COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research - 1st Edition - ISBN: 9781597490740, 9780080549255

Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research

1st Edition

Author: David Maynor
eBook ISBN: 9780080549255
Paperback ISBN: 9781597490740
Imprint: Syngress
Published Date: 18th September 2007
Page Count: 350
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.

This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF’s capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.
By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.

Key Features

  • A November 2004 survey conducted by "CSO Magazine" stated that 42% of chief security officers considered penetration testing to be a security priority for their organizations
  • The Metasploit Framework is the most popular open source exploit platform, and there are no competing books


Professional penetration testers and security researchers

Table of Contents

Technical Editor

Contributing Authors

Companion Web Site

Chapter 1: Introduction to Metasploit


Overview: Why Is Metasploit Here?

History of Metasploit

Metasploit Core Development

Technology Overview

Leveraging Metasploit on Penetration Tests

Understanding Metasploit Channels


Solutions Fast Track

Chapter 2: Architecture, Environment, and Installation


Understanding the Soft Architecture

Configuring and Locking Down Your System



Solutions Fast Track

Chapter 3: Metasploit Framework and Advanced Environment Configurations


Configuration High-Level Overview

Global Datastore

Module Datastore

Saved Environment


Solutions Fast Track

Chapter 4: Advanced Payloads and Add-on Modules



VNC Inject


Auxiliary Modules

Automating the Pen-Test


Solutions Fast Track

Chapter 5: Adding New Payloads

Introduction: Why Should You Care about Metasploit?

Types of Payloads

Adding New Exploit Payloads

Adding New Auxiliary Payloads

Bonus: Finding Oday While Creating Different Types of Payloads


Case Studies

Introduction to Case Studies

Case Study 1: RaXnet Cacti Remote Command Execution

Overview of the RaXnet Cacti graph_image.php Vulnerability

Metasploit Module Source

In-Depth Analysis

Case Study 2: Mercur Messaging 2005 SP3 IMAP Remote Buffer Overflow (CVE–2006-1255)


Vulnerability Details

Exploitation Details


Complete Exploit Code

In-Depth Analysis

Case Study 3: SlimFTPd String Concatenation Overflow

Overview of the SlimFTPd Vulnerability

SlimFTPd Vulnerability Details

Complete Exploit Code for SlimFTPd String Concatenation Overflow

Case Study 4: WS-FTP Server 5.03 MKD Overflow

Overview of the WS-FTP Server 5.03 Vulnerability

Vulnerability Details

Exploitation Details

Checking Banners

Complete Exploit Code


Case Study 5: MailEnable HTTP Authorization Header Buffer Overflow

Overview of the MailEnable HTTP Authorization Buffer Overflow Vulnerability

Exploit Details

Metasploit Module Source

In-Depth Analysis

Appendix A: Advantages of Network Vulnerability Testing with Metasploit 3.0

Appendix B: Building a Test Lab for Penetration Testing

Appendix C: Glossary of Technology and Terminology



No. of pages:
© Syngress 2007
18th September 2007
eBook ISBN:
Paperback ISBN:

About the Author

David Maynor

David Maynor is a Senior Researcher, SecureWorks. He was formerly a research engineer with the ISS Xforce R&D team where his primary responsibilities include reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread.

Affiliations and Expertise

Senior Researcher, SecureWorks, U.S.A.

Ratings and Reviews