Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research

By David Maynor

Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research is the first book available for the Metasploit Framework (MSF), which is the attack platform of choice for one of the fastest growing careers in IT security: Penetration Testing. The book will provide professional penetration testers and security researchers with a fully integrated suite of tools for discovering, running, and testing exploit code.

This book discusses how to use the Metasploit Framework (MSF) as an exploitation platform. The book begins with a detailed discussion of the three MSF interfaces: msfweb, msfconsole, and msfcli .This chapter demonstrates all of the features offered by the MSF as an exploitation platform. With a solid understanding of MSF’s capabilities, the book then details techniques for dramatically reducing the amount of time required for developing functional exploits.
By working through a real-world vulnerabilities against popular closed source applications, the reader will learn how to use the tools and MSF to quickly build reliable attacks as standalone exploits. The section will also explain how to integrate an exploit directly into the Metasploit Framework by providing a line-by-line analysis of an integrated exploit module. Details as to how the Metasploit engine drives the behind-the-scenes exploitation process will be covered, and along the way the reader will come to understand the advantages of exploitation frameworks. The final section of the book examines the Meterpreter payload system and teaches readers to develop completely new extensions that will integrate fluidly with the Metasploit Framework.

• A November 2004 survey conducted by "CSO Magazine" stated that 42% of chief security officers considered penetration testing to be a security priority for their organizations
• The Metasploit Framework is the most popular open source exploit platform, and there are no competing books

• Language: English
• Publisher: Syngress
• Release date: Apr 18, 2011
• ISBN: 9780080549255

David Maynor

David Maynor is a Senior Researcher, SecureWorks. He was formerly a research engineer with the ISS Xforce R&D team where his primary responsibilities include reverse engineering high risk applications, researching new evasion techniques for security tools, and researching new threats before they become widespread.

