PENETRATION TESTING WITH METASPLOIT IN EXPLOITING SOFTWARE 09/12

DEFENSE PATTERN
How to Use Metasploit for Security Defense
By Justin C. Klein Keane
If you’ve ever taken any training about penetration testing, or read almost any book or online article about the trade, you’ve heard of Metasploit. Years ago, before penetration testing was a recognized professional field, exploiting a vulnerability was often an extremely onerous task. Identifying a vulnerability might be as easy as fingerprinting a system then searching public mailing lists, but finding exploit code was often difficult.

How to Work with Metasploit Auxiliary Modules
By Abhinav Singh
The Metasploit framework is based on a modular architecture. This means that all the exploits, payloads, encoders, etc are present in the form of modules. The biggest advantage of a modular architecture is that it is easier to extend the functionality of the framework based on requirement. Any programmer can develop his own module and port it easily into the framework.

How to Explore the IPv6 Attack Surface with Metasploit
By Mike Sheward
IPv6 is often described as a parallel universe, co-existing alongside existing IPv4 infrastructure in a bid to ease the transition process. Often left unmanaged and unmonitored in networks, those IPv6 packets could provide a great opportunity for the savvy attacker. Thanks to the Metasploit framework, exploring the IPv6 attack surface has become a lot easier.

HAKIN9 EXTRA
How to Use The Mac OS X Hackers Toolbox
By Phillip Wylie, CISSP, IAM
When you think of an operating system to run pen testing tools on, you probably think of Linux and more specifically BackTrack Linux. BackTrack Linux is a great option and one of the most common platforms for running pen testing tools. If you are a Mac user, then you would most likely run a virtual machine of BackTrack Linux. While this a great option, sometimes it is nice to have your tools running on the native operating system of you computer.

NETWORK SCANNING
How to Scan with Nessus from within Metasploit
By Michael Boman
When you perform a penetration test with Metasploit you sometimes import vulnerability scanning results for example Nessus Vulnerability Scanner. Usually you start the scan externally from Metasploit framework and then import the results into Metasploit. What you can do is to manage the Nessus scan from within Metasploit and easily import the results into your process. But let’s start from the beginning.

How to Use Multiplayer Metasploit with Armitage
By Michael Boman
Metasploit is a very cool tool to use in your penetration testing: add Armitage for a really good time. Penetration test engagements are more and more often a collaborative effort with teams of talented security practitioners rather than a solo effort.
Armitage is a scriptable red team (that is what the offensive security teams are called) collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.

EXPLORING DATABASE
How to Use Sqlploit
By George Karpouzas
Databases nowadays are everywhere, from the smallest desktop applications to the largest web sites such as Facebook. Critical business information are stored in database servers that are often poorly secured. Someone with access to this information could have control over a company’s or an organization’s infrastructure.