Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
eBook - ePub

Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research

  1. 350 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research

About this book

Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF's capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework. - A November 2004 survey conducted by "CSO Magazine" stated that 42% of chief security officers considered penetration testing to be a security priority for their organizations - The Metasploit Framework is the most popular open source exploit platform, and there are no competing books

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research by David Maynor in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Syngress
Year
2011
Print ISBN
9781597490740
eBook ISBN
9780080549255
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science
Chapter 1

Introduction to Metasploit

Solutions in this chapter:
image
Overview: Why Is Metasploit Here?
image
History of Metasploit
image
Metasploit Core Development
image
Technology Overview
image
Leveraging Metasploit on Penetration Tests
image
Understanding Metasploit Channels
image
Summary
image
Solutions Fast Track
image
Frequently Asked Questions

Introduction

For those of us who were fortunate enough to attend Blackhat Las Vegas 2004, the scene in hall {##} was unforgettable. The title of the talk was “Hacking Like in the Movies.” HD Moore and spoonm were on stage presenting the arrival of their tool Metasploit Framework (MSF) version 2.2. The hall was packed to the gills. People stood in the aisles, and the crowd was spilling over to the main corridor. Two screens glowed to life—the black one on the left showing the MSF commands in action, and the blue one on the right showing a Windows system being compromised. Applause flowed freely throughout the session, and the consensus was clear, “Metasploit had come of age.” But we should have known better. That was only a taste of things to come. With the arrival of MSF version 3.0, the entire approach to information security testing is likely to be revolutionalized. MSF 3.0 is not only an exploit platform, but it is in fact a security tool development platform. The application program interfaces (APIs), architecture, and indeed the philosophy behind the tool promise to make its launch one of the most exciting events in recent times.
So what is Metasploit, and why is there such a buzz around the tool? This book introduces the reader to the main features of the tool, its installation, using it to run exploits, and advanced usage to automate exploits and run custom payloads and commands on exploited systems.

Overview: Why Is Metasploit Here?

Metasploit came about primarily to provide a framework for penetration testers to develop exploits. The typical life cycle of a vulnerability and its exploitation is as follows:
1. Discovery A security researcher or the vendor discovers a critical security vulnerability in the software.
2. Disclosure The security researcher either adheres to a responsible disclosure policy and informs the vendor, or discloses it on a public mailing list. Either way, the vendor needs to come up with a patch for the vulnerability.
3. Analysis The researcher or others across the world begin analyzing the vulnerability to determine its exploitability. Can it be exploited? Remotely? Would the exploitation result in remote code execution, or would it simply crash the remote service? What is the length of the exploit code that can be injected? This phase also involves debugging the vulnerable application as malicious input is injected to the vulnerable piece of code.
4. Exploit Development Once the answers to the key questions are determined, the process of developing the exploit begins. This has usually been considered a bit of a black art, requiring an in-depth understanding of the processor’s registers, assembly code, offsets, and payloads.
5. Testing This is the phase where the coder now checks the exploit code against various platforms, service pack, or patches, and possibly even for different processors (e.g., Intel, Sparc, and so on).
6. Release Once the exploit is tested, and the specific parameters required for its successful execution have been determined, the coder releases the exploit, either privately or on a public forum. Often, the exploit is tweaked so that it does not work right o...

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. VISIT US AT
  6. Technical Editor
  7. Contributing Authors
  8. Companion Web Site
  9. Chapter 1: Introduction to Metasploit
  10. Chapter 2: Architecture, Environment, and Installation
  11. Chapter 3: Metasploit Framework and Advanced Environment Configurations
  12. Chapter 4: Advanced Payloads and Add-on Modules
  13. Chapter 5: Adding New Payloads
  14. Case Studies
  15. Appendix A: Advantages of Network Vulnerability Testing with Metasploit 3.0
  16. Appendix B: Building a Test Lab for Penetration Testing
  17. Appendix C: Glossary of Technology and Terminology
  18. Index