Book preview

�z>�_book_preview_excerpt.html�|ْ�F�寸���2mH*-�)��f&K�U��,�˘p�P��%��ؘ�����K?μ��|Dϟԗ�9�$#��1�z(e���]�]�n^|�mU�y����Ժ*�<��"��;����ݵo?�E�������^M�����J-������@M�rsq=[���Ӌ����b��W���W�����b��Q�N�����]� _p��X]�}���������������������Ĕ�I��_��l~љ�ͫ��ܤΌ�7n�ζz����$�j��Չ]/���|6�����'WI�����ؗ�zS���l�����p)m�$ҩ��I-�/��e�l�$[�qSo�:�e[�,�3��,�<������N��V3���MT��:W�����ؿt}O
��k�a�W����;S�?��.���=����:&yiԹ�7i^l!�S���|�W���;.�l��dXgYl��d�.�lia�����ؔU����Y00�Lzx���nu�?�5O��Rot�*ut��@^�V�2�@bQݔ���'�Bn{�@�z�T��#�o��5�Wu�]�j�J�M���ދ<����]�~̛R��Um�G4p�Y�5�k�&���=�O����Xޞ'��4T��H<�ꉮ�Q�&NW#ėGn ��L��/pθ��[���ضT��G5�"n���[c]�b�_$x��M�~h�aa �Շ��g�s����tg����F�3������*#��KSU6�x��K5�y�f���dz��W�J�z2�a��������_~���=Xbow��Or���Y7w���������v�^�Ά�H#��:�㿃I���4پY���Eb|q���,��+��=,���4Nott�"��gx��!VPsl��h�쥺����n��ӏm��������H�$�5��u}�_�Ļ����wl�"�����9�������k=�K���,�9�qQ��j��x &>�����$2@R0�kvhx9z���g���$���e
u���އ��<����s�о�����&��C��c�['+�&O��4��ϙr��"X-�|R=�PYg{U@5A96�JʭJ��<%�B&�'ve� ���?pg��'Q��@3�.)����K}������Zu���HJ�\k�@��8WY^�u�K��.��%��w��jR��K\\B�2P�*��+�|�� >+�,˻+�d���[�HVUX"g�Z�����Y�2�~�)����e�#��W�~�ь�j6~�-�]�_�������Ǒ��- ��U�X�T)ޑ*T5P�Mm�=�@���~����2����%i�,k��'��e��X3lc�$����)6Nm# �U�w�ZU���YZ�T�E��a����� ~pK+]&�%�����_g&� �T�o��U奍�>������J��!Fxw r�?k��#r��aߢ����t���E
��� ���*Pu���J�d >؃�7�L0[�.���B�n��e˼(���=���M��y����� i\̬S¿b$<�W@�U�l����T8�8������Î��~��HJ�ؔy�ި�Ue�m�^L�u��{�1 �)s�K��J2f� �-a>pw�
ʽ��;��}-�sn�T�E������_�=��"Y�0�����/�J4cB�锿w���d�A�\�u�(Om���$���+���<\�| � T�C�ɪs?�ޚ��.ﰊ�F�����_���P��;N2�.A?����C��80|���Ez # �+�9��ְ�#ϵ�C�x���������C�*����(K�� Kb�T-It��ٖ��{�sktf��8�mb�K���ځ%�=\Z%e��� �ZR '��Xr�݋5�� �!䚸�_�w�*7�/�#���E�+���=p�Y!�!=�ށ򖖴}p�}�Pi:�k������\�P/��K���Z�N�R�B|��]��Ȉ^}����ᗯ�������_�7�+��[l̃"��g���\�1�:C ��o���e����ZW�W�>7U�θ�%��6����ڴAP����~��P�� �M�,.
�?��'z[�YG��{�������P�(��)�v��r�^E�5CB�\��
(A"1]����� �#
����s�BV�Rfeuf٤w�)#2���u`�@�'����C�s�)�ʒ�(x�$U���Q���qa����^��,���F��\�-��J��&�4[�5P���Ն%ϟ-��a��Ч��ԩ�ZlR���"��n�m�m��V�R���6R��(���� �@��`$�� y�D�6m pDtNB�
c�$kC�s��DZg�7H�B�=� H�_�NI�|������=�[s�az� ��y$�b �bc�X2�W�89B��c {�4�RQN\.��Ǟ|I4{NÃe{�
I�� 2TyY���~3G���f���A�BY
s)3��+ ����H�^�3P�o/Dv�V�@�ƛ�C�ۣ��a��ĸ��8�po��N������NM�O4����i�Pθ#���J+fdf)E죉צG�g�ܚ�{��K��a��2�����e�9"���Qv�Ge�NAP�N�\��,���l��4R~���,� ݙ�e�Dwf����}�j҆����'I�@��FLS�_�Wl�|�n���o�1�rFx��@M�KS�b��Xh��\#��%�n�,������;.Kp���2�c�:��puq=>�]L�txv}���X�o�Vd�MN�������� .dW�����2t�k��}g�j�韖��J �Ž[g�3� �M���x�.��n�[�'�ɏWoo��BZ}1=�Щ�|��-^QZ\H����2*�.�pxj���1�Ec)��M��6�eÓB~����&��b6�^�gWo�I ��B��<��mqI�D���L���2��4���"��"�ﭳ00b�\x�A��FR]��0�H8l{����T�y��}�I������4&���K�r�����7�AfD�6s����x��?"'�m� =3�)�d2���;��Ac�bZ��x��ak����D�%����͓C ��0�~}2���7O B4)� ���S]0V��>|Ғ�I�� �ޏIAF�Ir0�S�H�L=�M����Hx|���h�..&�.�3���.��d��Tq�ȯ�B ^�, "�źz�����i��A�VFJV9@s�LB /��r�8�MY[�U=��S��iY��Z>8�nSH�z�m��R�/Ɇ�˜R�TF%R�1:e]GjDfHf��D�px�8CBd�� r3��Q�� ����8��nT��L��Z��VM*fa�wp� #}����SJ�p��{�(�� �aͽ�2_�K:ͤۍ�}Ъ�=���L��ʘ�Ӟ�r�n��ި�MK�s* ������P:��R�!{}���7V% ������x�r½����'A
