Metasploit - The Penetration Tester's Guide by David Kennedy.pdf

(4747 KB) Pobierz
Metasploit
David Kennedy
Jim O'Gorman
Devon Kearns
Mati Aharoni
Copyright © 2011
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any information storage or retrieval
system, without the prior written permission of the copyright owner and the publisher.
No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other
product and company names mentioned herein may be the trademarks of their respective owners. Rather
than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in
an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the
trademark.
The information in this book is distributed on an “As Is” basis, without warranty. While every precaution
has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any
liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or
indirectly by the information contained in it.
No Starch Press
Foreword
Information technology is a complex field, littered with the half-dead technology
of the past and an ever-increasing menagerie of new systems, software, and
protocols. Securing today’s enterprise networks involves more than simply patch
management, firewalls, and user education; it requires frequent real-world
validation of what works and what fails. This is what penetration testing is all
about.
Penetration testing is a uniquely challenging job. You are paid to think like a
criminal, to use guerilla tactics to your advantage, and to find the weakest links
in a highly intricate net of defenses. The things you find can be both surprising
and disturbing; penetration tests have uncovered everything from rogue
pornography sites to large-scale fraud and criminal activity.
Penetration testing is about ignoring an organization’s perception of its security
and probing its systems for weaknesses. The data obtained from a successful
penetration test often uncovers issues that no architecture review or vulnerability
assessment would be able to identify. Typical findings include shared passwords,
cross-connected networks, and troves of sensitive data sitting in the clear. The
problems created by sloppy system administration and rushed implementations
often pose significant threats to an organization, while the solutions languish
under a dozen items on an administrator’s to-do list. Penetration testing
highlights these misplaced priorities and identifies what an organization needs to
do to defend itself from a real intrusion.
Penetration testers handle a company’s most sensitive resources; they gain
access to areas that can have dire real-world consequences if the wrong action is
taken. A single misplaced packet can bring a factory floor to a halt, with a cost
measured in millions of dollars per hour. Failure to notify the appropriate
personnel can result in an uncomfortable and embarrassing conversation with the
local police. Medical systems are one area that even the most experienced
security professionals may hesitate to test; nobody wants to be responsible for
mixing up a patient’s blood type in an OpenVMS mainframe or corrupting the
memory on an X-ray machine running Windows XP. The most critical systems
are often the most exposed, and few system administrators want to risk an outage
by bringing down a database server to apply a security patch.
Balancing the use of available attack paths and the risk of causing damage is a
skill that all penetration testers must hone. This process depends not only on a
technical knowledge of the tools and the techniques but also on a strong
understanding of how the organization operates and where the path of least
resistance may lie.
In this book, you will see penetration testing through the eyes of four security
professionals with widely divergent backgrounds. The authors include folks with
experience at the top of the corporate security structure all the way down to the
Wild West world of underground exploit development and vulnerability
research. There are a number of books available on penetration testing and
security assessments, and there are many that focus entirely on tools. This book,
however, strives for a balance between the two, covering the fundamental tools
and techniques while also explaining how they play into the overall structure of
a successful penetration testing process. Experienced penetration testers will
benefit from the discussion of the methodology, which is based on the recently
codified Penetration Test Execution Standard. Readers who are new to the field
will be presented with a wealth of information not only about how to get started
but also why those steps matter and what they mean in the bigger picture.
This book focuses on the Metasploit Framework. This open source platform
provides a consistent, reliable library of constantly updated exploits and offers a
complete development environment for building new tools and automating every
aspect of a penetration test. Metasploit Express and Metasploit Pro, the
commercial siblings of the Framework, are also represented in this book. These
products provide a different perspective on how to conduct and automate large-
scale penetration tests.
The Metasploit Framework is an infamously volatile project; the code base is
updated dozens of times every day by a core group of developers and
submissions from hundreds of community contributors. Writing a book about the
Framework is a masochistic endeavor; by the time that a given chapter has been
proofread, the content may already be out of date. The authors took on the
Herculean task of writing this book in such a way that the content will still be
applicable by the time it reaches its readers.
The Metasploit team has been involved with this book to make sure that changes
to the code are accurately reflected and that the final result is as close to zero-day
coverage of the Metasploit Framework as is humanly possible. We can state with
full confidence that it is the best guide to the Metasploit Frame-work available
today, and it will likely remain so for a long time. We hope you find this book
valuable in your work and an excellent reference in your trials ahead.
HD Moore
Founder, The Metasploit Project
Preface
The Metasploit Framework has long been one of the tools most widely used by
information security professionals, but for a long time little documentation
existed aside from the source code itself or comments on blogs. That situation
changed significantly when Offensive-Security developed its online course,
Metasploit Unleashed. Shortly after the course went live, No Starch Press
contacted us about the possibly of creating a book to expand on our work with
Metasploit Unleashed.
This book is designed to teach you the ins and outs of Metasploit and how to use
the Framework to its fullest. Our coverage is selective—we won’t cover every
single flag or exploit—but we give you the foundation you’ll need to understand
and use Metasploit now and in future versions.
When we began writing this book, we had in mind a comment by HD Moore,
developer of the Metasploit Framework. In a conversation with HD about the
development of our Metasploit Unleashed course, one of us said to him, “I hope
the course comes out good.” To this offhand comment, HD merely replied,
“Then make sure it is good.” And that’s just what we’ve attempted to do with
this book.
As a group, we are experienced penetration testers who use Metasploit daily to
circumvent security controls, bypass protections, and attack systems
methodically. We wrote this book with the intention of helping our readers
become competent penetration testers. HD’s drive and focus on quality is
apparent within the Metasploit Framework, and we have tried to match those
characteristics in this book. We leave it up to you to judge how well we have
lived up to that standard.

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin