• Complain

David Kennedy - Metasploit: The Penetration Testers Guide

Here you can read online David Kennedy - Metasploit: The Penetration Testers Guide full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2011, publisher: No Starch Press, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

No cover

Metasploit: The Penetration Testers Guide: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Metasploit: The Penetration Testers Guide" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Testers Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.
Once youve built your foundation for penetration testing, youll learn the Frameworks conventions, interfaces, and module system as you launch simulated attacks. Youll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.
Learn how to:
Find and exploit unmaintained, misconfigured, and unpatched systems
Perform reconnaissance and find valuable information about your target
Bypass anti-virus technologies and circumvent security controls
Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
Use the Meterpreter shell to launch further attacks from inside the network
Harness standalone Metasploit utilities, third-party tools, and plug-ins
Learn how to write your own Meterpreter post exploitation modules and scripts
Youll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone elses to the test, Metasploit: The Penetration Testers Guide will take you there and beyond.

David Kennedy: author's other books


Who wrote Metasploit: The Penetration Testers Guide? Find out the surname, the name of the author of the book and a list of all author's works by series.

Metasploit: The Penetration Testers Guide — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Metasploit: The Penetration Testers Guide" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
HD Moore, Founder of the Metasploit Project\n\n

The Metasploit Framework is a powerful suite of tools that security researchers use to investigate and resolve potential network and system vulnerabilities. Metasploit: The Penetration Tester's Guide shows readers how to assess networks by using Metasploit to launch simulated attacks that expose weaknesses in their security.

"/>
Metasploit
David Kennedy
Jim O'Gorman
Devon Kearns
Mati Aharoni

Copyright 2011

All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.

No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

The information in this book is distributed on an As Is basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.

No Starch Press

Foreword

Information technology is a complex field, littered with the half-dead technology of the past and an ever-increasing menagerie of new systems, software, and protocols. Securing todays enterprise networks involves more than simply patch management, firewalls, and user education; it requires frequent real-world validation of what works and what fails. This is what penetration testing is all about.

Penetration testing is a uniquely challenging job. You are paid to think like a criminal, to use guerilla tactics to your advantage, and to find the weakest links in a highly intricate net of defenses. The things you find can be both surprising and disturbing; penetration tests have uncovered everything from rogue pornography sites to large-scale fraud and criminal activity.

Penetration testing is about ignoring an organizations perception of its security and probing its systems for weaknesses. The data obtained from a successful penetration test often uncovers issues that no architecture review or vulnerability assessment would be able to identify. Typical findings include shared passwords, cross-connected networks, and troves of sensitive data sitting in the clear. The problems created by sloppy system administration and rushed implementations often pose significant threats to an organization, while the solutions languish under a dozen items on an administrators to-do list. Penetration testing highlights these misplaced priorities and identifies what an organization needs to do to defend itself from a real intrusion.

Penetration testers handle a companys most sensitive resources; they gain access to areas that can have dire real-world consequences if the wrong action is taken. A single misplaced packet can bring a factory floor to a halt, with a cost measured in millions of dollars per hour. Failure to notify the appropriate personnel can result in an uncomfortable and embarrassing conversation with the local police. Medical systems are one area that even the most experienced security professionals may hesitate to test; nobody wants to be responsible for mixing up a patients blood type in an OpenVMS mainframe or corrupting the memory on an X-ray machine running Windows XP. The most critical systems are often the most exposed, and few system administrators want to risk an outage by bringing down a database server to apply a security patch.

Balancing the use of available attack paths and the risk of causing damage is a skill that all penetration testers must hone. This process depends not only on a technical knowledge of the tools and the techniques but also on a strong understanding of how the organization operates and where the path of least resistance may lie.

In this book, you will see penetration testing through the eyes of four security professionals with widely divergent backgrounds. The authors include folks with experience at the top of the corporate security structure all the way down to the Wild West world of underground exploit development and vulnerability research. There are a number of books available on penetration testing and security assessments, and there are many that focus entirely on tools. This book, however, strives for a balance between the two, covering the fundamental tools and techniques while also explaining how they play into the overall structure of a successful penetration testing process. Experienced penetration testers will benefit from the discussion of the methodology, which is based on the recently codified Penetration Test Execution Standard. Readers who are new to the field will be presented with a wealth of information not only about how to get started but also why those steps matter and what they mean in the bigger picture.

This book focuses on the Metasploit Framework. This open source platform provides a consistent, reliable library of constantly updated exploits and offers a complete development environment for building new tools and automating every aspect of a penetration test. Metasploit Express and Metasploit Pro, the commercial siblings of the Framework, are also represented in this book. These products provide a different perspective on how to conduct and automate large-scale penetration tests.

The Metasploit Framework is an infamously volatile project; the code base is updated dozens of times every day by a core group of developers and submissions from hundreds of community contributors. Writing a book about the Framework is a masochistic endeavor; by the time that a given chapter has been proofread, the content may already be out of date. The authors took on the Herculean task of writing this book in such a way that the content will still be applicable by the time it reaches its readers.

The Metasploit team has been involved with this book to make sure that changes to the code are accurately reflected and that the final result is as close to zero-day coverage of the Metasploit Framework as is humanly possible. We can state with full confidence that it is the best guide to the Metasploit Frame-work available today, and it will likely remain so for a long time. We hope you find this book valuable in your work and an excellent reference in your trials ahead.

HD Moore

Founder, The Metasploit Project

Preface

The Metasploit Framework has long been one of the tools most widely used by information security professionals, but for a long time little documentation existed aside from the source code itself or comments on blogs. That situation changed significantly when Offensive-Security developed its online course, Metasploit Unleashed. Shortly after the course went live, No Starch Press contacted us about the possibly of creating a book to expand on our work with Metasploit Unleashed.

This book is designed to teach you the ins and outs of Metasploit and how to use the Framework to its fullest. Our coverage is selectivewe wont cover every single flag or exploitbut we give you the foundation youll need to understand and use Metasploit now and in future versions.

When we began writing this book, we had in mind a comment by HD Moore, developer of the Metasploit Framework. In a conversation with HD about the development of our Metasploit Unleashed course, one of us said to him, I hope the course comes out good. To this offhand comment, HD merely replied, Then make sure it is good. And thats just what weve attempted to do with this book.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Metasploit: The Penetration Testers Guide»

Look at similar books to Metasploit: The Penetration Testers Guide. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Metasploit: The Penetration Testers Guide»

Discussion, reviews of the book Metasploit: The Penetration Testers Guide and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.