Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
1st Edition
Secure Checkout
Personal information is secured with SSL technology.Free Shipping
Free global shippingNo minimum order.
Description
Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.
This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF’s capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.
By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.
Key Features
- A November 2004 survey conducted by "CSO Magazine" stated that 42% of chief security officers considered penetration testing to be a security priority for their organizations
- The Metasploit Framework is the most popular open source exploit platform, and there are no competing books
Readership
Professional penetration testers and security researchers
Table of Contents
Technical Editor
Contributing Authors
Companion Web Site
Chapter 1: Introduction to Metasploit
Introduction
Overview: Why Is Metasploit Here?
History of Metasploit
Metasploit Core Development
Technology Overview
Leveraging Metasploit on Penetration Tests
Understanding Metasploit Channels
Summary
Solutions Fast Track
Chapter 2: Architecture, Environment, and Installation
Introduction
Understanding the Soft Architecture
Configuring and Locking Down Your System
Installation
Summary
Solutions Fast Track
Chapter 3: Metasploit Framework and Advanced Environment Configurations
Introduction
Configuration High-Level Overview
Global Datastore
Module Datastore
Saved Environment
Summary
Solutions Fast Track
Chapter 4: Advanced Payloads and Add-on Modules
Introduction
Meterpreter
VNC Inject
PassiveX
Auxiliary Modules
Automating the Pen-Test
Summary
Solutions Fast Track
Chapter 5: Adding New Payloads
Introduction: Why Should You Care about Metasploit?
Types of Payloads
Adding New Exploit Payloads
Adding New Auxiliary Payloads
Bonus: Finding Oday While Creating Different Types of Payloads
Summary
Case Studies
Introduction to Case Studies
Case Study 1: RaXnet Cacti Remote Command Execution
Overview of the RaXnet Cacti graph_image.php Vulnerability
Metasploit Module Source
In-Depth Analysis
Case Study 2: Mercur Messaging 2005 SP3 IMAP Remote Buffer Overflow (CVE–2006-1255)
Overview
Vulnerability Details
Exploitation Details
PSEUDO-RET-LIB-C
Complete Exploit Code
In-Depth Analysis
Case Study 3: SlimFTPd String Concatenation Overflow
Overview of the SlimFTPd Vulnerability
SlimFTPd Vulnerability Details
Complete Exploit Code for SlimFTPd String Concatenation Overflow
Case Study 4: WS-FTP Server 5.03 MKD Overflow
Overview of the WS-FTP Server 5.03 Vulnerability
Vulnerability Details
Exploitation Details
Checking Banners
Complete Exploit Code
Analysis
Case Study 5: MailEnable HTTP Authorization Header Buffer Overflow
Overview of the MailEnable HTTP Authorization Buffer Overflow Vulnerability
Exploit Details
Metasploit Module Source
In-Depth Analysis
Appendix A: Advantages of Network Vulnerability Testing with Metasploit 3.0
Appendix B: Building a Test Lab for Penetration Testing
Appendix C: Glossary of Technology and Terminology
Index
Details
- No. of pages:
- 350
- Language:
- English
- Copyright:
- © Syngress 2007
- Published:
- 18th September 2007
- Imprint:
- Syngress
- Paperback ISBN:
- 9781597490740
- eBook ISBN:
- 9780080549255
About the Author
David Maynor
David Maynor is a Senior Researcher, SecureWorks. He was formerly a research engineer with the ISS Xforce R&D team where his primary responsibilities include reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread.
Affiliations and Expertise
Senior Researcher, SecureWorks, U.S.A.
Ratings and Reviews
Request Quote
Tax Exemption
Elsevier.com visitor survey
We are always looking for ways to improve customer experience on Elsevier.com.
We would like to ask you for a moment of your time to fill in a short questionnaire, at the end of your visit.
If you decide to participate, a new browser tab will open so you can complete the survey after you have completed your visit to this website.
Thanks in advance for your time.