Small Business Attack – Metasploit
Though there is a saying in the Security profession, it’s not about the tools some tools are pretty cool. In general business, common tools are things like Microsoft Word and Excel (or their open source equivalents in OpenOffice). On the defense side, we use antimalware suites like Sophos. Generally speaking, attack tools aren’t as polished and are very narrowly focused. However, that’s starting to change.
To attack tool I want to discuss today is Metasploit. This tool has one primary purpose — to break through your defenses. It’s built using a framework methodology. You can think of it as having “plugins” like Firefox. In Firefox, plugins can extend the functionality of the browser by Blocking Ads or Blocking Scripts. In Metasploit, the plugins are a bit more dangerous and add functionality like exploiting a service and escalating users.
Basically, the tool works as follows:
1. Pick your target
2. Break in
That’s pretty much it. If there is a flaw in the system, an attacker can probably get in. And since this tool is so easy to use, an attacker doesn’t have to be particularly skilled to take over a system. They just point, click, and get your data.