Showing posts with label Metasploit. Show all posts
Metasploit -The Penetration Tester's Guide [pdf] [Free Download]
Metasploit -The Penetration Tester's Guide
![[Image: Metasploit-A-Penetration-Tester-Guide-e1...295776.png]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheOjgWl2_6xgVfXMxUBkGfav_Ug51Qai3bqGMQi9brvgmO_JSu-JwAAHHrY7tSlJ1YX25iYkicL4H9UqgVxwBKosyk5920BxAO1SGwUzIMX6J2LnsRX2d0yHYWSH_hjX9cJ1zdp9RSCW4/s320/Metasploit-A-Penetration-Tester-Guide-e1304758295776.png)
The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors.
Once you've built your foundation for penetration testing, you’ll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You’ll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.
Learn how to:
Find and exploit unmaintained, misconfigured, and unpatched systems
Perform reconnaissance and find valuable information about your target
Bypass anti-virus technologies and circumvent security controls
Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery
Use the Meterpreter shell to launch further attacks from inside the network
Harness standalone Metasploit utilities, third-party tools, and plug-ins
Learn how to write your own Meterpreter post exploitation modules and scripts
You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.
About the Author
David Kennedy is Chief Information Security Officer at Diebold Incorporated and creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit-Database development team and is a core member of the Social-Engineer podcast and framework. Kennedy has presented at a number of security conferences including Black Hat, DEF CON, ShmooCon, Security B-Sides, and more.
Jim O'Gorman is a professional penetration tester with CSC’s StrikeForce, a co-founder of Social-Engineer.org, and an instructor at Offensive-Security. He is involved in digital investigations and malware analysis, and helped build forensic capabilities into Back|Track Linux. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.
Devon Kearns is an instructor at Offensive-Security, a Back|Track Linux developer, and administrator of The Exploit Database. He has contributed a number of Metasploit exploit modules and is the maintainer of the Metasploit Unleashed wiki.
Mati Aharoni is the creator of the Back|Track Linux distribution and founder of Offensive-Security, the industry leader in security training.
Table of Contents
Chapter 1: The Absolute Basics of Penetration Testing
Chapter 2: Metasploit Basics
Chapter 3: Intelligence Gathering
Chapter 4: Vulnerability Scanning
Chapter 5: The Joy of Exploitation
Chapter 6: Meterpreter
Chapter 7: Avoiding Detection
Chapter 8: Exploitation Using Client-side Attacks
Chapter 9: Metasploit Auxiliary Modules
Chapter 10: The Social-Engineer Toolkit
Chapter 11: Fast-Track
Chapter 13: Building Your Own Module
Chapter 14: Creating Your Own Exploits
Chapter 15: Porting Exploits to the Metasploit Framework
Chapter 16: Meterpreter Scripting
Chapter 17: Simulated Penetration Test
Appendix A: Configuring Your Target Machines
Appendix B: Cheat Sheet
LINK:>http://www.megaupload.com/?d=CUX8WIFM
ARMITAGE AND METASPLOIT TRAINING: Team Tactics!
Today is the last episode of this training and it deals with the team tactics involved in using Metasploit!
==========
Team Tactics:
==========
ARMITAGE AND METASPLOIT TRAINING: Maneuver
=========
Maneuver:
=========
ARMITAGE AND METASPLOIT TRAINING: Post-Exploitation
This Video Tutorial deals with the Post-Exploitation Stuff and details.
============
Post-Exploitation:
============
Armitage And Metasploit Training: Access
Today is turn for the third part of the instalment it is about exploiting and accessing the compromised machine.
=======
ACCESS:
=======
Armitage And Metasploit Training: METASPLOIT.
Today is second intallment of the Metasploit and Armitage Training. This video will deal with operating Metasploit Framework.
===========
METASPLOIT:
===========
Armitage And Metasploit Training: Introduction.
Today I am going to share a very good Video Training on the Pen testing about the famous Metasploit and Armitage, Today comes the first part that covers the introduction others will soon follow.
