background image

12

Chapter 2

Figure 2-1: The 

armitage

’s browser exploit menu

Metasploit Utilities

Having covered Metasploit’s three main interfaces, it’s time to cover a few 
utilities. Metasploit’s utilities are direct interfaces to particular features of the 
Framework that can be useful in specific situations, especially in exploit devel-
opment. We will cover some of the more approachable utilities here and 
introduce additional ones throughout the book.

MSFpayload

The 

msfpayload

 component of Metasploit allows you to generate shellcode, 

executables, and much more for use in exploits outside of the Framework. 

Shellcode can be generated in many formats including C, Ruby, JavaScript, 

and even Visual Basic for Applications. Each output format will be useful in 
various situations. For example, if you are working with a Python-based proof 
of concept, C-style output might be best; if you are working on a browser 
exploit, a JavaScript output format might be best. After you have your desired 
output, you can easily insert the payload directly into an HTML file to trigger 
the exploit.