini, uluntu olunye (simahla) kunye nohlobo lwePro ngenkxaso ethe ngqo evela kubadali.
ukuba Abo kuthi abangabasebenzisi beLinux banokufumana le nguqulo intsha ngokuvula i-terminal kunye nokwenza:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
chmod 755 msfinstall && \
./msfinstall