MSF consists of modules that are combined to affect an exploit. The modules and their specific functions are as follows:
- Exploits: The code fragments that target specific vulnerabilities. Active exploits will exploit a specific target, run until completed, and then exit (for example, a buffer overflow). Passive exploits wait for incoming hosts, such as web browsers or FTP clients, and exploit them when they connect.
- Payloads: These are the malicious code that implement commands immediately following a successful exploitation.
- Auxiliary modules: These modules do not establish or directly support access between the tester and the target system; instead, they perform related functions such as scanning, fuzzing, or sniffing, which support the exploitation phase.
- Post modules: Following a successful attack, these modules run on compromised targets to gather useful data and pivot the attacker deeper into the target network. We will learn more about the post modules in Chapter 11, Action on the Objective and Lateral Movement.
- Encoders: When exploits must bypass antivirus defenses, these modules encode the payload so that it cannot be detected using signature matching techniques.
- No operations (NOPs): These are used to facilitate buffer overflows during attacks.
These modules are used together to conduct reconnaissance and launch attacks against targets. The steps for exploiting a target system using MSF can be summarized as follows:
- Choose and configure an exploit (the code that compromises a specific vulnerability on the target system).
- Check the target system to determine whether it is susceptible to attack by the exploit. This step is optional and is usually omitted to minimize the detection.
- Choose and configure the payload (the code that will be executed on the target system following a successful exploitation; for example, a reverse shell from the compromised system back to the source).
- Choose an encoding technique to bypass detection controls (IDs/IPs or antivirus software).
- Execute the exploit.