Earlier, I did a post on metasploit, since I had been working with the framework this whole week, today, I will explain the concepts using metasploit about exploitation, web applications as well as network exploitation.
To drop onto the exploitation level, we need to first understand, what is a vulnerability, how an application or a network is vulnerable to certain exploits and it’s remediation. So, a vulnerability is a loophole in an application, with which an “exploit” can take advantage of. It’s a kind of weakness of the application. Exploit is a layman term, is/are a set of keys for a hacker/an attacker to break in to a application/or a network and compromise (go on compromising) other aspects of the same system.
Now, we will discuss about “payloads”. If a vulnerable system is exploited, a payload is sent to the victim machine to do certain tasks, these payloads are in terms of “software codes’, “shell codes” and some “kind” of code which is generally termed as “payloads”, so an exploit is executed first and then a particular working payload (compatible with the system to execute on) is loaded and sent to the compromised machine. The exploit runs first and then the PAYLOAD. Metasploit has the capability to do exploit research, IDS signature and it’s development, and these exploits are sorted by modules within the whole framework (as explained in my earlier posts).
Keep reading, Till then, i would finish my work, and post here again.
Heat_Head_Heap_Spray 