METASPLOIT TUTORIALS – HACKING EXPLOITING SOFTWARE COMPENDIUM

Download
File
HES_TBO_01_2013.pdf

Dear Readers,
You are going to read Metasploit Tutorials – Hakin9 Compendium. This compendium consists of the articles
we collected through a couple of years plus the ones that are still fresh, waiting to be published for the first time. We hope that Metasploit, so often quoted and asked for in your messages to [email protected], becomes even more comprehensible for you after reading this issue.
We grouped the articles published in the issue into thematic sections. These are: A GUIDE TO METASPLOIT
in which you can read about the basics of Metasploit, EXPLOITING WITH METASPLOIT where everybody can find useful tips about the usage of Metasploit, and TOOLS that consists of the articles on various tools and
techniques boosting Metasploit.
We hope that these tutorials come in handy.


GUIDE TO METASPLOIT

Metasploit Primer
By George Karpouzas, co-founder of WEBNETSOFT, a software development and IT Services company, specialized in application security
Metasploit is an entire framework that provides the necessary tools to identify flaws and run various exploits against a remote target machine a penetration test. It simplifies network discovery and vulnerability verification, increasing the probability of success for your project. Today we will learn the basics of it.

Metasploit: An Introduction
By Manasdeep, Security Analyst in the Security Assessment team at Network Intelligence Consulting (www.niiconsulting.com) 
Metasploit greatest advantage is that it is open source and freely extendable. You can customize it by including your exploit and payloads as per your need. A security pentester can check the custom made applications specific to an enterprise against his customized exploits and payloads. If a security researcher crafts a new attack, then a custom made payload can carry out most of the attack purpose.

Cyber Attack Management with Metasploit
By John Trinckes Junior, CISSP, CISM, CRISC, CEH, NSA-IAM/IEM, CTGA, MCSE-NT, A+
Armitage is a GUI interface for the Metasploit framework. The Metasploit Framework is a free, open source penetration testing solution. In the article John describes how to use Metasploit.

Cyber Attack Management with Armitage
By Abhinav Singh, the author of “Metasploit penetration testing cookbook,” a contributor of SecurityXploded community
Metasploit has now become the industry standard product for penetration testing. Armitage leverages the functionality of Metasploit and provides a complete graphical interface to it. The article describes how to set up a penetration testing scenario using Armitage.

How to Use Metasploit for Security Defense
By Justin C. Klein Keane, an Information Security Specialist working at the University of Pensylvania
If you’ve ever taken any training about penetration testing, or read almost any book or online article about the trade, you’ve heard of Metasploit. Years ago, before penetration testing was a recognized professional field, exploiting a vulnerability was often an extremely onerous task. Identifying a vulnerability might be as easy as fingerprinting a system then searching public mailing lists, but finding exploit code was often difficult.

My Experiences with the Metasploit Framework: From N00b to Contributor
By Joshua Smith
Ever wanted a tour of the Metasploit Framework (MSF)? If you have basic command line skills, and a working knowledge of networking and how host are compromised, you can take a guide tour from someone who started as a tourist and ended up as a tour guide. You will see how you can use MSF for all sorts of tasks and learn to write your own magic for yourself or to share.

EXPLOITING WITH METASPLOIT

How to Penetrate with Metasploit? A Step-by-step Basic Pentesting Guide
By Abdy Martínez, Telecommunications Administrator at AES Panama, specialized in Network / Information Security and Forensics
Cybercriminals are knocking at our doors, so we need to be prepared to protect our systems from them. The big question is how I am going to do this, if I don’t know my system vulnerabilities. Pentesting is the answer. Now, how do I perform a cheap/free but powerful pentest in my system? Here is where Metasploit Community appears.

How To Exploit Windows 8 With Metasploit
By Ahmed Sherif, Information security researcher | PHP Developer | Google Ambassador | Egyptian Malware analyst
In this article we’re going to learn how to exploit (Windows 8 Preview Build 8400) with client-side attack technique , we’ll get meterpreter session on windows 8 machine . For guys who don’t know what is metasploit project .

How to Use Metasploit with Backtrack
By Vahid Shokouhi, an Information Security Consultant experienced in Service Provider environments
In this short tutorial of BackTrack, we will get to know an exploiting framework called Metasploit; which was created by great HD Moore. Metasploit itself has a standalone version, “Metasploit Framework” which is used by pros. BackTrack includes Metasploit too, but it doesn’t get updated with new modules, e.g. “Exploit Module”. At first we go through basic, yet main, definitions and parts inside of Metasploit. Our amigo has lots of features that could not be covered completely here; So we focus on the two big brothers: Payload & Meterpreter. Then we will practice one trick or two.

The Inside-Outsider – Leveraging Web Application Vulnerabilities + Metasploit to become the Ultimate Insider
By Abhay Bhargav, CTO of we45 Solutions India Pvt. Ltd, a focused Information Security Company
An effective penetration test is one that has a specific objective. Typically, the objective is to identify and exploit as many vulnerabilities as can be found, within the scope of the rules of engagement. However, my interpretation of ‘objective’ is a little different. For me, being objective is really about whether I, as a penetration tester, can gain access to information assets that the organization considers critical. This means that whilst I might uncover several vulnerabilities during the course of a penetration test, but if am unable to gain access to critical information assets of the organization, the fundamental objective is still not met.

