You are here: Home » metasploit
We Have a Winner!!
The folks at Rapid7 have continued to support numerous community activities including EH-Net. One hard working EH-Netter has been chosen to win a full license of Metasploit Pro with one entire year of support included for a total value of $15,000! For a little more on the Pro edition:
“Metasploit Pro helps enterprise defenders prevent data breaches by efficiently prioritizing vulnerabilities, verifying controls and mitigation strategies, and conducting real-world, collaborative, broad-scope penetration tests to improve your security risk intelligence.”
As with every giveaway, all you have to do is participate on EH-Net. Since this is such a large prize, in determining the winner, I went right to those with the largest number of posts (1000+). And the deserving winner this time around is UNIX. Congrats!! For those who did not win, don’t stop participating now as the prizes keep on coming with a SANS giveaway in February, Mile2 in March and much more throughout 2013. Keep up the great work.
Participation is the ONLY way to win. Start a thread that sparks lots of interest; share thoughts and experiences; help a newbie… quality is more important than quantity.
Only members are eligible!
Registration Is FREE!
“Metasploit – The Penetration Tester’s Guide” by David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni is perhaps the most enjoyable book I have come across regarding the uses and functionality of Metasploit. There were so many concepts it refreshed me on, many functions I didn’t know existed and other functions I did not correctly understand even with my years of using Metasploit. Let’s take an in-depth look into this stellar publication by No Starch Press.
Initially I skipped through the first chapter of the book, “The Absolute Basics of Penetration Testing.” However, I went back to the chapter as I had already been in and out of reading the methodologies laid out by the Penetration Testing Execution Standard (PTES). This chapter actually made sense after the fact, since my approach was that of the technical one: Show me the meat of this book. Not everyone who uses Metasploit (and other tools like it) has a concise understanding of penetration testing, and many will assume that aiming Metasploit at an address constitutes a penetration test. The chapter is clear, summarized and offers much food for thought outside of Metasploit and into the realm of penetration testing.
After the break, look for a link to a free download of Chapter 8: “Exploitation Using Client-Side Attacks”
Armitage is a front-end for Metasploit that allows team collaboration and exposes the advanced features of the framework. Raphael Mudge, Armitage Creator, has made a six-part training series on Armitage and Metasploit for the ethicalhacker.net community. These demonstration-heavy lectures introduce the penetration testing process and walk you through each step. You’ll learn how to break into hosts, carry out post-exploitation activities, develop more access from your initial foothold, and you’ll do this in a team environment.
These lectures were initially created for the Austin, TX ISSA and OWASP half-day Metasploit training event in June. Elated after several tex-mex meals, Raphael recorded these lectures for us. If you’re new to penetration testing and want to understand Metasploit and Armitage, these lectures are for you. Also, be sure to read Hacking Linux with Armitage from February 2011. Enjoy the training!
By Chris Gates, CISSP, GCIH, C|EH, CPTS
It should be obvious to everyone that the bad guys are moving away from network level attacks and moving toward social engineering coupled with client-side attacks. In fact, this is the focus of the next ChicagoCon in May, where I will be presenting this exact topic live. Penetration testers need to be able to help an organization detect and respond to client-side attacks, and what better way to do that than to do a little client side exploitation during your pentests.
A new mixin has been added to the Metasploit Framework that allows the penetration tester to create and output the files that contain the exploit code instead of just serving up the exploit on a web page. This increases the attack surface by allowing the pentester to perform their Open Source Intelligence (OSINT) gathering to collect email addresses for the target domain. We then take those addresses and actually send the exploit to the victim as an attachment in the email versus a link to a website. Your mileage may very on the effectiveness of that technique, but in my experience people seem to be more apt to open attachments of “normal” or “non-malicious” type like .pdf and .html rather than clicking on links. Some example formats that can be used with the fileformat mixin are .pdf, .html, .cab, .m3u, .xpm, as well as others.
**This isn’t to say that some fileformat exploits can’t be delivered via the web. You can easily link to www.evil.com/evil.pdf, but some lend themselves to easier exploitation if you can get the file into a user’s inbox. So let’s take a quick look at how this can be accomplished.
Metasploit Tutorial by Justin Peltier, CTO, Peltier Associates
How tough is it to really compromise a system? As an ethical hacking instructor, that is a question that I get asked quite frequently. My usual response to this type of question is to encourage the questioner to try to compromise a system, which they own, to find out the time and skill necessary to compromise a system. There is real value in getting a true sense of what it really takes to actually defeat common security measures. This provides first hand experience that cannot really be duplicated from listening to an industry expert or from reading articles and books. The main reason for this is that there is a lot of misinformation, some intentional and some not, available. The easiest way to determine just how difficult something like compromising systems or defeating wireless encryption is – is to try it for yourself in this Metasploit Tutorial.