Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Metasploit Penetration Testing Cookbook

You're reading from   Metasploit Penetration Testing Cookbook Over 70 recipes to master the most widely used penetration testing framework with this book and ebook.

Arrow left icon
Product type Paperback
Published in Jun 2012
Publisher Packt
ISBN-13 9781849517423
Length 268 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Abhinav Singh Abhinav Singh
Author Profile Icon Abhinav Singh
Abhinav Singh
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Metasploit Penetration Testing Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
1. Metasploit Quick Tips for Security Professionals 2. Information Gathering and Scanning FREE CHAPTER 3. Operating System-based Vulnerability Assessment and Exploitation 4. Client-side Exploitation and Antivirus Bypass 5. Using Meterpreter to Explore the Compromised Target 6. Advanced Meterpreter Scripting 7. Working with Modules for Penetration Testing 8. Working with Exploits 9. Working with Armitage 10. Social Engineer Toolkit Index

Introduction


Metasploit is currently the most buzzing word in the field of information security and penetration testing. It has totally revolutionized the way we can perform security tests on our systems. The reason which makes Metasploit so popular is the wide range of tasks that it can perform to ease the work of penetration testing to make systems more secure. Metasploit is available for all popular operating systems. The working process of the framework is almost the same for all of them. Here in this book, we will primarily work on BackTrack 5 OS as it comes with the pre-installed Metasploit framework and other third-party tools which run over the framework.

Let us start with a quick introduction to the framework and the various terminologies related to it:

  • Metasploit framework: It is a free, open source penetration testing framework started by H. D. Moore in 2003 which was later acquired by Rapid7. The current stable versions of the framework are written using the Ruby language. It has the world's largest database of tested exploits and receives more than a million downloads every year. It is also one of the most complex projects built in Ruby to date.

  • Vulnerability: It is a weakness which allows an attacker/pen-tester to break into/compromise a system's security. This weakness can either exist in the operating system, application software, or even in the network protocols.

  • Exploit: Exploit is a code which allows an attacker/tester to take advantage of the vulnerable system and compromise its security. Every vulnerability has its own corresponding exploit. Metasploit v4 has more than 700 exploits.

  • Payload: It is the actual code which does the work. It runs on the system after exploitation. They are mostly used to set up a connection between the attacking and the victim machine. Metasploit v4 has more than 250 payloads.

  • Module: Modules are the small building blocks of a complete system. Every module performs a specific task and a complete system is built up by combining several modules to function as a single unit. The biggest advantage of such an architecture is that it becomes easy for developers to integrate a new exploit code and tools into the framework.

The Metasploit framework has a modular architecture and the exploits, payload, encoders, and so on are considered as separate modules.

Let us examine the architecture diagram closely.

Metasploit uses different libraries which hold the key to the proper functioning of the framework. These libraries are a collection of pre-defined tasks, operations, and functions that can be utilized by different modules of the framework. The most fundamental part of the framework is the Ruby Extension (Rex) library. Some of the components provided by Rex include a wrapper socket subsystem, implementations of protocol clients and servers, a logging subsystem, exploitation utility classes, and a number of other useful classes. Rex itself is designed to have no dependencies, other than what comes with the default Ruby installation.

Then we have the MSF Core library which extends Rex. Core is responsible for implementing all of the required interfaces that allow for interacting with exploit modules, sessions, and plugins. This core library is extended by the framework base library which is designed to provide simpler wrapper routines for dealing with the framework core, as well as providing utility classes for dealing with different aspects of the framework, such as serializing a module state to different output formats. Finally, the base library is extended by the framework's User Interface (UI) that implements support for the different types of user interfaces to the framework itself, such as the command console and the web interface.

There are four different user interfaces provided with the framework namely msfconsole, msfcli, msfgui, and msfweb. It is highly encouraged that one should check out all these different interfaces, but in this book we will primarily work on the msfconsole interface. The reason behind it is that msfconsole provides the best support to the framework, leveraging all the functionalities.

Let us now move to the recipes of this chapter and practically analyze the various aspects.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at AU $24.99/month. Cancel anytime