Metasploit The Penetration Testers Guide Download PDF

Introduction

Imagine that sometime in the not-so-distant future an attacker decides to attack a multinational company’s digital assets, targeting hundreds of millions of dollars worth of intellectual property buried behind millions of dollars in infrastructure. Naturally, the attacker begins by firing up the latest version of Metasploit.

After exploring the target’s perimeter, he finds a soft spot and begins a methodical series of attacks, but even after he’s compromised nearly every aspect of the network, the fun has only just begun. He maneuvers through systems, identifying core, critical business components that keep the company running. With a single keystroke, he could help himself to millions of company dollars and compromise all their sensitive data.
Congratulations on a job well done—you’ve shown true business impact, and now it’s time to write the report. Oddly enough, today’s penetration testers often find themselves in the role of a fictitious adversary like the one described above, performing legal attacks at the request of companies that need high levels of security. Welcome to the world of penetration testing and the future of security.

About This Book

This book is designed to teach you everything from the fundamentals of the Framework to advanced techniques in exploitation. Our goal is to provide a useful tutorial for the beginner and a reference for practitioners. However, we won’t always hold your hand. Programming knowledge is a definite advantage in the penetration testing field, and many of the examples in this book will use either the Ruby or Python programming language. Still, while we suggest that you learn a language like Ruby or Python to aid in advanced exploitation and customization of attacks, programming knowledge is not required.

As you grow more comfortable with Metasploit, you will notice that the Framework is frequently updated with new features, exploits, and attacks. This book was developed with the knowledge that Metasploit is continually changing and that no printed book is likely to be able to keep pace with this rapid development. Therefore, we focus on the fundamentals, because once you understand how Metasploit works you will be able to ramp up quickly with updates to the Framework.

What’s in the Book?

How can this book help you to get started or take your skills to the next level? Each chapter is designed to build on the previous one and to help you build your skills as a penetration tester from the ground up.

• Chapter 1, “The Absolute Basics of Penetration Testing,” establishes the methodologies around penetration testing.

• Chapter 2, “Metasploit Basics,” is your introduction to the various tools within the Metasploit Framework.

• Chapter 3, “Intelligence Gathering,” shows you ways to leverage Metasploit in the reconnaissance phase of a penetration test.

• Chapter 4, “Vulnerability Scanning,” walks you through identifying vulnerabilities and leveraging vulnerability scanning technology.

• Chapter 5, “The Joy of Exploitation,” throws you into exploitation.

• Chapter 6, “Meterpreter,” walks you through the Swiss Army knife of post exploitation: Meterpreter.

• Chapter 7, “Avoiding Detection,” focuses on the underlying concepts of antivirus evasion techniques.

• Chapter 8, “Exploitation Using Client-Side Attacks,” covers client-side exploitation and browser bugs.

• Chapter 9, “Metasploit Auxiliary Modules,” walks you through auxiliary modules.

• Chapter 10, “The Social-Engineer Toolkit,” is your guide to leveraging the Social-Engineer Toolkit in social-engineering attacks.

• Chapter 11, “Fast-Track,” offers a complete run down on Fast-Track, an automated penetration testing framework.

• Chapter 12, “Karmetasploit,” shows you how to leverage Karmetasploit for wireless attacks.

• Chapter 13, “Building Your Own Modules,” teaches you how to build your own exploitation module.

• Chapter 14, “Creating Your Own Exploits,” covers fuzzing and creating exploit modules out of buffer overflows.

• Chapter 15, “Porting Exploits to the Metasploit Framework,” is an indepth look at how to port existing exploits into a Metasploit-based module.

• Chapter 16, “Meterpreter Scripting,” shows you how to create your own Meterpreter scripts.

• Chapter 17, “Simulated Penetration Test,” pulls everything together as it walks you through a simulated penetration test.

Download Book

Having trouble to download book
First click on "Download Book" and then you will see download page, Now Click on "free download" button and wait for few seconds then you will redirect to book information page wait for seconds you will see information of book and then scroll down and click on "download" button, then you will see new page again click on "download" button and book downloading will start automatically.