1 00:00:01,260 --> 00:00:09,090 In this lecture I will give a brief introduction about the sprite so the meter sprite framework is an 2 00:00:09,120 --> 00:00:18,120 open source tool for the will wing and executing exploit code against a remote target machine it is 3 00:00:18,160 --> 00:00:24,400 a project of the meta exploit project which is a computer security project that provides information 4 00:00:24,700 --> 00:00:31,760 about security vulnerabilities and IEDs in penetration testing and ideas signature development. 5 00:00:31,760 --> 00:00:40,840 In 2009 the framework was acquired by a company called Rabbit 7 exploit framework is designed to be 6 00:00:40,840 --> 00:00:45,480 modular so new modules can be created and integrated into the framework 7 00:00:48,220 --> 00:00:55,630 when working with me to exploit you identify systems and services using scanners which are auxiliary 8 00:00:55,630 --> 00:00:57,280 modules. 9 00:00:57,280 --> 00:01:04,390 Then you have to take advantage of a reliability and allows the execution of the payload using exploit 10 00:01:04,390 --> 00:01:06,160 modules. 11 00:01:06,220 --> 00:01:15,280 Examples of these is triggering buffer overflows or bypassing authentication after that to have to deliver 12 00:01:15,280 --> 00:01:22,240 the software called load to the target system to provide access or to take control of it. 13 00:01:22,240 --> 00:01:31,000 Examples of that are starting emitter our or executing some shade comments after successful exploitation 14 00:01:31,090 --> 00:01:32,460 and remote connection. 15 00:01:32,470 --> 00:01:40,030 You can run most modules to set up killer guards or download files for example and you can buy what 16 00:01:40,180 --> 00:01:43,600 from the exploit it system to other systems. 17 00:01:43,690 --> 00:01:49,960 We have also encoder modules which are programs for performing encryption. 18 00:01:49,960 --> 00:01:56,810 And finally there are not modules which simply does nothing and are useful for filling the void in executable 19 00:01:56,810 --> 00:02:00,460 is hard for the comments. 20 00:02:00,460 --> 00:02:07,750 We have a search comment that will help you to find the module you need then we have the use command 21 00:02:07,960 --> 00:02:10,240 to select that module. 22 00:02:10,270 --> 00:02:16,930 We also have the info comment to get all the information about the selected module including its options 23 00:02:17,170 --> 00:02:19,120 and their current settings. 24 00:02:19,210 --> 00:02:26,530 You can view these options also using the four options comment and you can configure or change the settings 25 00:02:26,530 --> 00:02:29,380 of these options using these at comment. 26 00:02:29,380 --> 00:02:35,770 The most important option to set is the r hosts option that is used to specify the target system. 27 00:02:35,770 --> 00:02:40,020 We had many other options also depending on the module used. 28 00:02:40,030 --> 00:02:43,000 Examples include ports threats. 29 00:02:43,090 --> 00:02:48,780 Username Password user file password file database queue. 30 00:02:49,060 --> 00:02:58,960 And so on and finally you execute the actions of the module using the run or exploit comments and exploit 31 00:02:58,980 --> 00:03:05,440 framework has tools with gooey such as Armitage and community. 32 00:03:05,490 --> 00:03:11,940 So in this lecture I have given a brief introduction about meta Sprite and about how to work with it 33 00:03:12,690 --> 00:03:15,690 and in the next lecture you will see that in practice.