==============
INTRODUCTION:
INTRODUCTION:
==============
Backtrack Hacking Tutorials Full Collection 4 DVD and Bonus [Tutorial] [Video]
Backtrack Hacking Tutorials Full Collection 4 DVD and Bonus
Filesonic – 7,67 GB
BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field.
Full DVD Tutorial – 7,67 GBs Videos:
Backtrack Hacking DVD Tutorials Full Collection DVD and Bonus Hacking Videos (total 24 Episodes).
Includes::
Episode 1 – Network Hacking – Arp Poisoning
Episode 2 – Wireless Hacking – Cracking WEP
Episode 3 – Wireless Hacking – DeAuth
Episode 5 – Lock Picking – Bump Key
Episode 6 – Phone Phreaking – Beige Box
Episode 7 – Phone Phreaking/Network Hacking – Sniffing VOIP
Episode 8 – Lock Picking – DIY Padlock Shims
Episode 9 – Lock Picking – Mult-Disc Combo Locks
Episode 10 – Hacking Basics – MD5
Episode 11 – Website Hacking – Sql Injection
Episode 12 – Hacking Basics – Backtrack
Episode 13 – Website Hacking – XSS
Episode 14 – Staying Secure – SSH Tunnel
Episode 15 – Modding – Xbox Softmod
Episode 16 – Wireless Hacking – Cracking WPA
Episode 17 – Triple Boot – Windows, Backtrack, & Ubuntu
Episode 18 – Local Password Cracking
Episode 19 – Lock Picking Basics
Episode 20 – Ettercap
Episode 21 – XSS Tunnel
Episode 22 – Playstation 2 Softmod
Episode 23 – Cracking WEP Update
Episode 24 – Bypass Hotspot’s Access Controls
Download:
Download from FileSonic
http://www.filesonic.com/file/2920811525/BackTrack 4 R2 Release.part01.rarhttp://www.filesonic.com/file/2921185265/BackTrack 4 R2 Release.part02.rarhttp://www.filesonic.com/file/2921204745/BackTrack 4 R2 Release.part03.rarhttp://www.filesonic.com/file/2921912445/BackTrack 4 R2 Release.part04.rarhttp://www.filesonic.com/file/2922674945/BackTrack 4 R2 Release.part05.rarhttp://www.filesonic.com/file/2922682745/BackTrack 4 R2 Release.part06.rarhttp://www.filesonic.com/file/2923265645/BackTrack 4 R2 Release.part07.rarhttp://www.filesonic.com/file/2923875705/BackTrack 4 R2 Release.part08.rarhttp://www.filesonic.com/file/2923889905/BackTrack 4 R2 Release.part09.rarhttp://www.filesonic.com/file/2924475755/BackTrack 4 R2 Release.part10.rarhttp://www.filesonic.com/file/2924490905/BackTrack 4 R2 Release.part11.rarhttp://www.filesonic.com/file/2925204255/BackTrack 4 R2 Release.part12.rarhttp://www.filesonic.com/file/2925205055/BackTrack 4 R2 Release.part13.rarhttp://www.filesonic.com/file/2925210425/BackTrack 4 R2 Release.part14.rarhttp://www.filesonic.com/file/2925210275/BackTrack 4 R2 Release.part15.rarhttp://www.filesonic.com/file/2925216065/BackTrack 4 R2 Release.part16.rarhttp://www.filesonic.com/file/2925215965/BackTrack 4 R2 Release.part17.rarhttp://www.filesonic.com/file/2925225305/BackTrack 4 R2 Release.part18.rarhttp://www.filesonic.com/file/2925221455/BackTrack 4 R2 Release.part19.rarhttp://www.filesonic.com/file/2925225225/BackTrack 4 R2 Release.part20.rarhttp://www.filesonic.com/file/2925225405/BackTrack 4 R2 Release.part21.rar
Download from FileJungle
http://www.filejungle.com/f/nmVHcV
http://www.filejungle.com/f/eypXMd
http://www.filejungle.com/f/C72T5B
http://www.filejungle.com/f/RWChfs
http://www.filejungle.com/f/d9b8Cg
http://www.filejungle.com/f/dNpF3C
http://www.filejungle.com/f/yeqUBU
http://www.filejungle.com/f/NnxP4B
http://www.filejungle.com/f/znBXjm
http://www.filejungle.com/f/aedDP2
http://www.filejungle.com/f/29pA7x
http://www.filejungle.com/f/WWCxfC
http://www.filejungle.com/f/Vq4QeU
http://www.filejungle.com/f/NPVWhj
http://www.filejungle.com/f/aAhSR2
http://www.filejungle.com/f/fENSed
http://www.filejungle.com/f/jqC5tq
http://www.filejungle.com/f/3p9Bm4
http://www.filejungle.com/f/6gJA7B
http://www.filejungle.com/f/WsQYW2
