»
Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research
 
 

Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research, 1st Edition

 
Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research, 1st Edition,David Maynor,ISBN9781597490740
 
 
Up to
30%
off
 

  

Syngress

9781597490740

9780080549255

350

235 X 191

Metasploit is the #5 most commonly used network security tool according to a poll conducted by www.insecure.org, yet there are no books.

Print Book + eBook

USD 75.54
USD 125.90

Buy both together and save 40%

Print Book

Paperback

In Stock

Estimated Delivery Time
USD 44.07
USD 62.95

eBook
eBook Overview

VST (VitalSource Bookshelf) format

DRM-free included formats : EPUB, Mobi (for Kindle), PDF

USD 44.07
USD 62.95
Add to Cart
 
 

Key Features

· A November 2004 survey conducted by "CSO Magazine" stated that 42% of chief security officers considered penetration testing to be a security priority for their organizations

· The Metasploit Framework is the most popular open source exploit platform, and there are no competing books

· The book's companion Web site offers all of the working code and exploits contained within the book

Description

This is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book and companion Web site will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.

This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF’s capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.
By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.

Readership

Professional penetration testers and security researchers

David Maynor

David Maynor is a Senior Researcher, SecureWorks. He was formerly a research engineer with the ISS Xforce R&D team where his primary responsibilities include reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread.

Affiliations and Expertise

Senior Researcher, SecureWorks, U.S.A.

Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research, 1st Edition

Technical Editor

Contributing Authors

Companion Web Site

Chapter 1: Introduction to Metasploit

Introduction

Overview: Why Is Metasploit Here?

History of Metasploit

Metasploit Core Development

Technology Overview

Leveraging Metasploit on Penetration Tests

Understanding Metasploit Channels

Summary

Solutions Fast Track

Chapter 2: Architecture, Environment, and Installation

Introduction

Understanding the Soft Architecture

Configuring and Locking Down Your System

Installation

Summary

Solutions Fast Track

Chapter 3: Metasploit Framework and Advanced Environment Configurations

Introduction

Configuration High-Level Overview

Global Datastore

Module Datastore

Saved Environment

Summary

Solutions Fast Track

Chapter 4: Advanced Payloads and Add-on Modules

Introduction

Meterpreter

VNC Inject

PassiveX

Auxiliary Modules

Automating the Pen-Test

Summary

Solutions Fast Track

Chapter 5: Adding New Payloads

Introduction: Why Should You Care about Metasploit?

Types of Payloads

Adding New Exploit Payloads

Adding New Auxiliary Payloads

Bonus: Finding Oday While Creating Different Types of Payloads

Summary

Case Studies

Introduction to Case Studies

Case Study 1: RaXnet Cacti Remote Command Execution

Overview of the RaXnet Cacti graph_image.php Vulnerability

Metasploit Module Source

In-Depth Analysis

Case Study 2: Mercur Messaging 2005 SP3 IMAP Remote Buffer Overflow (CVE–2006-1255)

Overview

Vulnerability Details

Exploitation Details

PSEUDO-RET-LIB-C

Complete Exploit Code

In-Depth Analysis

Case Study 3: SlimFTPd String Concatenation Overflow

Overview of the SlimFTPd Vulnerability

SlimFTPd Vulnerability Details

Complete Exploit Code for SlimFTPd String Concatenation Overflow

Case Study 4: WS-FTP Server 5.03 MKD Overflow

Overview of the WS-FTP Server 5.03 Vulnerability

Vulnerability Details

Exploitation Details

Checking Banners

Complete Exploit Code

Analysis

Case Study 5: MailEnable HTTP Authorization Header Buffer Overflow

Overview of the MailEnable HTTP Authorization Buffer Overflow Vulnerability

Exploit Details

Metasploit Module Source

In-Depth Analysis

Appendix A: Advantages of Network Vulnerability Testing with Metasploit 3.0

Appendix B: Building a Test Lab for Penetration Testing

Appendix C: Glossary of Technology and Terminology

Index

 
 
Free Shipping
Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy
FAQ

Contact Us