metasploit the pentration tester's guide

metasploit- the pentration tester's guideMETASPLOITMETASPLOITThe pene量 ationTenter's guideby David Kennedy.Jim o'gorman devon kearnsand mati aharonino starchpressSan franciscoMETASPLOIT. Copyright o 2011 by David Kennedy, Jim O Gorman, Devon Kearns, and Mati AharoniAll rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic ormechanical, including photocopying, recording, or by any information storage or retrieval system, without the priorwritten permission of the copyright owner and the publisher1514131211123456789ISBN-10:1-59327-288XISBN-13:978-1-59327-2883Publisher: William PollockProduction editor: Alison lawCover Illustration: Hugh D'AndradeInterior Design: Octopod studiosDevelopmental Editors: William Pollock and Tyler OrtmanTechnical Reviewer: Scott whiteCopveditor: Lisa TheobaldCompositors: Susan Glinert stevensProofreader: Ward WebberIndexer: BIM Indexing proofreading servicesFor information on book distributors or translations, please contact No starch Press, Inc. directlyNo Starch press. Inc.98 Ringold Street, San Francisco, CA 94108hone:415.863.9900:fax415.863.9950:info@nostarch.comwww.nostarch.comLibrary of Congress Cataloging-in-Publication DataA catalog record of this book is available from the Library of CongressNo Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product andcompany naines inentioned herein inlay be the trademarks of their respective owners. Rather thall use a tradeMarksymbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to thebenefit of the trademark owner, with no intention of infringement of the trademarkThe information in this book is distributed on an"As Is basis, without warranty. While every precaution has beentaken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to anyperson or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by thetained in itBRIEF CONTENTSForeword by hd mooreXVIIAcknowledgmentsIntroductioChapter 1: The Absolute Basics of Penetration TestingChapter2: Metasploit Basics………….…7Chapter 3: Intelligence Gathering15Chapter 4: Vulnerability scanning.35Chapter 5: The Joy of Exploitation57Chapter 6: Meterpreter75Chapter 7: Avoiding detectionChapter 8: Exploitation Using Client-Side Attacks.109Chapter 9: Metasploit AUxiliary Modules123apter1o: The Social-Engineer Toolkit…………135Chapter 1 1: Fast-Track.163Chapter 12: Karmetasploit177Chapter 13: Building your Own Module185Chapter 14: Creating Your Own Exploits.197Chapter 15: Porting Exploits to the Metasploit Framework215Chapter 16: Meterpreter Scripting235Chapter 17: Simulated Penetration Tesh25dix A: Configuring Your Targ267Appendix B: Cheat Sheet275ex285CONTENTS IN DETAILFOREWORD by HD MoorePREFACEACKNOWLEDGMENTSXXXSpecial Thanks…………………………………XXINTRODUCTIONWhy do a Penetration TestaWhy Metasploit?…A Brief History of Metasploit…………About this bookWhat'sn the BooK;∴XXIA Note on Ethics... XXIVTHE ABSOLUTE BASICS OF PENETRATION TESTINGThe phases of the ptes·····:·:·:···Pre-engagement InteractionsIntelligence Gathering·······:··deliNgVulnerability analysis3ExploitationPost Eⅹ ploitation………¨ReportiTypes of Penetration TestsOvert Penetration TestingCovert Penetration TestingVulnerability ScannersPulling It All TogetherMETASPLOIT BASICSTerminology ..E8Payload88Metasploit InterfacesMSEconsole:··.··········MSCiArmitageletasploit utilitieMSFpayloadMSFencode13Metasploit Express and Metasploit Pro……14rapping up4INTELLIGENCE GATHERING15Passive Infe16whoIs LOokupsNetcraft8Active Information Gathering18Port Scanning with Nmap…18Working with databases in Metasploit20Port Scanning with MetasploitTargeted Scige26Server Message BloCk ScanningHunting for Poorly Configured Microsoft SQL Serversannine28FTP SISimple Network Management Protocol SweepingWriting a custom ScannooKing Ahead4VULNERABILITY SCANNING35The Basic Vulnerability scan36Scanning with ExPose37porting Your Report into the Metasploit Framework………42Running NeXpose Within MSFconsolecanning wessusNessus Configurated44Creating a Nessus Scan policy45Runni47essus Reports··.47Importing results into the metasploit framework48Scanning with Nessus fromWithin Metasploit49Specialty Vulnerability Scanners519giNs5g for Open VNC Authen52Scanning for○penX11 Servers……Using Scan Results for Autopwning··········.···:·····65THE JOY。 F EXPLOITATION57Basic Exploitatio58msh> show exploi58mst> show aUxiliary58