12
Chapter 2
Figure 2-1: The
armitage
’s browser exploit menu
Metasploit Utilities
Having covered Metasploit’s three main interfaces, it’s time to cover a few
utilities. Metasploit’s utilities are direct interfaces to particular features of the
Framework that can be useful in specific situations, especially in exploit devel-
opment. We will cover some of the more approachable utilities here and
introduce additional ones throughout the book.
MSFpayload
The
msfpayload
component of Metasploit allows you to generate shellcode,
executables, and much more for use in exploits outside of the Framework.
Shellcode can be generated in many formats including C, Ruby, JavaScript,
and even Visual Basic for Applications. Each output format will be useful in
various situations. For example, if you are working with a Python-based proof
of concept, C-style output might be best; if you are working on a browser
exploit, a JavaScript output format might be best. After you have your desired
output, you can easily insert the payload directly into an HTML file to trigger
the exploit.