background image

viii

Contents in Detail

Metasploit Utilities .................................................................................................. 12

MSFpayload ............................................................................................. 12
MSFencode .............................................................................................. 13
Nasm Shell ............................................................................................... 13

Metasploit Express and Metasploit Pro ...................................................................... 14
Wrapping Up ........................................................................................................ 14

3
INTELLIGENCE GATHERING

15

Passive Information Gathering ................................................................................. 16

whois Lookups .......................................................................................... 16
Netcraft ................................................................................................... 17
NSLookup ................................................................................................ 18

Active Information Gathering ................................................................................... 18

Port Scanning with Nmap .......................................................................... 18
Working with Databases in Metasploit ........................................................ 20
Port Scanning with Metasploit ..................................................................... 25

Targeted Scanning ................................................................................................. 26

Server Message Block Scanning .................................................................. 26
Hunting for Poorly Configured Microsoft SQL Servers .................................... 27
SSH Server Scanning ................................................................................. 28
FTP Scanning ............................................................................................ 29
Simple Network Management Protocol Sweeping ......................................... 30

Writing a Custom Scanner ...................................................................................... 31
Looking Ahead ...................................................................................................... 33

4
VULNERABILITY SCANNING

35

The Basic Vulnerability Scan .................................................................................... 36
Scanning with NeXpose .......................................................................................... 37

Configuration ........................................................................................... 37
Importing Your Report into the Metasploit Framework .................................... 42
Running NeXpose Within MSFconsole ......................................................... 43

Scanning with Nessus ............................................................................................. 44

Nessus Configuration ................................................................................ 44
Creating a Nessus Scan Policy ................................................................... 45
Running a Nessus Scan .............................................................................. 47
Nessus Reports ......................................................................................... 47
Importing Results into the Metasploit Framework ............................................ 48
Scanning with Nessus from Within Metasploit .............................................. 49

Specialty Vulnerability Scanners ............................................................................... 51

Validating SMB Logins ............................................................................... 51
Scanning for Open VNC Authentication ....................................................... 52
Scanning for Open X11 Servers .................................................................. 54

Using Scan Results for Autopwning ........................................................................... 56

5
THE JOY OF EXPLOITATION

57

Basic Exploitation ................................................................................................... 58

msf> show exploits .................................................................................... 58
msf> show auxiliary .................................................................................. 58