Book description
"The best guide to the Metasploit Framework."HD Moore, Founder of the Metasploit Project
The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.
Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.
Learn how to:
- Find and exploit unmaintained, misconfigured, and unpatched systems
- Perform reconnaissance and find valuable information about your target
- Bypass anti-virus technologies and circumvent security controls
- Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
- Use the Meterpreter shell to launch further attacks from inside the network
- Harness standalone Metasploit utilities, third-party tools, and plug-ins
- Learn how to write your own Meterpreter post exploitation modules and scripts
You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.
Publisher resources
Table of contents
-
Metasploit
- Foreword
- Preface
- Acknowledgments
- Introduction
- 1. The Absolute Basics of Penetration Testing
- 2. Metasploit Basics
- 3. Intelligence Gathering
- 4. Vulnerability Scanning
- 5. The Joy of Exploitation
-
6. Meterpreter
- Compromising a Windows XP Virtual Machine
- Dumping Usernames and Passwords
- Pass the Hash
- Privilege Escalation
- Token Impersonation
- Using ps
- Pivoting onto Other Systems
- Using Meterpreter Scripts
- Leveraging Post Exploitation Modules
- Upgrading Your Command Shell to Meterpreter
- Manipulating Windows APIs with the Railgun Add-On
- Wrapping Up
- 7. Avoiding Detection
- 8. Exploitation Using Client-Side Attacks
- 9. Metasploit Auxiliary Modules
- 10. The Social-Engineer Toolkit
- 11. Fast-Track
- 12. Karmetasploit
- 13. Building Your Own Module
- 14. Creating Your Own Exploits
- 15. Porting Exploits to the Metasploit Framework
- 16. Meterpreter Scripting
- 17. Simulated Penetration Test
- A. Configuring Your Target Machines
- B. Cheat Sheet
- Index
- About the Authors
- Colophon
- C. Updates
Product information
- Title: Metasploit
- Author(s):
- Release date: July 2011
- Publisher(s): No Starch Press
- ISBN: 9781593272883
You might also like
book
The Complete Metasploit Guide
Master the Metasploit Framework and become an expert in penetration testing. Key Features Gain a thorough …
book
Mastering Metasploit
Take your penetration testing and IT security skills to a whole new level with the secrets …
book
Linux Server Security, Second Edition
Linux consistently appears high up in the list of popular Internet servers, whether it's for the …
book
Hands-On Web Penetration Testing with Metasploit
Identify, exploit, and test web application security with ease Key Features Get up to speed with …