Metasploit Framework.” — HD Moore, “The best guide to the ...

[Pages:332]Metasploit

The Penetration Tester's Guide

David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni

Foreword by HD Moore

METASPLOIT

METASPLOIT

The Penetration Tester's Guide

by David Kennedy, Jim O'Gorman, Devon Kearns,

and Mati Aharoni

San Francisco

METASPLOIT. Copyright ? 2011 by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni

All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.

15 14 13 12 11 1 2 3 4 5 6 7 8 9

ISBN-10: 1-59327-288-X ISBN-13: 978-1-59327-288-3

Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Hugh D'Andrade Interior Design: Octopod Studios Developmental Editors: William Pollock and Tyler Ortman Technical Reviewer: Scott White Copyeditor: Lisa Theobald Compositors: Susan Glinert Stevens Proofreader: Ward Webber Indexer: BIM Indexing & Proofreading Services

For information on book distributors or translations, please contact No Starch Press, Inc. directly:

No Starch Press, Inc. 38 Ringold Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; info@;

Library of Congress Cataloging-in-Publication Data A catalog record of this book is available from the Library of Congress.

No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

The information in this book is distributed on an "As Is" basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.

BRIEF CONTENTS

Foreword by HD Moore ................................................................................................ xiii Preface .......................................................................................................................xvii Acknowledgments .........................................................................................................xix Introduction .................................................................................................................xxi Chapter 1: The Absolute Basics of Penetration Testing .........................................................1 Chapter 2: Metasploit Basics ............................................................................................7 Chapter 3: Intelligence Gathering ...................................................................................15 Chapter 4: Vulnerability Scanning...................................................................................35 Chapter 5: The Joy of Exploitation...................................................................................57 Chapter 6: Meterpreter ..................................................................................................75 Chapter 7: Avoiding Detection .......................................................................................99 Chapter 8: Exploitation Using Client-Side Attacks............................................................109 Chapter 9: Metasploit Auxiliary Modules .......................................................................123 Chapter 10: The Social-Engineer Toolkit.........................................................................135 Chapter 11: Fast-Track.................................................................................................163 Chapter 12: Karmetasploit ...........................................................................................177 Chapter 13: Building Your Own Module........................................................................185

Chapter 14: Creating Your Own Exploits .......................................................................197 Chapter 15: Porting Exploits to the Metasploit Framework................................................215 Chapter 16: Meterpreter Scripting.................................................................................235 Chapter 17: Simulated Penetration Test..........................................................................251 Appendix A: Configuring Your Target Machines .............................................................267 Appendix B: Cheat Sheet .............................................................................................275 Index .........................................................................................................................285

vi Brief Contents

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download