http://www.filejungle.com/f/GnT37X
http://www.filejungle.com/f/eypXMd
http://www.filejungle.com/f/C72T5B
http://www.filejungle.com/f/RWChfs
http://www.filejungle.com/f/d9b8Cg
http://www.filejungle.com/f/dNpF3C
http://www.filejungle.com/f/yeqUBU
http://www.filejungle.com/f/NnxP4B
http://www.filejungle.com/f/znBXjm
http://www.filejungle.com/f/aedDP2
http://www.filejungle.com/f/29pA7x
http://www.filejungle.com/f/WWCxfC
http://www.filejungle.com/f/Vq4QeU
http://www.filejungle.com/f/NPVWhj
http://www.filejungle.com/f/aAhSR2
http://www.filejungle.com/f/fENSed
http://www.filejungle.com/f/jqC5tq
http://www.filejungle.com/f/3p9Bm4
http://www.filejungle.com/f/6gJA7B
http://www.filejungle.com/f/WsQYW2
http://www.filejungle.com/f/GnT37X
How To Use A Keylogger Inside Metasploit Using Meterpreter?
Well, I have made lots of posts on keyloggingindeed I have dedicated a whole book to this topic "An Introduction To keyloggers, RATS And Malware" which is available as a free download, Now If you are a regular reader of this blog thechances are very less that you might not know about keyloggers as I have written about it over and over agai. However in this post I will guide you simple ways to use a keylogger inside Meteasploit once you have opened up a meterpreter session with victims computer. For those of you who don't know what metasploit is kindly refer the post "Metasploit For Beginners Explained"
What is a Meterpreter?
Basically a meterpeter is a simple type of interface which helps us in compltety automating the exploitation process. If you would like to learn furthur about meterpreter kindly do a google search.
Requirements
- Metasploit Framework
- BackTrack 5
- A Meterpreter session opened on a box
In this case I am using metasploit framework from backtrack 5, Backtrack 5 is an awesome linux distro which is specially dedicated to hackers and penetration testers, I have used Social Engineering Toolkit to utilize a browser autopwn in order to open up a meterpreter session on the victims computer.
Step 1 - Before we start the keylogger and start capturing logs, we would need to migrate explorer.exe process as we don't want the our exploit to get closed, In order to migrate the process we would need the PID of the process, In order to get the PID type "PS" on the command line.
Step 2 - Once you know the exact process PID type "Migrate" command along with with the PID so incase if the PID is 1372, you will type "Migrate 1372"
Step 3 - Now just type "Keyscan_start" to start the keylogger.
Step 4 - Now just sit back and relax, In order to harvest keystores all you need to do is type the "Keyscan_dump" command.
====================================================================
This article is originally written by Rafay Baloch and he blogs at www.rafayhackingarticles.net . To know more about him see this: http://hackthepc.blogspot.com/2011/03/rafay-hacking-articles-hacking-blog.html
================================
Tag :
Keyloggers,
Metasploit
How to Hack a computer using Metasploit ? with Video
Metasploit Framework comes in command-line as well as GUI version. This article will deal with the command-line version. Followings are the basic commands of Metasploit that you should Learn by Heart.
1: help (show the commands.)
2: show info XXXX (to show the information on specified XXXX value, that is can be exploit or payload)
3: show options ( to show the options for a exploit and payload. Like RHOST, LHOST)
4: show exploits/payloads (to get a list of exploits/payloads)
5: use XXXX (to select the name of the exploit.)
6: set XXXX (to set the value of RHOST, LHOST or payload)
7: exploit (to launch a exploit on targeted machine.)