�[ƍ)�k6]�%UZ������++�w�8)��&��%Sz|�!�\@zE�:=י��1ȅ�<}��Ug� U,(����$���G�T�%��D� �����G��wh���xl5!�֪)�B|p2����O\ �!*�Fɸ��T��}��w� ������~� ��j�絏�y��ȕ\��-p�tkɥ/����I'őrZ�qW�pM�����09WY�١����x#5i�R����X��_lЇ+ +8�JŸ�]^ρZʍ���w !L����ڨa~�̵��ȃ���OD��B�J��v�&� ZFH
� B�����|�Wl�w;�>���U ߣl�T��(l���N�X�����/�qct0 �v���5XL�5�!��$;B�D^�1<�p�p:��s�N�A�ea/�������&&�D&�z~ܝ5�Ȼ- v�tD0B<�{�@m]�S����\���E�J�A��0��A��@M�FǾ����1�>(all��08nB�}C�>�xwc��$X��* y��i5�4hN�G��8��H���J-�� ��[&�+6v�ԥ.gcw5��8�*+0V�x��G�^��]�0-�G ���"�~��a�R�^r��7+��u���'V�ab���������㑹.6����� `��k�>�=���Gc�aB;y����L�ݳE%^wԸ��-�����
������3��xU���=�e�2�ۦ��p�n8A�4�j[W��r`�]n�>:�\����ʌ`R�7�1O�}�h)4���(HI�i0�s����jw��� �����-.�Ӛ�*�O[! ���uZ�i<��=���T�\�ЅB^:z�b�"�55�����MXLf� |b��t�f��]�=�䗥��`��倁m�o5���h�uQp, :l忱x�3D�6�ҁo)��`��5��ڝ�l�=u��l>��7�%�Iꂆ�2/ \�j�ŋD�\����x��E���q�nڔ�� `iK�}�0�I�,��%�&��z�zһh�^���|��YH#�+�����q��F�N�J�)a?X5�d� ���g��^��ϝ5�ƗG�ǞWL%��et%\�����
��5�2$dK��pL���'\J����:Oq��x+�γ�r��-V�l�VO�L��B��.�7�Nr��G,{:��|X��F�߱����Մ(�Mxd�:���ofw��������Ѷ�<�BG�4���y]���@9/'ɖ���<��$X� ������R���q<�p��as��x�������l�8��p��b�֍]X6=2�����R>Sk�֢�㋕�������?}�aTd�Ϡ$�����]כ������7p@����{�9��!b�k��8N�7������%��ٲ*����-����L�� |�4?��O���b��)��>�)o�|��������~��������=�_���o���T�����L��-�W�n���0 �����?�ɴ����ܱո�F0b2iBsHM�P�G�V��+v%���1�)��kÁ���O���$�h�ϯM]ۦ�\d�ӣ�Z�wr�;�E�Q!\%�j$%�w�쏕� q�y��4�V�#����]rn&mO8�Jq����r��tkȮ��V��+�r�Ƭ����cr��!B�ἈN�ԗ���FqG1�./���gV��C�3�ԑ���”�~%��n�p�1�{�hd�<�kx|[��֎�,Ta}�oO-%҃��V���.|oz�?g�����x�u����ofr���}"�O��˚�M��U^l���$Nv�b�
ܣ���V�"d�-�j��m���3����ʈ���VG{�^ǵ�Z5�4�@���p�R��`�/��|���d���(}��|����l��@��ڱ�UXa ;I:�=([H��S6�AaS���4�]���M���Q��7��@:�� ����9�eD�)���]������|��ΐ$i/�0`��P�A����:�j6����4�.JE��zv}PMOL�����V9�[W!uz>ꇿsv��8>�rpy&�-�'�1)j�3��G���ъ�͠�/N�۰_� 5Ws����1�W��{Pq��4��Yƪ���;�ɛYém��\��Gjj�)��+2�vp�,)I���1�k��]��GuX���E�
})��s�U�Vv2�4k9{�~���/ѲZ�2az�⩚��(9����}u'��A}�a��v�~��� �@��@BFX��G�L�w��]m��g\+/q���l]�ʊw沼4[;6�g�z��'�rC�;���G�`z���l�i�K��,���� r��EB�v��E^��A�L� �*ץ���-F�s�ݗ�Ko�$�a�ʴ��X�l�cp�����f��SfE�HQ\4� ��X�lt��|�>qYOw�U*�#�({�% &M=�%G��Yh��h�$b�er���n`�fAc��O81g��dn� �K��x4Vr�7[��~�Ž�z;�����i?+�-r���ĭ�֪�aֆ�9 ?��f�z�cn��rx>$SVq��}9�;^mu��(�A?)�-�0���������}�4�y.��w:�(��mm�9�v����M��-OD՛�0R����g�[�m��0�l��Y��[|0�r�B�el�b��{k�P�e�rr�����&��&����dYM�����=��la�*=���?��]�y��VJK]�Չ����� �����6j,��‘K� )'�™��̩�i�6��>� ��gMZPG{��V69[u8�ޞ�g��>��ܔ�3�^B��m�Z>�x��+h}�e�#�{�����W7vIe�~2��fRG�#��b�� �З�d�R�㛤�.�%k��� �y*�(?%��J��Je� s��m���4@�9�`Y�¨��0�/ hA�h�v+�K�����ܝ�)�/�tN��}�˛�d�w��;���?u�� /�Pw��D�<�2'�b�
�H51��'��>W�=��;�� �;\qF:N����R�ｆ�����Y�`ž���PV$�c�ݔ��kw��eZ�,�}a�H�@��G�u�.�k��U��۔rz�����S���4�'{��A�K�8�$m�<$B��E�\�~�*���~��� �����N�0g;-}�u�������/�]����p����NL`jc�%��
���mf