Book Reviews: Information Security Books and Product Reviews – Metasploit

Book Title: Metasploit

Subtitle: The Penetration Tester’s Guide

Author: David Kennedy, Jim O’Gorman, Devon Kearns, and Mati Aharoni.

Publisher: No Starch Press

Date of Publishing: 2011

ISBN(13): 9781593272883

Price (UK, US): £39.49, $49.95

URL of Amazon UK web page: Metasploit: The Penetration Tester’s Guide: A Penetration Tester’s Guide

URL of Amazon UK (Kindle) web page: Metasploit: The Penetration Tester’s Guide

URL of Amazon US web page: Metasploit: The Penetration Tester’s Guide

URL of Amazon US (Kindle) web page: Metasploit: The Penetration Tester’s Guide

There are 17 Chapters in this book, which cover all aspects of the use of Metasploit and how this tool can be used in Penetration Testing.Chapter 1: The Absolute Basics of Penetration Testing. This section briefly covers some very basic terms and the general phases of a Penetration Test. This may be of some interest to individuals who are complete novices when it comes to Penetration Testing.Chapter 2: Metasploit Basics. This section covers some general Metasploit terms and methods of using the Metasploit Framework.Chapter 3: Intelligence Gathering. This chapter covers basic information gathering techniques including the extraction of information from whois and DNS, as well as port scanning. It also covers some of the basic uses of the built-in database and some built-in, such as db_nmap.Chapter 4: Vulnerability Scanning. This section covers the use of automated vulnerability scanners and some of the auxiliary tools that can be used to scan for particular issues. It also covers the use of automated vulnerability scanners from within the Metasploit Framework and how issues from reports can be imported to the internal database and used with other tools, such as ‘autopwn’.Chapter 5: The Joy of Exploitation. This chapter details the use of individual Metasploit exploits and the basic use of very useful payloads, such as Meterpreter and ‘reverse_tcp_all_ports’.Chapter 6: Meterpreter. Here is where the author delves deeper into the use of Meterpreter. It is only right that Meterpreter should have an entire section dedicated to it, as it is so important in the leveraging of successful Windows exploits. Many of the important features are covered including: Dumping Password Hashes; Pass the Hash; Token Impersonation and using the exploited host as a stepping-stone to attacking further systems.Chapter 7: Avoiding Detection. This section covers the various methods for modifying or encoding payloads so that ‘On-Demand’ anti-virus scanners don’t detect your scans.Chapter 8: Exploitation Using Client-Side Attacks. This chapter covers how browser exploits work (generally) including key terms such as ‘heap spraying’ and ‘NOP Sleds’. It also works through the exploitation of a Windows Explorer exploit and Windows OS File Format exploit.Chapter 9: Metasploit Auxiliary Modules. This section discusses the use and usefulness of Auxiliary Modules. The format of Auxiliary Modules is also detailed which starts the process of teaching the reader how to create their own modules for the Metasploit Framework.Chapters 10, 11 & 12: I found these sections particularly interesting, as I had not used any of the tools discussed before. I looked at all three in conjunction with these chapters and I could see how useful they could be in future tests. However, the use of other tools such as Armitage are not covered – it is only discussed very briefly in Chapter 2.Chapter 10: The Social-Engineer Toolkit. This section does into a lot of details regarding the use of the Social-Engineer Toolkit (SET), which relies heavily on the Metasploit Framework.Chapter 11: Fast-Track. This section goes into a lot of detail regarding the use of the Fast-Track which adds to and complements the Metasploit Framework.Chapter 12: Karmetasploit. This section covers well the use of the Karmetasploit, which adds the functions of the KARMA toolkit for testing Wireless Networks to the Metasploit Framework.Chapter 13: Building Your Own Module. This chapter is dedicated to developing modules for the Metasploit Framework. It is fairly well written and easy enough to follow and takes the reader through an example module. Readers with no programming experience may find this chapter a little difficult, however, Ruby can be picked up pretty quickly.Chapter 14: Creating You Own Exploits. This chapter is dedicated to developing exploit code for the Metasploit Framework. Again, it is clearly written and fairly straightforward to follow and takes the reader through a real-world exploit development example, from identification to a finished exploit for the Metasploit Framework. There are also examples of fuzzing code and some of the standard techniques. Readers with little or no programming experience may find this chapter challenging. The authors do direct the reader to a number of Internet resources on writing exploits. If the reader is familiar with developing exploits then this chapter should pose no difficulties. Chapter 15: Porting Exploits to the Metasploit Framework. This chapter focuses on describing for the reader how to take an existing exploit and ‘port’ it to the Metasploit Framework. It uses two different examples in order to describe the conversion of different types of exploit.Chapter 16: Meterpreter Scripting. This chapter focusses on methods for adding additional functionality to Meterpreter sessions. The old method is discussed along side the use of the Meterpreter API and takes the reader through an example.Chapter 17: Simulated Penetration Test. This chapter takes the reader through the use of Metasploitable, which is a vulnerable distribution designed for practicing some of the main techniques for using Metasploit in a penetration test.Appendix A. Provides instructions on setting up target machines to use in further practice.Appendix B. This includes a cheat-sheet which comprises a list and description of the main Metasploit msfconsole commands.To conclude, there are many resources on the Internet that I have found to be very useful in the past that cover all of the aspects of the Metasploit Framework covered in this book. For example: resource is available for free and written by many of the authors of this book. There are also many more comprehensive resources on the discovery of vulnerabilities and exploiting them. However, you could include a similar statement in a review of most of the publications available on IT subjects.

Part of the Raison d’être for this book is to reveal how rich and powerful the Metasploit Framework is. In this aspect, the book definitely succeeds. It would also provide most readers with the knowledge and techniques required to exploit this powerful tool to their advantage.

Whilst seasoned penetration testers will already have a lot of knowledge regarding the use of Metasploit there may be some key methods and concepts covered in this book which may prove to be of use. For those who have less experience of Metasploit, this book may prove invaluable.

Marks: 5 out of 5*****