Note: To hack a computer using Metasploit first you should have the enough information of the target including
1: IP address
2: Open Ports
3: services running
4: Version of software running
All of these need a little work. A famous tool to do all of these is NMAP on which I have written some articles.
Now the first step is choosing a right exploit for the vulnerabilities in the machine. To determine the exploit for the attack you need all the things noted above. For example the computer is running a SMTP server on Port 25 and there is a exploit on it than you hack that computer.
To choose an exploit following command is there:
Use [exploits address . e.g. Exploit/windows/smtp/xxx. ]
Now you need a payload (payload is a piece of program that will be executed if vulnerability is exploited). To get a list of all the payloads available for the exploit Just type following command.
Show payloads
Now choose an appropriate a payload from it. The only thing left is to set the fields for the attack. List of Most Probable fields to be set is given bellow.
RHOST = The IP address of the computer to be attacked.
RPORT = The Port of the service to exploited (it set by default)
LHOST = The IP address of your computer (it set by default)
LPORT = The default port of your Metasploit program (it set by default)
Now the Last step is to type the following command and Launch attack to the computer.
exploit
After typing this command the attack will be launched and if vulnerability is successfully exploited the payload will be executed and a shell (you can take it as command prompt) will be launched which will allow you to do anything with the computer that you have attacked.
==========================================
Video Tutorial
==========================================
==========================================
Video Tutorial
==========================================
How to Make and send Metasploit Backdoor [Video]
I was surfing the youtube when i found the following Video which explain is beautifully that how can you infect someone with only Metasploit.
And NOTE:::: In the First step it is not necessary to have Backtrack or Ubuntu. Windows can also work if the Metasploit is installed. Which you can download from here: http://www.metasploit.com/download/How to hack a computer with Nmap and Metasploit
I have written different hacking articles about Nmap and Metasploit. Now I am writing this article to teach how to hack a computer using these two great tools.
Just got to http://www.metasploit.com/ and download the Latest Framework (not the mini version).
Now open the metasploit console. And type the following commands:
1: db_create (this will create database needed for this attack)
2: TYPE nmap -sT –sV XXX.XXX.XXX.XXX( X be the IP address of victim)
Now give it time to scan and when it is complete type following command.
3: db_autopwn -p -t –e
This would start the penetration test and great thing about this is that it does not need any manual configuration. Every thing will be done automatically and if the test is successful a shell will be created.
Metasploit Basic Tutorial.
Its a powerful tool used for penetration testing. Learning to work with metasploit needs a lot of efforts and time. Ofcourse to can learn metasploit overnight, it needs lots of practice and patience
Download here(windows user) http://www.metasploit.com/releases/framework-3.2.exeDownload here(linux user) http://www.metasploit.com/releases/framework-3.2.tar.gz
Just give a look at following basic steps for beginners to break into a system using metasploit after gathering some information about the target system.1. Select a right exploit and then set the target. 2.Verify the exploit options to determine whether the target system is vulnerable to the exploit. 3.Select a payload 4.Execute the exploit.You must be confused !!!!
Now carefully read the following basic terms to get an idea about these four steps mentioned above .I have defined the terms technically and side by side explained in layman language to clarify the things. I have taken an example that an attacker wants to break into a house . I hope my this approach will give you a great idea about these basic terms .
Vulnerability -A weakness which allows an attacker to break into or compromise a system's security.
Like the main gate of house with a weak lock (can be easily opened) , a glass window of house(can be easily broken) etc can be the vulnerabilities in the systems which make it easy for an attacker to break into.
Exploit - Code which allows an attacker to take advantage of a vulnerability system.
The set of different keys which he can try one by one to open the lock , the hammer with him which he can use to break the glass window etc can be the exploits.
Payload- Actual code which runs on the system after exploitation
Now Finally after exploiting the vulnerability and breaking in , he can have different things to do. He can steal money, destroy the things or just can give a look and come back.. Deciding this is what we mean by setting the Payload.
I hope its enough friends, You will learn more with further tutorials when you will start working with metasploit practically.
Tag :
Metasploit,
REAL HACKING
