Tuesday, August 2, 2011

Metasploit – The Penetration Tester’s Guide Ebook

"The best guide to the Metasploit Framework." —HD Moore, Founder of the Metasploit ProjectThe Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.
Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.
Learn how to:

  • Find and exploit unmaintained, misconfigured, and unpatched systems
  • Perform reconnaissance and find valuable information about your target
  • Bypass anti-virus technologies and circumvent security controls
  • Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
  • Use the Meterpreter shell to launch further attacks from inside the network
  • Harness standalone Metasploit utilities, third-party tools, and plug-ins
  • Learn how to write your own Meterpreter post exploitation modules and scripts
You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.

About the Author

David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit-Database development team and is a core member of the Social-Engineer podcast and framework. Kennedy has presented at a number of security conferences including Black Hat, DEF CON, ShmooCon, Security B-Sides, and more.
Jim O'Gorman is a professional penetration tester with CSC's StrikeForce, a co-founder of Social-Engineer.org, and an instructor at Offensive-Security. He is involved in digital investigations and malware analysis, and helped build forensic capabilities into Back|Track Linux. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.
Devon Kearns is an instructor at Offensive-Security, a Back|Track Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.
Mati Aharoni is the creator of the Back|Track Linux distribution and founder of Offensive-Security, the industry leader in security training.

Product Details

  • Paperback: 328 pages
  • Publisher: No Starch Press; 1 edition (July 22, 2011)
  • Language: English
  • ISBN-10: 159327288X
  • ISBN-13: 978-1593272883
  • Product Dimensions: 9.2 x 6.9 x 1 inches

download: Metasploit Penetration Tester's Guide here--http://www.mediafire.com/?aof5i7zjymta9e0

Sunday, June 19, 2011

Metasploit Pro

 Rapid7 added Metasploit Pro, an open-core commercial Metasploit edition for penetration testers.[ Metasploit Pro includes all features of Metasploit Express and adds advanced penetration testing features such as web application scanning and exploitation, social engineering campaigns, and VPN pivoting.[9] Metasploit Pro is available as a 7-day trial.

Minimum System Requirements for metasploit pro
  • 2 GHz+ processor
  • 2 GB RAM available (increase accordingly with VM targets on the same device)
  • 500 MB+ available disk space
  • 10/100 Mbps network interface card

Choose your operating system to download free trial version of metasploit pro


32-bit OS
64-bit OS
  • Windows XP, Vista, 7, Server 2003, and Server 2008
Download Download
  • Red Hat Enterprise Linux 5
Download Download
  • Ubuntu Linux 8.04+
Download Download



Thursday, June 16, 2011

METASPLOIT FRAMEWORK

Metasploit Framework is command line framework of metasploit where everything is to be done manually with commands it is much stable than other gui versions of metasploit.

Metasploit Framework is free to download as we all know metasploit is open source.
metasploit framework


The basic steps for exploiting a system using the Framework include -
  1. Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 300 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
  2. Checking whether the intended target system is susceptible to the chosen exploit (optional);
  3. Choosing and configuring a payload (code that will be executed on the target system upon successful entry, for instance a remote shell or a VNC server);
  4. Choosing the encoding technique to encode the payload so that the intrusion-prevention system (IPS) will not catch the encoded payload;
  5. Executing the exploit.
This modularity of allowing to combine any exploit with any payload is the major advantage of the Framework: it facilitates the tasks of attackers, exploit writers, and payload writers.
Versions of the Metasploit Framework since v3.0 are written in the Ruby programming language. The previous version 2.7, was implemented in Perl. It runs on all versions of Unix (including Linux and Mac OS X), and also on Windows. It includes two command-line interfaces, a web-based interface and a native GUI. The web interface is intended to be run from the attacker's computer. The Metasploit Framework can be extended to use external add-ons in multiple languages.
To choose an exploit and payload, some information about the target system is needed such as operating system version and installed network services. This information can be gleaned with port scanning and OS fingerprinting tools such as nmap. Nessus can, in addition, detect the target system's vulnerabilities

WHAT IS METASPLOIT

The Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.
metasploit
The Metasploit Project is also well-known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework.
Metasploit was created by HD Moore in 2003 as a portable network tool using the Perl scripting language. Later, the Metasploit Framework was then completely rewritten in the Ruby programming language and has now become the world's largest Ruby project, with over 700,000 lines of code. It is most notable for releasing some of the most technically sophisticated exploits to public security vulnerabilities. In addition, it is a powerful tool for third-party security researchers to investigate potential vulnerabilities. On October 21, 2009 the Metasploit Project announced[1] that it had been acquired by Rapid7, a security company that provides unified vulnerability management solutions.

Like comparable commercial products such as Immunity's Canvas or Core Security Technologies' Core Impact, Metasploit can be used to test the vulnerability of computer systems to protect them, and it can be used to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities. Since the acquisition of the Metasploit Framework, Rapid7 has added two open-core proprietary editions called Metasploit Express and Metasploit Pro .