Porting a web-based exploit
The web-based exploits that we are going to cover here are based on web application attacks. The idea behind these exploits is to present Metasploit as a successful testing software for web applications too. In the upcoming section, we will see how we can make exploits for popular attack vectors such as SQL injections and so on. The motive here is to get familiar with web and HTTP functions in Metasploit and their corresponding library functions.
Dismantling the existing exploit
In this case study, we will be talking specifically about SQL injections. However, there are tons of other attack vectors that can be covered in Metasploit. Nevertheless, our motive here is just to get ourselves familiarized with HTTP libraries ...
Get Mastering Metasploit now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.