Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
View on ScienceDirect

Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research

1st Edition - September 18, 2007

Write a review

  • Author: David Maynor
  • eBook ISBN: 9780080549255

Purchase options

Purchase options
DRM-free (Mobi, EPub, PDF)
eBook Format Help
Sales tax will be calculated at check-out

Institutional Subscription

Support CenterReturns & Refunds
Free Global Shipping
No minimum order

Description

Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF’s capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.

Key Features

  • A November 2004 survey conducted by "CSO Magazine" stated that 42% of chief security officers considered penetration testing to be a security priority for their organizations
  • The Metasploit Framework is the most popular open source exploit platform, and there are no competing books

Readership

Professional penetration testers and security researchers

Table of Contents

  • Technical Editor

    Contributing Authors

    Companion Web Site

    Chapter 1: Introduction to Metasploit

    Introduction

    Overview: Why Is Metasploit Here?

    History of Metasploit

    Metasploit Core Development

    Technology Overview

    Leveraging Metasploit on Penetration Tests

    Understanding Metasploit Channels

    Summary

    Solutions Fast Track

    Chapter 2: Architecture, Environment, and Installation

    Introduction

    Understanding the Soft Architecture

    Configuring and Locking Down Your System

    Installation

    Summary

    Solutions Fast Track

    Chapter 3: Metasploit Framework and Advanced Environment Configurations

    Introduction

    Configuration High-Level Overview

    Global Datastore

    Module Datastore

    Saved Environment

    Summary

    Solutions Fast Track

    Chapter 4: Advanced Payloads and Add-on Modules

    Introduction

    Meterpreter

    VNC Inject

    PassiveX

    Auxiliary Modules

    Automating the Pen-Test

    Summary

    Solutions Fast Track

    Chapter 5: Adding New Payloads

    Introduction: Why Should You Care about Metasploit?

    Types of Payloads

    Adding New Exploit Payloads

    Adding New Auxiliary Payloads

    Bonus: Finding Oday While Creating Different Types of Payloads

    Summary

    Case Studies

    Introduction to Case Studies

    Case Study 1: RaXnet Cacti Remote Command Execution

    Overview of the RaXnet Cacti graph_image.php Vulnerability

    Metasploit Module Source

    In-Depth Analysis

    Case Study 2: Mercur Messaging 2005 SP3 IMAP Remote Buffer Overflow (CVE–2006-1255)

    Overview

    Vulnerability Details

    Exploitation Details

    PSEUDO-RET-LIB-C

    Complete Exploit Code

    In-Depth Analysis

    Case Study 3: SlimFTPd String Concatenation Overflow

    Overview of the SlimFTPd Vulnerability

    SlimFTPd Vulnerability Details

    Complete Exploit Code for SlimFTPd String Concatenation Overflow

    Case Study 4: WS-FTP Server 5.03 MKD Overflow

    Overview of the WS-FTP Server 5.03 Vulnerability

    Vulnerability Details

    Exploitation Details

    Checking Banners

    Complete Exploit Code

    Analysis

    Case Study 5: MailEnable HTTP Authorization Header Buffer Overflow

    Overview of the MailEnable HTTP Authorization Buffer Overflow Vulnerability

    Exploit Details

    Metasploit Module Source

    In-Depth Analysis

    Appendix A: Advantages of Network Vulnerability Testing with Metasploit 3.0

    Appendix B: Building a Test Lab for Penetration Testing

    Appendix C: Glossary of Technology and Terminology

    Index

Product details

  • No. of pages: 350
  • Language: English
  • Copyright: © Syngress 2007
  • Published: September 18, 2007
  • Imprint: Syngress
  • eBook ISBN: 9780080549255

About the Author

David Maynor

David Maynor is a Senior Researcher, SecureWorks. He was formerly a research engineer with the ISS Xforce R&D team where his primary responsibilities include reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread.

Affiliations and Expertise

Senior Researcher, SecureWorks, U.S.A.

Ratings and Reviews

Write a review

There are currently no reviews for "Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research"