Wednesday, December 22, 2010

Metasploit Complete Video Tutorial

The Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.
The Metasploit Project is also well-known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework.
Metasploit was created by HD Moore in 2003 as a portable network tool using the Perl scripting language. Later, the Metasploit Framework was then completely rewritten in the Ruby programming language. It is most notable for releasing some of the most technically sophisticated exploits to public security vulnerabilities. In addition, it is a powerful tool for third-party security researchers to investigate potential vulnerabilities. On October 21, 2009 the Metasploit Project announced that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.
Like comparable commercial products such as Immunity's Canvas or Core Security Technologies'Core Impact, Metasploit can be used to test the vulnerability of computer systems to protect them, and it can be used to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Since the acquisition of the Metasploit Framework, Rapid7 has added two open-core proprietary editions called Metasploit Express and Metasploit Pro.
Metasploit's emerging position as the de facto vulnerability development framework has led in recent times to the release of software vulnerability advisories often accompanied by a third party Metasploit exploit module that highlights the exploitability, risk, and remediation of that particular bug.] Metasploit 3.0 (Ruby language) is also beginning to include fuzzing tools, to discover software vulnerabilities in the first instance, rather than merely writing exploits for currently public bugs. This new avenue has been seen with the integration of the lorcon wireless (802.11) toolset into Metasploit 3.0 in November, 2006.

Below are the video links and a short description:

1. Metasploit Megaprimer 
Part 1  (Exploitation Basics and need for Metasploit)

2. Metasploit Megaprimer 
Part 2  (Getting Started with Metasploit)

3. Metasploit Megaprimer Part 3 (Meterpreter Basics and using Stdapi)

4. Metasploit Megaprimer Part 4 (Meterpreter Extensions Stdapi and Priv)

5. Metasploit Megaprimer Part 5 (Understanding Windows Tokens and Meterpreter Incognito)

6. Metasploit Megaprimer Part 6 (Espia and Sniffer Extensions with Meterpreter Scripts)

7. Metasploit Megaprimer Part 7 (Metasploit Database Integration and Automating Exploitation)

8. Metasploit Megaprimer Part 8 (Post Exploitation Kung Fu)

9. Metasploit Megaprimer Part 9 (Post Exploitation Privilege Escalation)

10. Metasploit Megaprimer Part 10 (Post Exploitation Log Deletion and AV Killing)

11. Metasploit Megaprimer (Post Exploitation and Stealing Data) Part 11

12. Metasploit Megaprimer Part 12 (Post Exploitation Backdoors and Rootkits)

13. Metasploit Megaprimer Part 13 (Post Exploitation Pivoting and Port Forwarding)

14. Metasploit Megaprimer Part 14 (Backdooring Executables)

15. Metasploit Megaprimer Part 15 (Auxiliary Modules)

16. Metasploit Megaprimer Part 16 (Pass the Hash Attack)

17 Metasploit  Demo


  1. Man Great Videos Bro Love it man i am basic in metasploit now i will learn with ur videos help thank you very much

  2. hey mate how do u setup the windows machine in virtual box in the 1st video. When i try rpc dcom exploit with the ip it wont take it says connection refused can u explain that please...