Metasploit Fu Post Exploitation
By Harsimran Walia, a research scientist at McAfee Labs, specialises in the field of Offensive Metasploit, Reverse Engineering and Malware Analysis
People always emphasize on breaking into the system or the exploitation part. We are into a system, what should be the done further? Post exploitation is rarely talked about which is as important as getting in. This article will mostly focus on some necessities and possibilities post exploitation of a system.

How to Use Metasploit for Penetration Testing
By Ankhorus Cyber Security, cyber security solution, managed web security, managed application and network security, pen-testing and auditing services
When we say “Penetration Testing tool” the first thing that comes to our mind is the world’s largest Ruby project, initially started by HD Moore in 2003 called ‘Metasploit ‘ a sub-project of Metasploit Project. Other important sub-projects include the Opcode Database, shell code archive, and security research. It was created in 2003 in the Perl programming language, but due to some Perl disadvantages was completely re-written in the Ruby Programming Language in 2005. On October 21, 2009, Rapid7, a vulnerability management solution company, acquired the Metasploit Project. A collaboration between the open source community and Rapid7, Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments, providing true security risk intelligence. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering.

How to Scan with Nessus from within Metasploit
By Michael Boman, a penetration tester, delivering courses in security testing and secure development
When you perform a penetation test with Metasploit you sometimes import vulnerability scanning results from example Nessus Vulnerability Scanner. Usually you start the scan externally from metasploit framework and then import the results into metasploit. What you can do is to manage the Nessus scan from within Metasploit and easily import the results into your process. But let’s start from the beginning.

How to Use Multiplayer Metasploit with Armitage
By Michael Boman, a penetration tester, delivering courses in security testing and secure development
Metasploit is a very cool tool to use in your penetration testing: add Armitage for a really good time. Penetration test engagements are more and more often a collaborative effort with teams of talented security practitioners rather than a solo effort. Armitage is a scriptable red team (that is what the offensive security teams are called) collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.

TOOLS

Advance Meterpreter with API, Mixins and Railgun
By Abhinav Singh, the author of “Metasploit penetration testing cookbook,” a contributor of SecurityXploded community
Meterpreter is considered the heart of metasploit – it provides a wide range of features that can be performed during post exploitation. The main role of meterpreter is to make our penetration task easier and faster. In this tutorial we will talk about some of the advanced concepts related to meterpreter. We will dive deeper into the core of metasploit to understand how meterpreter scripts function and how we can build our own scripts.

Vmware vSphere Security and Metasploit Exploitation Framework
By Duane Anderson
Vmware vSphere is another layer in your overall environment to attack. In this article you will learn some of the threats, how to mitigate them and how to attack that virtual layer.

Metasploit – How to Play with Smb and Authentication
By Guglielmo Scaiola, I.T. Pro since 1987, MCT, MCSA, MCSE, Security +, Lead Auditor ISO 27001, ITIL, eCPPT, CEI, CHFI, CEH and ECSA
In my experience a lot of infrastructures have two big problems, they are using local admin credential with the same password in some or all systems of the network and maintain some servers (or clients) unpatched, with these two common mistakes we can completely Pown the infrastructure. Two pillars of best practices are just patching and a different password for local admin for each host and it is possible to retrieve a lot of best practices from the Internet and in many books about security architecture, but a lot of system admin don’t use them, why? In most case because the system admins are uneducated in security, or because they are lazy, or because they are too busy.

How to Bend Metasploit to Your Will
By Patrick Fitzgerald, Information Security Consultant for Ward Solutions
Most articles on Metasploit cover what it is, what it does and how to use it. Essentially you can find out how to scan for vulnerable systems followed by how to select, configure and deploy an exploit against a vulnerable system. These are indispensable skills to anyone who wishes to use the framework in any capacity. The purpose of this article is to give those interested an insight into how to extend Metasploit to suit their own specific needs. This extensibility is where Metasploit is leagues ahead of the competing frameworks currently available.

How to Work with Metasploit Auxiliary Modules
By Abhinav Singh, the author of “Metasploit penetration testing cookbook,” a contributor of SecurityXploded community
The Metasploit framework is based on a modular architecture. This means that all the exploits, payloads, encoders etc are present in the form of modules. The biggest advantage of a modular architecture is that it is easier to extend the functionality of the framework based on requirement. Any programmer can develop his own module and port it easily into the framework.

How to use Sqlploit
By George Karpouzas, co-founder of WEBNETSOFT, a software development and IT Services company, specialized in application security
Databases nowdays are everywhere, from the smallest desktop applications to the largest web sites such as Facebook. Critical business information are stored in database servers that are often poorly secured. Someone with access to this information could have control over a company’s or an organization’s infrastructure.

How to Explore the IPv6 Attack Surface with Metasploit
By Mike Sheward, a security specialist for a software-as-a-service provider based in Seattle
IPv6 is often described as a parallel universe, co-existing alongside existing IPv4 infrastructure in a bid to ease the transition process. Often left unmanaged and unmonitored in networks, those IPv6 packets could provide a great opportunity for the savvy attacker. Thanks to the Metasploit framework, exploring the IPv6 attack surface has become a lot easier.

HAKIN9 EXTRA

How to Use The Mac OS X Hackers Toolbox
By Phillip Wylie, CISSP, IAM
When you think of an operating system to run pen testing tools on, you probably think of Linux and more specifically BackTrack Linux. BackTrack Linux is a great option and one of the most common platforms for running pen testing tools. If you are a Mac user, then you would most likely run a virtual machine of BackTrack Linux. While this a great option, sometimes it is nice to have your tools running on the native operating system of you computer.


Download
File
HES_TBO_01_2013.pdf

April 19, 2022
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.