Metasploit-The-Penetration-Tester-S
Total Page:16
File Type:pdf, Size:1020Kb
“The best guide to the Metasploit Metasploit Framework.” — HD Moore, Metasploit Founder of the Metasploit Project The Penetration Tester’s Guide The Metasploit Framework makes discovering, Bypass antivirus technologies and circumvent exploiting, and sharing vulnerabilities quick and security controls relatively painless. But while Metasploit is used by Integrate Nmap, NeXpose, and Nessus with security professionals everywhere, the tool can be Guide Tester’s Penetration The Metasploit to automate discovery hard to grasp for first-time users. Metasploit: The Penetration Tester’s Guide fills this gap by teaching you Use the Meterpreter shell to launch further how to harness the Framework and interact with the attacks from inside the network vibrant community of Metasploit contributors. Harness stand-alone Metasploit utilities, third- Once you’ve built your foundation for penetration party tools, and plug-ins testing, you’ll learn the Framework’s conventions, Learn how to write your own Meterpreter post- interfaces, and module system as you launch simulated exploitation modules and scripts attacks. You’ll move on to advanced penetration testing techniques, including network reconnaissance and You’ll even touch on exploit discovery for zero-day enumeration, client-side attacks, wireless attacks, and research, write a fuzzer, port existing exploits into the targeted social-engineering attacks. Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put Learn how to: someone else’s to the test, Metasploit: The Penetration Find and exploit unmaintained, misconfigured, and Tester’s Guide will take you there and beyond. unpatched systems Perform reconnaissance and find valuable information about your target Kennedy O’Gorman THE FINEST IN GEEK ENTERTAINMENT™ “I LAY FLAT.” This book uses RepKover — a durable binding that won’t snap shut. www.nostarch.com Kearns $49.95 ($57.95 CDN) Shelve In: COmpUTERS/IntERNET/SECURitY Aharoni David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni Foreword by HD Moore METASPLOIT METASPLOIT The Penetration Tester’s Guide by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni San Francisco METASPLOIT. Copyright © 2011 by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. 15 14 13 12 11 1 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-288-X ISBN-13: 978-1-59327-288-3 Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Hugh D’Andrade Interior Design: Octopod Studios Developmental Editors: William Pollock and Tyler Ortman Technical Reviewer: Scott White Copyeditor: Lisa Theobald Compositors: Susan Glinert Stevens Proofreader: Ward Webber Indexer: BIM Indexing & Proofreading Services For information on book distributors or translations, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 38 Ringold Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; [email protected]; www.nostarch.com Library of Congress Cataloging-in-Publication Data A catalog record of this book is available from the Library of Congress. No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. BRIEF CONTENTS Foreword by HD Moore................................................................................................ xiii Preface .......................................................................................................................xvii Acknowledgments .........................................................................................................xix Introduction .................................................................................................................xxi Chapter 1: The Absolute Basics of Penetration Testing .........................................................1 Chapter 2: Metasploit Basics ............................................................................................7 Chapter 3: Intelligence Gathering ...................................................................................15 Chapter 4: Vulnerability Scanning...................................................................................35 Chapter 5: The Joy of Exploitation...................................................................................57 Chapter 6: Meterpreter ..................................................................................................75 Chapter 7: Avoiding Detection .......................................................................................99 Chapter 8: Exploitation Using Client-Side Attacks............................................................109 Chapter 9: Metasploit Auxiliary Modules .......................................................................123 Chapter 10: The Social-Engineer Toolkit.........................................................................135 Chapter 11: Fast-Track.................................................................................................163 Chapter 12: Karmetasploit ...........................................................................................177 Chapter 13: Building Your Own Module........................................................................185 Chapter 14: Creating Your Own Exploits.......................................................................197 Chapter 15: Porting Exploits to the Metasploit Framework................................................215 Chapter 16: Meterpreter Scripting.................................................................................235 Chapter 17: Simulated Penetration Test..........................................................................251 Appendix A: Configuring Your Target Machines .............................................................267 Appendix B: Cheat Sheet .............................................................................................275 Index .........................................................................................................................285 vi Brief Contents CONTENTS IN DETAIL FOREWORD by HD Moore xiii PREFACE xvii ACKNOWLEDGMENTS xix Special Thanks ........................................................................................................ xx INTRODUCTION xxi Why Do A Penetration Test? ................................................................................... xxii Why Metasploit? .................................................................................................. xxii A Brief History of Metasploit ................................................................................... xxii About this Book .....................................................................................................xxiii What’s in the Book? ..............................................................................................xxiii A Note on Ethics ..................................................................................................xxiv 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 The Phases of the PTES .............................................................................................. 2 Pre-engagement Interactions ......................................................................... 2 Intelligence Gathering .................................................................................. 2 Threat Modeling ......................................................................................... 2 Vulnerability Analysis .................................................................................. 3 Exploitation ................................................................................................ 3 Post Exploitation .......................................................................................... 3 Reporting ................................................................................................... 4 Types of Penetration Tests .......................................................................................... 4 Overt Penetration Testing ............................................................................. 5 Covert Penetration Testing ............................................................................ 5 Vulnerability Scanners .............................................................................................. 5 Pulling It All Together ................................................................................................ 6 2 METASPLOIT BASICS 7 Terminology ...........................................................................................................