pocorgtfo VS Metasploit

Your best bet here is to get the base address nailed down (assuming it’s a flat/monolithic image). There are a handful of utilities floating around (binbloom, basefind2) that use various pointer heuristics to try to guess the base address. There’s also a nice trick detailed in PoC||GTFO that you can use pretty reliably.

execute the pdf: https://github.com/angea/pocorgtfo

1) People systematically underestimate how easy it is to create collisions that still do something "interesting", like being polyglots. See PoC||GTFO, specifically anything by Ange Albertini, for examples; grep https://github.com/angea/pocorgtfo/blob/master/README.md for "MD5".

1bis) You can use an existing collision to create new collisions. People seem to think you need to generate all the work again from scratch.

1cis) The files do not need to be gigantic.

2) You can do the collision in advance, and publish the malicious version later. What it accomplishes is that the concept of "this Git hash unambiguously specifies a revision" no longer works, and one of them can be malicious.

3) The standard should be "obviously safe beyond a reasonable doubt", not "not obviously unsafe to a non-expert". By the latter standard, pretty much any random encryption construction is fine.

If you want to learn more how these things work I'd highly suggest going through the PoC||GTFO archive (https://github.com/angea/pocorgtfo/blob/master/README.md) and check out entries by Ange Albertini or entries named like "This ZIP is also a PDF".

Metasploit

Metasploit: https://github.com/rapid7/metasploit-framework

1-) Learn Hacking on a debian based distro like Kali Linux - I personally started with tools like nikto, camhacker... and then moved to more complex frameworks like metasploit.

I once had to give a presentation about Metasploit, and whether it was ethically correct for the creator to make it free and open-source, available to everyone. And in researching this I realized that there were a lot of parallels between the arguments for or against hacking tools being readily available and the arguments for or against gun control. I'll just list a few quickly:

Metasploit Framework (mentioned earlier)

This phase is where the pen testers practically prove that there exist potential vulnerabilities in the target system. The pen testers do the hacking using an array of technical approaches and social engineering methods to exploit the vulnerabilities. The ethical hackers commonly use Metasploit framework to automatically execute exploitation against the target systems. Moreover, they may install malwares such as rootkit to persistently maintain their foothold and further compromise the target system.